package com.floragunn.searchguard.authc.rest.authenticators;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.searchguard.authc.RequestMetaData;
import com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/authc/rest/authenticators/HttpClientCertAuthenticationFrontend.class */
public class HttpClientCertAuthenticationFrontend implements HttpAuthenticationFrontend {
    private static final Logger log = LogManager.getLogger(HttpClientCertAuthenticationFrontend.class);
    private final ComponentState componentState = new ComponentState(0, "authentication_frontend", "clientcert").initialized();

    public HttpClientCertAuthenticationFrontend(DocNode docNode, ConfigurationRepository.Context context) {
    }

    @Override // com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend
    public AuthCredentials extractCredentials(RequestMetaData<?> requestMetaData) {
        String clientCertSubject = requestMetaData.getClientCertSubject();
        if (Strings.isNullOrEmpty(clientCertSubject)) {
            log.debug("No client cert provided");
            return null;
        }
        try {
            return AuthCredentials.forUser(clientCertSubject.trim()).userMappingAttribute("clientcert", ImmutableMap.of("subject", dnToMap(new LdapName(clientCertSubject)))).build();
        } catch (InvalidNameException e) {
            log.error("Client cert had no properly formed DN (was: {})", clientCertSubject, e);
            return null;
        }
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationFrontend
    public String getType() {
        return "clientcert";
    }

    private Map<String, ?> dnToMap(LdapName ldapName) {
        HashMap hashMap = new HashMap();
        for (Rdn rdn : ldapName.getRdns()) {
            ((List) hashMap.computeIfAbsent(rdn.getType(), str -> {
                return new ArrayList(1);
            })).add(rdn.getValue());
        }
        return hashMap;
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
