package io.micronaut.http.server.netty.ssl;

import io.micronaut.core.annotation.Internal;
import io.micronaut.http.HttpAttributes;
import io.micronaut.http.HttpMessage;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.ssl.SslHandler;
import java.security.cert.Certificate;
import java.util.Optional;
import javax.net.ssl.SSLPeerUnverifiedException;

@ChannelHandler.Sharable
@Internal
/* loaded from: input_file:io/micronaut/http/server/netty/ssl/HttpRequestCertificateHandler.class */
public class HttpRequestCertificateHandler extends ChannelInboundHandlerAdapter {
    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj instanceof HttpMessage) {
            HttpMessage httpMessage = (HttpMessage) obj;
            Optional<Certificate> certificate = getCertificate((SslHandler) channelHandlerContext.pipeline().get(SslHandler.class));
            if (certificate.isPresent()) {
                httpMessage.setAttribute((CharSequence) HttpAttributes.X509_CERTIFICATE, (Object) certificate.get());
            } else {
                httpMessage.removeAttribute(HttpAttributes.X509_CERTIFICATE, Certificate.class);
            }
            super.channelRead(channelHandlerContext, obj);
        }
    }

    private static Optional<Certificate> getCertificate(SslHandler sslHandler) {
        if (sslHandler == null) {
            return Optional.empty();
        }
        try {
            return Optional.of(sslHandler.engine().getSession().getPeerCertificates()[0]);
        } catch (SSLPeerUnverifiedException e) {
            return Optional.empty();
        }
    }
}
