package io.camunda.zeebe.test.util.netty;

import io.netty.bootstrap.Bootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.concurrent.Future;
import java.io.UncheckedIOException;
import java.net.SocketAddress;
import java.security.cert.Certificate;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/zeebe/test/util/netty/NettySslClient.class */
public final class NettySslClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(NettySslClient.class);
    private final SslContext sslContext;

    /* loaded from: input_file:io/camunda/zeebe/test/util/netty/NettySslClient$SslCertificateExtractor.class */
    private final class SslCertificateExtractor extends ChannelInitializer<SocketChannel> {
        private final CompletableFuture<Certificate[]> extractedCertificate;

        public SslCertificateExtractor(CompletableFuture<Certificate[]> completableFuture) {
            this.extractedCertificate = completableFuture;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void initChannel(SocketChannel socketChannel) {
            SslHandler newHandler = NettySslClient.this.sslContext.newHandler(socketChannel.alloc());
            socketChannel.pipeline().addLast("tls", newHandler);
            newHandler.handshakeFuture().addListener(future -> {
                extractCertificate(newHandler, future);
            });
        }

        private void extractCertificate(SslHandler sslHandler, Future<? super Channel> future) throws SSLPeerUnverifiedException {
            if (future.isSuccess()) {
                this.extractedCertificate.complete(sslHandler.engine().getSession().getPeerCertificates());
                return;
            }
            Throwable errorWithOptionalCause = NettySslClient.this.getErrorWithOptionalCause(future, "Failed to perform SSL handshake");
            this.extractedCertificate.completeExceptionally(errorWithOptionalCause);
            NettySslClient.LOGGER.debug("Failed to extract SSL certificates", errorWithOptionalCause);
        }
    }

    public NettySslClient(SslContext sslContext) {
        this.sslContext = sslContext;
    }

    public static NettySslClient ofSelfSigned(SelfSignedCertificate selfSignedCertificate) {
        try {
            return new NettySslClient(SslContextBuilder.forClient().trustManager(selfSignedCertificate.certificate()).build());
        } catch (SSLException e) {
            throw new UncheckedIOException(e);
        }
    }

    public Certificate[] getRemoteCertificateChain(SocketAddress socketAddress) {
        CompletableFuture completableFuture = new CompletableFuture();
        NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup(1);
        try {
            new Bootstrap().handler(new SslCertificateExtractor(completableFuture)).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000).group(nioEventLoopGroup).channel(NioSocketChannel.class).connect(socketAddress).addListener(future -> {
                onChannelConnect(socketAddress, completableFuture, future);
            }).channel().closeFuture().addListener(future2 -> {
                onChannelClose(socketAddress, completableFuture, future2);
            });
            Certificate[] certificateArr = (Certificate[]) completableFuture.orTimeout(10L, TimeUnit.SECONDS).join();
            nioEventLoopGroup.shutdownGracefully(10L, 100L, TimeUnit.MILLISECONDS);
            return certificateArr;
        } catch (Throwable th) {
            nioEventLoopGroup.shutdownGracefully(10L, 100L, TimeUnit.MILLISECONDS);
            throw th;
        }
    }

    private void onChannelConnect(SocketAddress socketAddress, CompletableFuture<Certificate[]> completableFuture, Future<? super Void> future) {
        if (future.isSuccess()) {
            return;
        }
        completableFuture.completeExceptionally(getErrorWithOptionalCause(future, String.format("Failed to establish a secure connection to %s", socketAddress)));
    }

    private void onChannelClose(SocketAddress socketAddress, CompletableFuture<Certificate[]> completableFuture, Future<? super Void> future) {
        completableFuture.completeExceptionally(getErrorWithOptionalCause(future, String.format("Channel to remote peer %s was unexpectedly closed before any certificates were extracted", socketAddress)));
    }

    private Throwable getErrorWithOptionalCause(Future<?> future, String str) {
        return future.cause() != null ? new IllegalStateException(str, future.cause()) : new IllegalStateException(str);
    }
}
