package com.hivemq.security.ssl;

import com.google.inject.Inject;
import com.hivemq.bootstrap.ClientConnection;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.mqtt.handler.disconnect.MqttServerDisconnector;
import com.hivemq.util.ChannelAttributes;
import com.hivemq.util.ChannelUtils;
import io.netty.channel.ChannelHandlerAdapter;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.ssl.NotSslRecordException;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/hivemq/security/ssl/SslExceptionHandler.class */
public class SslExceptionHandler extends ChannelHandlerAdapter {
    private static final Logger log = LoggerFactory.getLogger(SslExceptionHandler.class);

    @NotNull
    private final MqttServerDisconnector mqttServerDisconnector;

    @Inject
    public SslExceptionHandler(@NotNull MqttServerDisconnector mqttServerDisconnector) {
        this.mqttServerDisconnector = mqttServerDisconnector;
    }

    public void exceptionCaught(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull Throwable th) {
        if (ignorableException(th, channelHandlerContext)) {
            return;
        }
        if (th.getCause() != null) {
            if (th.getCause() instanceof SSLHandshakeException) {
                logSSLHandshakeException(channelHandlerContext, th);
                this.mqttServerDisconnector.logAndClose(channelHandlerContext.channel(), null, "SSL handshake failed");
                return;
            } else if (th.getCause() instanceof SSLException) {
                logSSLException(channelHandlerContext, th);
                this.mqttServerDisconnector.logAndClose(channelHandlerContext.channel(), null, "SSL message transmission failed");
                return;
            }
        }
        channelHandlerContext.fireExceptionCaught(th);
    }

    private void logSSLException(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull Throwable th) {
        if (log.isDebugEnabled()) {
            Throwable rootCause = ExceptionUtils.getRootCause(th);
            String clientId = ((ClientConnection) channelHandlerContext.channel().attr(ChannelAttributes.CLIENT_CONNECTION).get()).getClientId();
            if (clientId != null) {
                log.debug("SSL message transmission for client {} failed: {}", clientId, rootCause.getMessage());
            } else {
                log.debug("SSL message transmission failed for client with IP {}: {}", ChannelUtils.getChannelIP(channelHandlerContext.channel()).or("UNKNOWN"), rootCause.getMessage());
            }
            log.trace("Original Exception", rootCause);
        }
    }

    private void logSSLHandshakeException(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull Throwable th) {
        if (log.isDebugEnabled()) {
            Throwable rootCause = ExceptionUtils.getRootCause(th);
            String clientId = ((ClientConnection) channelHandlerContext.channel().attr(ChannelAttributes.CLIENT_CONNECTION).get()).getClientId();
            if (clientId != null) {
                log.debug("SSL Handshake for client {} failed: {}", clientId, rootCause.getMessage());
            } else {
                log.debug("SSL Handshake failed for client with IP {}: {}", ChannelUtils.getChannelIP(channelHandlerContext.channel()).or("UNKNOWN"), rootCause.getMessage());
            }
            log.trace("Original Exception", rootCause);
        }
    }

    private boolean ignorableException(@NotNull Throwable th, @NotNull ChannelHandlerContext channelHandlerContext) {
        if (!(th instanceof NotSslRecordException)) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Client {} sent data which is not SSL/TLS to a SSL/TLS listener. Disconnecting client.", ChannelUtils.getChannelIP(channelHandlerContext.channel()).or("UNKNOWN"));
            log.trace("Original Exception:", th);
        }
        this.mqttServerDisconnector.logAndClose(channelHandlerContext.channel(), null, "SSL handshake failed");
        return true;
    }
}
