package org.eclipse.hono.adapter.http;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.impl.AuthHandlerImpl;
import io.vertx.ext.web.handler.impl.HttpStatusException;
import java.util.Objects;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider;
import org.eclipse.hono.adapter.auth.device.PreCredentialsValidationHandler;
import org.eclipse.hono.adapter.auth.device.SubjectDnCredentials;
import org.eclipse.hono.adapter.auth.device.X509Authentication;
import org.eclipse.hono.service.http.HttpContext;
import org.eclipse.hono.service.http.TracingHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/adapter/http/X509AuthHandler.class */
public class X509AuthHandler extends AuthHandlerImpl implements HonoHttpAuthHandler {
    private static final Logger LOG = LoggerFactory.getLogger(X509AuthHandler.class);
    private static final HttpStatusException UNAUTHORIZED = new HttpStatusException(401);
    private final X509Authentication auth;
    private final PreCredentialsValidationHandler<HttpContext> preCredentialsValidationHandler;

    public X509AuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider) {
        this(x509Authentication, deviceCredentialsAuthProvider, null);
    }

    public X509AuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider, PreCredentialsValidationHandler<HttpContext> preCredentialsValidationHandler) {
        super(deviceCredentialsAuthProvider);
        this.auth = (X509Authentication) Objects.requireNonNull(x509Authentication);
        this.preCredentialsValidationHandler = preCredentialsValidationHandler;
    }

    @Override // org.eclipse.hono.adapter.http.HonoHttpAuthHandler
    public PreCredentialsValidationHandler<HttpContext> getPreCredentialsValidationHandler() {
        return this.preCredentialsValidationHandler;
    }

    public final void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
        Objects.requireNonNull(routingContext);
        Objects.requireNonNull(handler);
        if (!routingContext.request().isSSL()) {
            handler.handle(Future.failedFuture(UNAUTHORIZED));
            return;
        }
        try {
            this.auth.validateClientCertificate(routingContext.request().sslSession().getPeerCertificates(), TracingHandler.serverSpanContext(routingContext)).onComplete(asyncResult -> {
                processParseCredentialsResult(this.authProvider, routingContext, null, asyncResult, handler);
            });
        } catch (SSLPeerUnverifiedException e) {
            LOG.debug("could not retrieve client certificate from request: {}", e.getMessage());
            handler.handle(Future.failedFuture(UNAUTHORIZED));
        }
    }

    protected void processException(RoutingContext routingContext, Throwable th) {
        if (routingContext.response().ended()) {
            return;
        }
        AuthHandlerTools.processException(routingContext, th, null);
    }
}
