package io.gravitee.gateway.reactive.core;

import io.gravitee.common.security.CertificateUtils;
import io.gravitee.gateway.api.http.HttpHeaders;
import io.gravitee.gateway.reactive.api.context.TlsSession;
import java.security.Principal;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/gateway/reactive/core/DefaultTlsSession.class */
public class DefaultTlsSession implements TlsSession {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(DefaultTlsSession.class);
    private final SSLSession delegate;
    private final HttpHeaders headers;
    private final String clientAuthCertHeaderName;

    public byte[] getId() {
        return this.delegate.getId();
    }

    public SSLSessionContext getSessionContext() {
        return this.delegate.getSessionContext();
    }

    public long getCreationTime() {
        return this.delegate.getCreationTime();
    }

    public long getLastAccessedTime() {
        return this.delegate.getLastAccessedTime();
    }

    public void invalidate() {
        this.delegate.invalidate();
    }

    public boolean isValid() {
        return this.delegate.isValid();
    }

    public void putValue(String str, Object obj) {
        this.delegate.putValue(str, obj);
    }

    public Object getValue(String str) {
        return this.delegate.getValue(str);
    }

    public void removeValue(String str) {
        this.delegate.removeValue(str);
    }

    public String[] getValueNames() {
        return this.delegate.getValueNames();
    }

    public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
        if (!canExtractClientCertFromHeader() && isSSLConnection()) {
            return this.delegate.getPeerCertificates();
        }
        if (!isSSLConnection()) {
            return extractPeerCertificatesFromHeader();
        }
        try {
            Certificate[] peerCertificates = this.delegate.getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                return peerCertificates;
            }
            log.debug("Unable to retrieve peer certificate from request, extracting from header {}", this.clientAuthCertHeaderName);
            return extractPeerCertificatesFromHeader();
        } catch (SSLPeerUnverifiedException e) {
            log.debug("Unable to retrieve peer certificate from request, extracting from header {}", this.clientAuthCertHeaderName, e);
            return extractPeerCertificatesFromHeader();
        }
    }

    private boolean canExtractClientCertFromHeader() {
        return StringUtils.hasText(this.clientAuthCertHeaderName);
    }

    public Certificate[] getLocalCertificates() {
        return this.delegate.getLocalCertificates();
    }

    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
        return this.delegate.getPeerPrincipal();
    }

    public Principal getLocalPrincipal() {
        return this.delegate.getLocalPrincipal();
    }

    public String getCipherSuite() {
        return this.delegate.getCipherSuite();
    }

    public String getProtocol() {
        return this.delegate.getProtocol();
    }

    public String getPeerHost() {
        return this.delegate.getPeerHost();
    }

    public int getPeerPort() {
        return this.delegate.getPeerPort();
    }

    public int getPacketBufferSize() {
        return this.delegate.getPacketBufferSize();
    }

    public int getApplicationBufferSize() {
        return this.delegate.getApplicationBufferSize();
    }

    public boolean isSSLConnection() {
        return this.delegate != null;
    }

    private Certificate[] extractPeerCertificatesFromHeader() {
        return (Certificate[]) CertificateUtils.extractCertificate(this.headers, this.clientAuthCertHeaderName).map(x509Certificate -> {
            return new Certificate[]{x509Certificate};
        }).orElse(new Certificate[0]);
    }

    @Generated
    public DefaultTlsSession(SSLSession sSLSession, HttpHeaders httpHeaders, String str) {
        this.delegate = sSLSession;
        this.headers = httpHeaders;
        this.clientAuthCertHeaderName = str;
    }
}
