package org.apache.ratis.shaded.io.netty.example.ocsp;

import java.math.BigInteger;
import org.apache.log4j.Level;
import org.apache.ratis.shaded.io.grpc.internal.GrpcUtil;
import org.apache.ratis.shaded.io.netty.bootstrap.Bootstrap;
import org.apache.ratis.shaded.io.netty.channel.Channel;
import org.apache.ratis.shaded.io.netty.channel.ChannelFutureListener;
import org.apache.ratis.shaded.io.netty.channel.ChannelHandlerContext;
import org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
import org.apache.ratis.shaded.io.netty.channel.ChannelInitializer;
import org.apache.ratis.shaded.io.netty.channel.ChannelOption;
import org.apache.ratis.shaded.io.netty.channel.ChannelPipeline;
import org.apache.ratis.shaded.io.netty.channel.nio.NioEventLoopGroup;
import org.apache.ratis.shaded.io.netty.channel.socket.nio.NioSocketChannel;
import org.apache.ratis.shaded.io.netty.handler.codec.http.DefaultFullHttpRequest;
import org.apache.ratis.shaded.io.netty.handler.codec.http.FullHttpResponse;
import org.apache.ratis.shaded.io.netty.handler.codec.http.HttpClientCodec;
import org.apache.ratis.shaded.io.netty.handler.codec.http.HttpHeaderNames;
import org.apache.ratis.shaded.io.netty.handler.codec.http.HttpMethod;
import org.apache.ratis.shaded.io.netty.handler.codec.http.HttpObjectAggregator;
import org.apache.ratis.shaded.io.netty.handler.codec.http.HttpVersion;
import org.apache.ratis.shaded.io.netty.handler.ssl.OpenSsl;
import org.apache.ratis.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import org.apache.ratis.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
import org.apache.ratis.shaded.io.netty.handler.ssl.SslContextBuilder;
import org.apache.ratis.shaded.io.netty.handler.ssl.SslHandler;
import org.apache.ratis.shaded.io.netty.handler.ssl.SslProvider;
import org.apache.ratis.shaded.io.netty.handler.ssl.ocsp.OcspClientHandler;
import org.apache.ratis.shaded.io.netty.util.ReferenceCountUtil;
import org.apache.ratis.shaded.io.netty.util.concurrent.Promise;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;

/* loaded from: input_file:org/apache/ratis/shaded/io/netty/example/ocsp/OcspClientExample.class */
public class OcspClientExample {

    /* loaded from: input_file:org/apache/ratis/shaded/io/netty/example/ocsp/OcspClientExample$ExampleOcspClientHandler.class */
    private static class ExampleOcspClientHandler extends OcspClientHandler {
        public ExampleOcspClientHandler(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) {
            super(referenceCountedOpenSslEngine);
        }

        @Override // org.apache.ratis.shaded.io.netty.handler.ssl.ocsp.OcspClientHandler
        protected boolean verify(ChannelHandlerContext channelHandlerContext, ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) throws Exception {
            byte[] ocspResponse = referenceCountedOpenSslEngine.getOcspResponse();
            if (ocspResponse == null) {
                throw new IllegalStateException("Server didn't provide an OCSP staple!");
            }
            OCSPResp oCSPResp = new OCSPResp(ocspResponse);
            if (oCSPResp.getStatus() != 0) {
                return false;
            }
            BigInteger serialNumber = referenceCountedOpenSslEngine.getSession().getPeerCertificateChain()[0].getSerialNumber();
            SingleResp singleResp = ((BasicOCSPResp) oCSPResp.getResponseObject()).getResponses()[0];
            String certStatus = singleResp.getCertStatus();
            BigInteger serialNumber2 = singleResp.getCertID().getSerialNumber();
            System.out.println("OCSP status of " + channelHandlerContext.channel().remoteAddress() + "\n  Status: " + ((Object) (certStatus == CertificateStatus.GOOD ? "Good" : certStatus)) + "\n  This Update: " + singleResp.getThisUpdate() + "\n  Next Update: " + singleResp.getNextUpdate() + "\n  Cert Serial: " + serialNumber + "\n  OCSP Serial: " + serialNumber2);
            return certStatus == CertificateStatus.GOOD && serialNumber.equals(serialNumber2);
        }
    }

