package com.nimbusds.oauth2.sdk.auth;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.StringUtils;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLSocketFactory;
import net.jcip.annotations.Immutable;

@Immutable
/* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-6.14.jar:com/nimbusds/oauth2/sdk/auth/PKITLSClientAuthentication.class */
public class PKITLSClientAuthentication extends TLSClientAuthentication {
    private final String certSubjectDN;
    private final X509Certificate certificate;

    public PKITLSClientAuthentication(ClientID clientID, SSLSocketFactory sSLSocketFactory) {
        super(ClientAuthenticationMethod.TLS_CLIENT_AUTH, clientID, sSLSocketFactory);
        this.certSubjectDN = null;
        this.certificate = null;
    }

    @Deprecated
    public PKITLSClientAuthentication(ClientID clientID, String str) {
        super(ClientAuthenticationMethod.TLS_CLIENT_AUTH, clientID);
        if (str == null) {
            throw new IllegalArgumentException("The X.509 client certificate subject DN must not be null");
        }
        this.certSubjectDN = str;
        this.certificate = null;
    }

    public PKITLSClientAuthentication(ClientID clientID, X509Certificate x509Certificate) {
        super(ClientAuthenticationMethod.TLS_CLIENT_AUTH, clientID);
        if (x509Certificate == null) {
            throw new IllegalArgumentException("The X.509 client certificate must not be null");
        }
        this.certSubjectDN = x509Certificate.getSubjectDN().getName();
        this.certificate = x509Certificate;
    }

    public String getClientX509CertificateSubjectDN() {
        return this.certSubjectDN;
    }

    public X509Certificate getClientX509Certificate() {
        return this.certificate;
    }

    public static PKITLSClientAuthentication parse(HTTPRequest hTTPRequest) throws ParseException {
        String query = hTTPRequest.getQuery();
        if (query == null) {
            throw new ParseException("Missing HTTP POST request entity body");
        }
        String str = (String) MultivaluedMapUtils.getFirstValue(URLUtils.parseParameters(query), "client_id");
        if (StringUtils.isBlank(str)) {
            throw new ParseException("Missing client_id parameter");
        }
        if (hTTPRequest.getClientX509Certificate() == null) {
            throw new ParseException("Missing client X.509 certificate");
        }
        return new PKITLSClientAuthentication(new ClientID(str), hTTPRequest.getClientX509Certificate());
    }
}
