package com.linkedin.r2.transport.http.client.common;

import com.linkedin.r2.transport.http.client.common.ssl.SslSessionNotTrustedException;
import com.linkedin.r2.transport.http.client.common.ssl.SslSessionValidator;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.ChannelPromise;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AttributeKey;

/* loaded from: input_file:com/linkedin/r2/transport/http/client/common/CertificateHandler.class */
public class CertificateHandler extends ChannelOutboundHandlerAdapter {
    private final SslHandler _sslHandler;
    private SslSessionValidator _cachedSessionValidator = null;
    public static final String PIPELINE_CERTIFICATE_HANDLER = "CertificateHandler";
    public static final AttributeKey<SslSessionValidator> REQUESTED_SSL_SESSION_VALIDATOR = AttributeKey.valueOf("requestedSslSessionValidator");

    public CertificateHandler(SslHandler sslHandler) {
        this._sslHandler = sslHandler;
    }

    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        this._sslHandler.handshakeFuture().addListener(future -> {
            SslSessionValidator sslSessionValidator = (SslSessionValidator) channelHandlerContext.channel().attr(REQUESTED_SSL_SESSION_VALIDATOR).getAndSet((Object) null);
            if (future.isSuccess() && sslSessionValidator != null && !sslSessionValidator.equals(this._cachedSessionValidator)) {
                this._cachedSessionValidator = sslSessionValidator;
                try {
                    sslSessionValidator.validatePeerSession(this._sslHandler.engine().getSession());
                } catch (SslSessionNotTrustedException e) {
                    channelHandlerContext.fireExceptionCaught(e);
                    return;
                }
            }
            channelHandlerContext.write(obj, channelPromise);
        });
    }

    public void flush(ChannelHandlerContext channelHandlerContext) throws Exception {
        this._sslHandler.handshakeFuture().addListener(future -> {
            channelHandlerContext.flush();
        });
    }
}