    /* loaded from: input_file:org/apache/ratis/shaded/io/netty/example/ocsp/OcspClientExample$HttpClientHandler.class */
    private static class HttpClientHandler extends ChannelInboundHandlerAdapter {
        private final String host;
        private final Promise<FullHttpResponse> promise;

        public HttpClientHandler(String str, Promise<FullHttpResponse> promise) {
            this.host = str;
            this.promise = promise;
        }

        @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
        public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
            DefaultFullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/");
            defaultFullHttpRequest.headers().set(HttpHeaderNames.HOST, this.host);
            defaultFullHttpRequest.headers().set(HttpHeaderNames.USER_AGENT, "netty-ocsp-example/1.0");
            channelHandlerContext.writeAndFlush(defaultFullHttpRequest).addListener2(ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
            channelHandlerContext.fireChannelActive();
        }

        @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
        public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
            if (!this.promise.isDone()) {
                this.promise.tryFailure(new IllegalStateException("Connection closed and Promise was not done."));
            }
            channelHandlerContext.fireChannelInactive();
        }

        @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!(obj instanceof FullHttpResponse)) {
                channelHandlerContext.fireChannelRead(obj);
            } else {
                if (this.promise.trySuccess((FullHttpResponse) obj)) {
                    return;
                }
                ReferenceCountUtil.release(obj);
            }
        }

        @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelHandler, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
            if (this.promise.tryFailure(th)) {
                return;
            }
            channelHandlerContext.fireExceptionCaught(th);
        }
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [org.apache.ratis.shaded.io.netty.channel.ChannelFuture] */
    public static void main(String[] strArr) throws Exception {
        if (!OpenSsl.isAvailable()) {
            throw new IllegalStateException("OpenSSL is not available!");
        }
        if (!OpenSsl.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported!");
        }
        ReferenceCountedOpenSslContext referenceCountedOpenSslContext = (ReferenceCountedOpenSslContext) SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).enableOcsp(true).build();
        try {
            NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup();
            try {
                Promise newPromise = nioEventLoopGroup.next().newPromise();
                Channel channel = new Bootstrap().channel(NioSocketChannel.class).group(nioEventLoopGroup).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Integer.valueOf(Level.TRACE_INT)).handler(newClientHandler(referenceCountedOpenSslContext, "www.wikipedia.org", newPromise)).connect("www.wikipedia.org", GrpcUtil.DEFAULT_PORT_SSL).syncUninterruptibly2().channel();
                try {
                    ReferenceCountUtil.release((FullHttpResponse) newPromise.get());
                    channel.close();
                    nioEventLoopGroup.shutdownGracefully();
                } catch (Throwable th) {
                    channel.close();
                    throw th;
                }
            } catch (Throwable th2) {
                nioEventLoopGroup.shutdownGracefully();
                throw th2;
            }
        } finally {
            referenceCountedOpenSslContext.release();
        }
    }

    private static ChannelInitializer<Channel> newClientHandler(final ReferenceCountedOpenSslContext referenceCountedOpenSslContext, final String str, final Promise<FullHttpResponse> promise) {
        return new ChannelInitializer<Channel>() { // from class: org.apache.ratis.shaded.io.netty.example.ocsp.OcspClientExample.1
            @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInitializer
            protected void initChannel(Channel channel) throws Exception {
                SslHandler newHandler = ReferenceCountedOpenSslContext.this.newHandler(channel.alloc());
                ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = (ReferenceCountedOpenSslEngine) newHandler.engine();
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(newHandler);
                pipeline.addLast(new ExampleOcspClientHandler(referenceCountedOpenSslEngine));
                pipeline.addLast(new HttpClientCodec());
                pipeline.addLast(new HttpObjectAggregator(1048576));
                pipeline.addLast(new HttpClientHandler(str, promise));
            }

            @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
            public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                if (!promise.isDone()) {
                    promise.tryFailure(new IllegalStateException("Connection closed and Promise was not done."));
                }
                channelHandlerContext.fireChannelInactive();
            }

            @Override // org.apache.ratis.shaded.io.netty.channel.ChannelInitializer, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelHandlerAdapter, org.apache.ratis.shaded.io.netty.channel.ChannelHandler, org.apache.ratis.shaded.io.netty.channel.ChannelInboundHandler
            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                if (promise.tryFailure(th)) {
                    return;
                }
                channelHandlerContext.fireExceptionCaught(th);
            }
        };
    }
}
