package org.apache.nifi.remote.client.socket;

import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/remote/client/socket/StandardSocketPeerIdentityProvider.class */
public class StandardSocketPeerIdentityProvider implements SocketPeerIdentityProvider {
    private static final Logger logger = LoggerFactory.getLogger(StandardSocketPeerIdentityProvider.class);

    @Override // org.apache.nifi.remote.client.socket.SocketPeerIdentityProvider
    public Optional<String> getPeerIdentity(Socket socket) {
        return socket instanceof SSLSocket ? getPeerIdentity(((SSLSocket) socket).getSession()) : Optional.empty();
    }

    private Optional<String> getPeerIdentity(SSLSession sSLSession) {
        String str = null;
        String peerHost = sSLSession.getPeerHost();
        int peerPort = sSLSession.getPeerPort();
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                logger.warn("Peer Identity not found: Peer Certificates not provided [{}:{}]", peerHost, Integer.valueOf(peerPort));
            } else {
                str = ((X509Certificate) peerCertificates[0]).getSubjectDN().getName();
            }
        } catch (SSLPeerUnverifiedException e) {
            logger.warn("Peer Identity not found: Peer Unverified [{}:{}]", peerHost, Integer.valueOf(peerPort));
            logger.debug("TLS Protocol [{}] Peer Unverified [{}:{}]", new Object[]{sSLSession.getProtocol(), peerHost, Integer.valueOf(peerPort), e});
        }
        return Optional.ofNullable(str);
    }
}
