package com.linecorp.armeria.internal.server.servlet;

import com.linecorp.armeria.common.annotation.Nullable;
import com.linecorp.armeria.internal.shaded.guava.base.MoreObjects;
import com.linecorp.armeria.internal.shaded.guava.collect.ImmutableList;
import com.linecorp.armeria.internal.shaded.guava.io.BaseEncoding;
import io.netty.util.internal.EmptyArrays;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.function.BiConsumer;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/linecorp/armeria/internal/server/servlet/ServletTlsAttributes.class */
public final class ServletTlsAttributes {
    private static final String JAVAX_SERVLET_REQUEST_SSL_SESSION_ID = "javax.servlet.request.ssl_session_id";
    private static final String JAVAX_SERVLET_REQUEST_CIPHER_SUITE = "javax.servlet.request.cipher_suite";
    private static final String JAVAX_SERVLET_REQUEST_KEY_SIZE = "javax.servlet.request.key_size";
    private static final String JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE = "javax.servlet.request.X509Certificate";
    private static final String ATTR_NAME = ServletTlsAttributes.class.getName();
    private static final String[] ALGORITHMS = {"_AES_256_", "_RC4_128_", "_AES_128_", "_CHACHA20_", "_ARIA256_", "_ARIA128_", "_CAMELLIA256_", "_CAMELLIA128_", "_RC4_40_", "_3DES_EDE_CBC_", "_IDEA_CBC_", "_RC2_CBC_40_", "_DES40_CBC_", "_DES_CBC_", "_SEED_"};
    private static final int[] KEY_SIZES = {256, 128, 128, 256, 256, 128, 256, 128, 40, 168, 128, 40, 40, 56, 128};
    private final String sessionId;
    private final String cipherSuite;
    private final int keySize;
    private final List<X509Certificate> peerCertificates;

    public static void fill(@Nullable SSLSession sSLSession, BiConsumer<String, Object> biConsumer) {
        if (sSLSession == null) {
            return;
        }
        ServletTlsAttributes orCreateAttrs = getOrCreateAttrs(sSLSession);
        String sessionId = orCreateAttrs.sessionId();
        String cipherSuite = orCreateAttrs.cipherSuite();
        int keySize = orCreateAttrs.keySize();
        List<X509Certificate> peerCertificates = orCreateAttrs.peerCertificates();
        biConsumer.accept("javax.servlet.request.ssl_session_id", sessionId);
        biConsumer.accept("javax.servlet.request.cipher_suite", cipherSuite);
        biConsumer.accept("javax.servlet.request.key_size", Integer.valueOf(keySize));
        if (peerCertificates.isEmpty()) {
            return;
        }
        biConsumer.accept("javax.servlet.request.X509Certificate", peerCertificates.toArray(EmptyArrays.EMPTY_X509_CERTIFICATES));
    }

    private static ServletTlsAttributes getOrCreateAttrs(SSLSession sSLSession) {
        ServletTlsAttributes servletTlsAttributes;
        ServletTlsAttributes servletTlsAttributes2 = (ServletTlsAttributes) sSLSession.getValue(ATTR_NAME);
        if (servletTlsAttributes2 != null) {
            return servletTlsAttributes2;
        }
        synchronized (sSLSession) {
            ServletTlsAttributes servletTlsAttributes3 = (ServletTlsAttributes) sSLSession.getValue(ATTR_NAME);
            if (servletTlsAttributes3 == null) {
                byte[] id = sSLSession.getId();
                String encode = id != null ? BaseEncoding.base16().encode(id) : "";
                String cipherSuite = sSLSession.getCipherSuite();
                servletTlsAttributes3 = new ServletTlsAttributes(encode, (String) MoreObjects.firstNonNull(cipherSuite, ""), guessKeySize(cipherSuite), getPeerX509Certificates(sSLSession));
                sSLSession.putValue(ATTR_NAME, servletTlsAttributes3);
            }
            servletTlsAttributes = servletTlsAttributes3;
        }
        return servletTlsAttributes;
    }

    static int guessKeySize(@Nullable String str) {
        int indexOf;
        if (str == null) {
            return 0;
        }
        int indexOf2 = str.indexOf("_WITH_");
        if (indexOf2 > 0) {
            indexOf = indexOf2 + 5;
        } else {
            indexOf = str.indexOf(95);
            if (indexOf < 0) {
                return 0;
            }
        }
        for (int i = 0; i < ALGORITHMS.length; i++) {
            if (str.startsWith(ALGORITHMS[i], indexOf)) {
                return KEY_SIZES[i];
            }
        }
        return 0;
    }

    private static List<X509Certificate> getPeerX509Certificates(SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null) {
                return ImmutableList.of();
            }
            ImmutableList.Builder builderWithExpectedSize = ImmutableList.builderWithExpectedSize(peerCertificates.length);
            for (Certificate certificate : peerCertificates) {
                if (certificate instanceof X509Certificate) {
                    builderWithExpectedSize.add((ImmutableList.Builder) certificate);
                }
            }
            return builderWithExpectedSize.build();
        } catch (SSLPeerUnverifiedException e) {
            return ImmutableList.of();
        }
    }

    private ServletTlsAttributes(String str, String str2, int i, List<X509Certificate> list) {
        this.sessionId = str;
        this.cipherSuite = str2;
        this.keySize = i;
        this.peerCertificates = list;
    }

    public String sessionId() {
        return this.sessionId;
    }

    public String cipherSuite() {
        return this.cipherSuite;
    }

    public int keySize() {
        return this.keySize;
    }

    public List<X509Certificate> peerCertificates() {
        return this.peerCertificates;
    }
}
