package net.corda.node.services.messaging;

import io.netty.handler.ssl.SslHandler;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.identity.CordaX500Name;
import net.corda.node.utilities.X509Utilities;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector;
import org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener;
import org.apache.activemq.artemis.spi.core.remoting.BufferHandler;
import org.apache.activemq.artemis.spi.core.remoting.ClientConnectionLifeCycleListener;
import org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManager;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.apache.activemq.artemis.utils.ConfigurationHelper;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: ArtemisMessagingServer.kt */
@Metadata(mv = {1, 1, 7}, bv = {1, 0, 2}, k = 1, d1 = {"��L\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010%\n\u0002\u0010\u000e\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\b\u0002\u0018��2\u00020\u0001BU\u0012\u0012\u0010\u0002\u001a\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\u0003\u0012\b\u0010\u0006\u001a\u0004\u0018\u00010\u0007\u0012\b\u0010\b\u001a\u0004\u0018\u00010\t\u0012\b\u0010\n\u001a\u0004\u0018\u00010\u000b\u0012\b\u0010\f\u001a\u0004\u0018\u00010\u000b\u0012\b\u0010\r\u001a\u0004\u0018\u00010\u000e\u0012\b\u0010\u000f\u001a\u0004\u0018\u00010\u0010¢\u0006\u0002\u0010\u0011J\n\u0010\u0016\u001a\u0004\u0018\u00010\u0017H\u0016R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0014\u001a\u00020\u0015X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0018"}, d2 = {"Lnet/corda/node/services/messaging/VerifyingNettyConnector;", "Lorg/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector;", "configuration", "", "", "", "handler", "Lorg/apache/activemq/artemis/spi/core/remoting/BufferHandler;", "listener", "Lorg/apache/activemq/artemis/spi/core/remoting/ClientConnectionLifeCycleListener;", "closeExecutor", "Ljava/util/concurrent/Executor;", "threadPool", "scheduledThreadPool", "Ljava/util/concurrent/ScheduledExecutorService;", "protocolManager", "Lorg/apache/activemq/artemis/spi/core/remoting/ClientProtocolManager;", "(Ljava/util/Map;Lorg/apache/activemq/artemis/spi/core/remoting/BufferHandler;Lorg/apache/activemq/artemis/spi/core/remoting/ClientConnectionLifeCycleListener;Ljava/util/concurrent/Executor;Ljava/util/concurrent/Executor;Ljava/util/concurrent/ScheduledExecutorService;Lorg/apache/activemq/artemis/spi/core/remoting/ClientProtocolManager;)V", "server", "Lnet/corda/node/services/messaging/ArtemisMessagingServer;", "sslEnabled", "", "createConnection", "Lorg/apache/activemq/artemis/spi/core/remoting/Connection;", "node_main"})
/* loaded from: input_file:net/corda/node/services/messaging/VerifyingNettyConnector.class */
final class VerifyingNettyConnector extends NettyConnector {
    private final ArtemisMessagingServer server;
    private final boolean sslEnabled;

    @Nullable
    public Connection createConnection() {
        Object obj;
        Connection createConnection = super.createConnection();
        if (!(createConnection instanceof NettyConnection)) {
            createConnection = null;
        }
        Connection connection = (NettyConnection) createConnection;
        if (this.sslEnabled && connection != null) {
            Object obj2 = this.configuration.get("corda.verifyPeerCommonName");
            if (obj2 == null) {
                obj2 = SetsKt.emptySet();
            }
            if (obj2 == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.collections.Set<net.corda.core.identity.CordaX500Name>");
            }
            Set<CordaX500Name> set = (Set) obj2;
            try {
                SSLSession session = connection.getChannel().pipeline().get(SslHandler.class).engine().getSession();
                CordaX500Name.Companion companion = CordaX500Name.Companion;
                String name = session.getPeerPrincipal().getName();
                Intrinsics.checkExpressionValueIsNotNull(name, "session.peerPrincipal.name");
                CordaX500Name parse = companion.parse(name);
                Object obj3 = null;
                boolean z = false;
                Iterator<T> it = set.iterator();
                while (true) {
                    if (it.hasNext()) {
                        Object next = it.next();
                        if (Intrinsics.areEqual((CordaX500Name) next, parse)) {
                            if (z) {
                                obj = null;
                                break;
                            }
                            obj3 = next;
                            z = true;
                        }
                    } else {
                        obj = !z ? null : obj3;
                    }
                }
                CordaX500Name cordaX500Name = (CordaX500Name) obj;
                if (!(cordaX500Name != null)) {
                    throw new IllegalArgumentException(("Peer has wrong CN - expected " + set + " but got " + parse + ". This is either a fatal misconfiguration by the remote peer or an SSL man-in-the-middle attack!").toString());
                }
                CordaX500Name build = CordaX500Name.Companion.build(new X500Principal(session.getPeerCertificateChain()[0].getSubjectDN().getName()));
                if (!Intrinsics.areEqual(build, cordaX500Name)) {
                    throw new IllegalArgumentException(("Peer has wrong subject name in the certificate - expected " + set + " but got " + build + ". This is either a fatal misconfiguration by the remote peer or an SSL man-in-the-middle attack!").toString());
                }
                X509Utilities x509Utilities = X509Utilities.INSTANCE;
                Object last = ArraysKt.last(session.getLocalCertificates());
                if (last == null) {
                    throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
                Certificate[] peerCertificates = session.getPeerCertificates();
                Intrinsics.checkExpressionValueIsNotNull(peerCertificates, "session.peerCertificates");
                x509Utilities.validateCertificateChain((X509Certificate) last, (Certificate[]) Arrays.copyOf(peerCertificates, peerCertificates.length));
                this.server.onTcpConnection$node_main(parse);
            } catch (IllegalArgumentException e) {
                connection.close();
                this.server.hostVerificationFail$node_main(set, e.getMessage());
                return null;
            }
        }
        return connection;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public VerifyingNettyConnector(@NotNull Map<String, Object> map, @Nullable BufferHandler bufferHandler, @Nullable ClientConnectionLifeCycleListener clientConnectionLifeCycleListener, @Nullable Executor executor, @Nullable Executor executor2, @Nullable ScheduledExecutorService scheduledExecutorService, @Nullable ClientProtocolManager clientProtocolManager) {
        super(map, bufferHandler, (BaseConnectionLifeCycleListener) clientConnectionLifeCycleListener, executor, executor2, scheduledExecutorService, clientProtocolManager);
        Intrinsics.checkParameterIsNotNull(map, "configuration");
        Object obj = map.get(ArtemisMessagingServer.class.getName());
        if (obj == null) {
            throw new TypeCastException("null cannot be cast to non-null type net.corda.node.services.messaging.ArtemisMessagingServer");
        }
        this.server = (ArtemisMessagingServer) obj;
        this.sslEnabled = ConfigurationHelper.getBooleanProperty("sslEnabled", false, map);
    }
}
