package org.eclipse.kura.internal.rest.auth;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.annotation.Priority;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import org.eclipse.kura.audit.AuditConstants;
import org.eclipse.kura.audit.AuditContext;
import org.eclipse.kura.rest.auth.AuthenticationProvider;
import org.eclipse.kura.util.useradmin.UserAdminHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(100)
/* loaded from: input_file:org/eclipse/kura/internal/rest/auth/CertificateAuthenticationProvider.class */
public class CertificateAuthenticationProvider implements AuthenticationProvider {
    private final UserAdminHelper userAdminHelper;
    private static final Logger auditLogger = LoggerFactory.getLogger("AuditLogger");

    /* loaded from: input_file:org/eclipse/kura/internal/rest/auth/CertificateAuthenticationProvider$CertificateAuthException.class */
    public static class CertificateAuthException extends Exception {
        private final Reason reason;

        /* loaded from: input_file:org/eclipse/kura/internal/rest/auth/CertificateAuthenticationProvider$CertificateAuthException$Reason.class */
        public enum Reason {
            CLIENT_CERTIFICATE_CHAIN_MISSING,
            MISSING_COMMON_NAME,
            IDENTITY_NOT_FOUND,
            UNEXPECTED_ERROR;

            /* renamed from: values, reason: to resolve conflict with enum method */
            public static Reason[] valuesCustom() {
                Reason[] valuesCustom = values();
                int length = valuesCustom.length;
                Reason[] reasonArr = new Reason[length];
                System.arraycopy(valuesCustom, 0, reasonArr, 0, length);
                return reasonArr;
            }
        }

        public CertificateAuthException(Reason reason) {
            this.reason = reason;
        }

        public Reason getReason() {
            return this.reason;
        }
    }

    public CertificateAuthenticationProvider(UserAdminHelper userAdminHelper) {
        this.userAdminHelper = userAdminHelper;
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public Optional<Principal> authenticate(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext) {
        return authenticate(containerRequestContext, "Certificate Authentication");
    }

    public Optional<Principal> authenticate(ContainerRequestContext containerRequestContext, String str) {
        AuditContext currentOrInternal = AuditContext.currentOrInternal();
        try {
            Principal authenticate = authenticate(containerRequestContext);
            auditLogger.info("{} Rest - Success - {} succeeded", currentOrInternal, str);
            return Optional.of(authenticate);
        } catch (CertificateAuthException e) {
            if (e.getReason() == CertificateAuthException.Reason.IDENTITY_NOT_FOUND) {
                auditLogger.warn("{} Rest - Failure - {} failed", currentOrInternal, str);
            }
            return Optional.empty();
        }
    }

    public Principal authenticate(ContainerRequestContext containerRequestContext) throws CertificateAuthException {
        AuditContext currentOrInternal = AuditContext.currentOrInternal();
        try {
            Object property = containerRequestContext.getProperty("javax.servlet.request.X509Certificate");
            if (!(property instanceof X509Certificate[])) {
                throw new CertificateAuthException(CertificateAuthException.Reason.CLIENT_CERTIFICATE_CHAIN_MISSING);
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) property;
            if (x509CertificateArr.length == 0) {
                throw new CertificateAuthException(CertificateAuthException.Reason.CLIENT_CERTIFICATE_CHAIN_MISSING);
            }
            Optional findAny = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName()).getRdns().stream().filter(rdn -> {
                return "cn".equalsIgnoreCase(rdn.getType());
            }).findAny();
            if (!findAny.isPresent()) {
                throw new CertificateAuthException(CertificateAuthException.Reason.MISSING_COMMON_NAME);
            }
            String str = (String) ((Rdn) findAny.get()).getValue();
            currentOrInternal.getProperties().put(AuditConstants.KEY_IDENTITY.getValue(), str);
            if (this.userAdminHelper.getUser(str).isPresent()) {
                return () -> {
                    return str;
                };
            }
            throw new CertificateAuthException(CertificateAuthException.Reason.IDENTITY_NOT_FOUND);
        } catch (CertificateAuthException e) {
            throw e;
        } catch (Exception unused) {
            throw new CertificateAuthException(CertificateAuthException.Reason.UNEXPECTED_ERROR);
        }
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public void onEnabled() {
    }

    @Override // org.eclipse.kura.rest.auth.AuthenticationProvider
    public void onDisabled() {
    }
}
