package org.eclipse.kura.internal.rest.provider;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.annotation.Priority;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import org.eclipse.kura.audit.AuditConstants;
import org.eclipse.kura.audit.AuditContext;
import org.eclipse.kura.rest.auth.AuthenticationProvider;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(100)
/* loaded from: input_file:org/eclipse/kura/internal/rest/provider/CertificateAuthenticationProvider.class */
public class CertificateAuthenticationProvider implements AuthenticationProvider {
    private final UserAdmin userAdmin;
    private static final Logger auditLogger = LoggerFactory.getLogger("AuditLogger");
    private static final String KURA_USER_PREFIX = "kura.user.";

    public CertificateAuthenticationProvider(UserAdmin userAdmin) {
        this.userAdmin = userAdmin;
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public Optional<Principal> authenticate(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext) {
        AuditContext currentOrInternal = AuditContext.currentOrInternal();
        try {
            Object property = containerRequestContext.getProperty("javax.servlet.request.X509Certificate");
            if (!(property instanceof X509Certificate[])) {
                return Optional.empty();
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) property;
            if (x509CertificateArr.length == 0) {
                throw new IllegalArgumentException("Certificate chain is empty");
            }
            Optional findAny = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName()).getRdns().stream().filter(rdn -> {
                return "cn".equalsIgnoreCase(rdn.getType());
            }).findAny();
            if (!findAny.isPresent()) {
                throw new IllegalArgumentException("Certificate common name is not present");
            }
            String str = (String) ((Rdn) findAny.get()).getValue();
            currentOrInternal.getProperties().put(AuditConstants.KEY_IDENTITY.getValue(), str);
            if (this.userAdmin.getRole(KURA_USER_PREFIX + str) instanceof User) {
                auditLogger.info("{} Rest - Success - Certificate Authentication succeeded", currentOrInternal);
                return Optional.of(() -> {
                    return str;
                });
            }
            auditLogger.warn("{} Rest - Failure - Certificate Authentication failed", currentOrInternal);
            return Optional.empty();
        } catch (Exception unused) {
            auditLogger.warn("{} Rest - Failure - Certificate Authentication failed", currentOrInternal);
            return Optional.empty();
        }
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public void onEnabled() {
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public void onDisabled() {
    }
}
