package com.couchbase.client.core.io.netty;

import com.couchbase.client.core.deps.io.netty.channel.ChannelHandler;
import com.couchbase.client.core.deps.io.netty.channel.ChannelHandlerContext;
import com.couchbase.client.core.deps.io.netty.channel.ChannelInboundHandlerAdapter;
import com.couchbase.client.core.deps.io.netty.handler.ssl.SslHandler;
import com.couchbase.client.core.deps.io.netty.handler.ssl.SslHandshakeCompletionEvent;
import com.couchbase.client.core.util.CbThrowables;
import com.couchbase.client.core.util.HostAndPort;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Base64;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:com/couchbase/client/core/io/netty/SslSessionLoggingHandler.class */
public class SslSessionLoggingHandler extends ChannelInboundHandlerAdapter {
    private static final Logger log = LoggerFactory.getLogger(SslSessionLoggingHandler.class);
    public static final SslSessionLoggingHandler INSTANCE = new SslSessionLoggingHandler();

    private SslSessionLoggingHandler() {
    }

    @Override // com.couchbase.client.core.deps.io.netty.channel.ChannelInboundHandlerAdapter, com.couchbase.client.core.deps.io.netty.channel.ChannelInboundHandler
    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (obj instanceof SslHandshakeCompletionEvent) {
            try {
                log(((SslHandler) channelHandlerContext.pipeline().get(SslHandler.class)).engine().getSession());
                channelHandlerContext.pipeline().remove(this);
                channelHandlerContext.fireUserEventTriggered(obj);
            } catch (SSLPeerUnverifiedException e) {
                channelHandlerContext.pipeline().remove(this);
                channelHandlerContext.fireUserEventTriggered(obj);
            } catch (Throwable th) {
                channelHandlerContext.pipeline().remove(this);
                channelHandlerContext.fireUserEventTriggered(obj);
                throw th;
            }
        }
    }

    private static void log(SSLSession sSLSession) throws SSLPeerUnverifiedException {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            try {
                for (Certificate certificate : sSLSession.getPeerCertificates()) {
                    String encodeToString = Base64.getMimeEncoder().encodeToString(certificate.getEncoded());
                    sb.append("-----BEGIN CERTIFICATE-----\n");
                    sb.append(encodeToString).append("\n");
                    sb.append("-----END CERTIFICATE-----\n");
                }
            } catch (CertificateEncodingException e) {
                sb.setLength(0);
                sb.append("Can't display encoded certificate chain; ");
                sb.append(CbThrowables.getStackTraceAsString(e));
            }
            log.debug("TLS handshake complete! remote = {} ; cipher suite = {} ; certificate chain = \n{}", new Object[]{new HostAndPort(sSLSession.getPeerHost(), sSLSession.getPeerPort()), sSLSession.getCipherSuite(), sb});
        }
    }
}
