package org.eclipse.hono.adapter.amqp;

import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Objects;
import org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider;
import org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler;
import org.eclipse.hono.adapter.auth.device.PreCredentialsValidationHandler;
import org.eclipse.hono.adapter.auth.device.SubjectDnCredentials;
import org.eclipse.hono.adapter.auth.device.X509Authentication;
import org.eclipse.hono.client.ClientErrorException;

/* loaded from: input_file:org/eclipse/hono/adapter/amqp/SaslExternalAuthHandler.class */
public class SaslExternalAuthHandler extends ExecutionContextAuthHandler<SaslResponseContext> {
    private final X509Authentication auth;

    public SaslExternalAuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider) {
        this(x509Authentication, deviceCredentialsAuthProvider, null);
    }

    public SaslExternalAuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider, PreCredentialsValidationHandler<SaslResponseContext> preCredentialsValidationHandler) {
        super(deviceCredentialsAuthProvider, preCredentialsValidationHandler);
        this.auth = (X509Authentication) Objects.requireNonNull(x509Authentication);
    }

    public Future<JsonObject> parseCredentials(SaslResponseContext saslResponseContext) {
        Objects.requireNonNull(saslResponseContext);
        Certificate[] peerCertificateChain = saslResponseContext.getPeerCertificateChain();
        return peerCertificateChain == null ? Future.failedFuture(new ClientErrorException(401, "Missing client certificate")) : !(peerCertificateChain[0] instanceof X509Certificate) ? Future.failedFuture(new ClientErrorException(401, "Only X.509 certificates are supported")) : this.auth.validateClientCertificate(peerCertificateChain, saslResponseContext.getRequestedHostNames(), saslResponseContext.getTracingContext());
    }
}
