package oracle.kv.impl.async.dialog.netty;

import com.sleepycat.je.rep.net.SSLAuthenticator;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import java.io.IOException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:oracle/kv/impl/async/dialog/netty/VerifyingSSLHandler.class */
public class VerifyingSSLHandler extends ChannelInboundHandlerAdapter {
    private final Logger logger;
    private final String endpointId;
    private final SSLEngine sslEngine;
    private final String targetHost;
    private final HostnameVerifier hostVerifier;
    private final SSLAuthenticator authenticator;
    private final SslHandler sslHandler;

    public VerifyingSSLHandler(Logger logger, String str, SSLEngine sSLEngine, String str2, HostnameVerifier hostnameVerifier, SSLAuthenticator sSLAuthenticator) {
        this.logger = logger;
        this.endpointId = str;
        this.sslEngine = sSLEngine;
        this.targetHost = str2;
        this.hostVerifier = hostnameVerifier;
        this.authenticator = sSLAuthenticator;
        this.sslHandler = new SslHandler(sSLEngine);
    }

    public SslHandler sslHandler() {
        return this.sslHandler;
    }

    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj != SslHandshakeCompletionEvent.SUCCESS) {
            super.userEventTriggered(channelHandlerContext, obj);
            return;
        }
        this.logger.log(Level.INFO, "SSL handshake done ({0})", this.endpointId);
        SSLSession session = this.sslEngine.getSession();
        if (this.sslEngine.getUseClientMode()) {
            if (this.hostVerifier != null) {
                if (this.logger.isLoggable(Level.FINE)) {
                    this.logger.log(Level.FINE, "Verifying server host, verifier={0}, targetHost={1}, principal={2}, certificates={3}", new Object[]{this.hostVerifier, this.targetHost, session.getPeerPrincipal(), Arrays.toString(session.getPeerCertificates())});
                }
                if (this.hostVerifier.verify(this.targetHost, session)) {
                    this.logger.log(Level.FINE, "SSL host verifier reports that connection target is valid");
                    return;
                } else {
                    this.logger.log(Level.INFO, "SSL host verifier reports that connection target is NOT valid");
                    throw new IOException("Server identity could not be verified");
                }
            }
            return;
        }
        if (this.authenticator != null) {
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.log(Level.FINE, "Authenticating client host, authenticator={0}, principal={1}", new Object[]{this.authenticator, session.getPeerPrincipal()});
            }
            if (this.authenticator.isTrusted(session)) {
                this.logger.log(Level.FINE, "SSL authenticator reports that channel is trusted");
            } else {
                this.logger.log(Level.INFO, "SSL authenticator reports that channel is NOT trusted");
            }
        }
    }
}
