package net.devh.boot.grpc.server.security.authentication;

import io.grpc.Grpc;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.annotation.Nullable;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:BOOT-INF/lib/grpc-server-spring-boot-autoconfigure-2.15.0.RELEASE.jar:net/devh/boot/grpc/server/security/authentication/SSLContextGrpcAuthenticationReader.class */
public class SSLContextGrpcAuthenticationReader implements GrpcAuthenticationReader {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SSLContextGrpcAuthenticationReader.class);

    @Override // net.devh.boot.grpc.server.security.authentication.GrpcAuthenticationReader
    public Authentication readAuthentication(ServerCall<?, ?> serverCall, Metadata metadata) {
        SSLSession sSLSession = (SSLSession) serverCall.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION);
        if (sSLSession == null) {
            log.trace("Peer not verified via SSL");
            return null;
        }
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            return fromCertificate(peerCertificates[peerCertificates.length - 1]);
        } catch (SSLPeerUnverifiedException e) {
            log.trace("Peer not verified via certificate", (Throwable) e);
            return null;
        }
    }

    @Nullable
    protected Authentication fromCertificate(Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            log.debug("Found X509 certificate");
            return new X509CertificateAuthentication((X509Certificate) certificate);
        }
        log.debug("Unsupported certificate type: {}", certificate.getType());
        return null;
    }
}
