package org.apache.activemq.artemis.core.remoting;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import java.io.ByteArrayInputStream;
import java.lang.invoke.MethodHandles;
import java.security.Principal;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:artemis-core-client-2.35.0.jar:org/apache/activemq/artemis/core/remoting/CertificateUtil.class */
public class CertificateUtil {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final String SSL_HANDLER_NAME = "ssl";

    public static String getCertSubjectDN(RemotingConnection remotingConnection) {
        String str = "unavailable";
        X509Certificate[] certsFromConnection = getCertsFromConnection(remotingConnection);
        if (certsFromConnection != null && certsFromConnection.length > 0 && certsFromConnection[0] != null) {
            str = certsFromConnection[0].getSubjectDN().getName();
        }
        return str;
    }

    public static X509Certificate[] getCertsFromConnection(RemotingConnection remotingConnection) {
        X509Certificate[] x509CertificateArr = null;
        if (remotingConnection != null) {
            Connection transportConnection = remotingConnection.getTransportConnection();
            if (transportConnection instanceof NettyConnection) {
                x509CertificateArr = getCertsFromChannel(((NettyConnection) transportConnection).getChannel());
            }
        }
        return x509CertificateArr;
    }

    public static Principal getPeerPrincipalFromConnection(RemotingConnection remotingConnection) {
        SslHandler sslHandler;
        Principal principal = null;
        if (remotingConnection != null) {
            Connection transportConnection = remotingConnection.getTransportConnection();
            if ((transportConnection instanceof NettyConnection) && (sslHandler = ((NettyConnection) transportConnection).getChannel().pipeline().get(SSL_HANDLER_NAME)) != null && (sslHandler instanceof SslHandler)) {
                try {
                    principal = sslHandler.engine().getSession().getPeerPrincipal();
                } catch (SSLPeerUnverifiedException e) {
                }
            }
        }
        return principal;
    }

    public static Principal getLocalPrincipalFromConnection(NettyConnection nettyConnection) {
        Principal principal = null;
        SslHandler sslHandler = nettyConnection.getChannel().pipeline().get(SSL_HANDLER_NAME);
        if (sslHandler instanceof SslHandler) {
            principal = sslHandler.engine().getSession().getLocalPrincipal();
        }
        return principal;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v32, types: [java.security.cert.Certificate[]] */
    private static X509Certificate[] getCertsFromChannel(Channel channel) {
        X509Certificate[] x509CertificateArr = null;
        SslHandler sslHandler = channel.pipeline().get(SSL_HANDLER_NAME);
        if (sslHandler != null && (sslHandler instanceof SslHandler)) {
            try {
                x509CertificateArr = sslHandler.engine().getSession().getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        X509Certificate[] x509CertificateArr2 = null;
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                if (x509CertificateArr[i] instanceof X509Certificate) {
                    x509CertificateArr2[i] = x509CertificateArr[i];
                } else {
                    try {
                        x509CertificateArr2[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i].getEncoded()));
                    } catch (Exception e2) {
                        logger.trace("Failed to convert SSL cert", e2);
                        return null;
                    }
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("Cert #{} = {}", Integer.valueOf(i), x509CertificateArr2[i]);
                }
            }
        }
        return x509CertificateArr2;
    }
}
