package com.floragunn.searchguard.ssl.transport;

import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.stream.Collectors;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.SpecialPermission;

/* loaded from: input_file:com/floragunn/searchguard/ssl/transport/DefaultPrincipalExtractor.class */
public class DefaultPrincipalExtractor implements PrincipalExtractor {
    protected final Logger log = LogManager.getLogger(getClass());

    @Override // com.floragunn.searchguard.ssl.transport.PrincipalExtractor
    public String extractPrincipal(final X509Certificate x509Certificate, PrincipalExtractor.Type type) {
        if (x509Certificate == null) {
            return null;
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SpecialPermission());
        }
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.floragunn.searchguard.ssl.transport.DefaultPrincipalExtractor.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return x509Certificate.getSubjectX500Principal().toString();
            }
        });
        try {
            ArrayList arrayList = new ArrayList(new LdapName(str).getRdns());
            Collections.reverse(arrayList);
            str = String.join(",", (Iterable<? extends CharSequence>) arrayList.stream().map(rdn -> {
                return rdn.toString();
            }).collect(Collectors.toList()));
        } catch (InvalidNameException e) {
            this.log.error("Unable to parse: {}", str, e);
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("principal: {}", str);
        }
        return str;
    }
}
