package org.eclipse.hono.adapter.mqtt;

import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import java.util.Objects;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.service.auth.device.ExecutionContextAuthHandler;
import org.eclipse.hono.service.auth.device.HonoClientBasedAuthProvider;
import org.eclipse.hono.service.auth.device.SubjectDnCredentials;
import org.eclipse.hono.service.auth.device.X509Authentication;

/* loaded from: input_file:org/eclipse/hono/adapter/mqtt/X509AuthHandler.class */
public class X509AuthHandler extends ExecutionContextAuthHandler<MqttContext> {
    private static final ClientErrorException UNAUTHORIZED = new ClientErrorException(401);
    private final X509Authentication auth;

    public X509AuthHandler(X509Authentication x509Authentication, HonoClientBasedAuthProvider<SubjectDnCredentials> honoClientBasedAuthProvider) {
        super(honoClientBasedAuthProvider);
        this.auth = (X509Authentication) Objects.requireNonNull(x509Authentication);
    }

    public Future<JsonObject> parseCredentials(MqttContext mqttContext) {
        Objects.requireNonNull(mqttContext);
        if (!mqttContext.deviceEndpoint().isSsl()) {
            return Future.failedFuture(UNAUTHORIZED);
        }
        try {
            return this.auth.validateClientCertificate(mqttContext.deviceEndpoint().sslSession().getPeerCertificates(), mqttContext.getTracingContext());
        } catch (SSLPeerUnverifiedException e) {
            this.log.debug("could not retrieve client certificate from device endpoint: {}", e.getMessage());
            return Future.failedFuture(UNAUTHORIZED);
        }
    }
}
