package io.quarkus.security.runtime;

import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.CertificateAuthenticationRequest;
import io.smallrye.mutiny.Uni;
import jakarta.inject.Singleton;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;

@Singleton
/* loaded from: input_file:io/quarkus/security/runtime/X509IdentityProvider.class */
public class X509IdentityProvider implements IdentityProvider<CertificateAuthenticationRequest> {
    private static final String COMMON_NAME = "CN";
    private static final String ROLES_ATTRIBUTE = "roles";

    public Class<CertificateAuthenticationRequest> getRequestType() {
        return CertificateAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(CertificateAuthenticationRequest certificateAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        X509Certificate certificate = certificateAuthenticationRequest.getCertificate().getCertificate();
        return Uni.createFrom().item(QuarkusSecurityIdentity.builder().setPrincipal(certificate.getSubjectX500Principal()).addCredential(certificateAuthenticationRequest.getCertificate()).addRoles(extractRoles(certificate, (Map) certificateAuthenticationRequest.getAttribute(ROLES_ATTRIBUTE))).build());
    }

    private Set<String> extractRoles(X509Certificate x509Certificate, Map<String, Set<String>> map) {
        Set<String> set;
        if (map == null) {
            return Set.of();
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (subjectX500Principal == null || subjectX500Principal.getName() == null) {
            return Set.of();
        }
        Set<String> set2 = map.get(subjectX500Principal.getName());
        if (set2 != null) {
            return set2;
        }
        String commonName = getCommonName(subjectX500Principal);
        return (commonName == null || (set = map.get(commonName)) == null) ? Set.of() : set;
    }

    private static String getCommonName(X500Principal x500Principal) {
        try {
            for (Rdn rdn : new LdapName(x500Principal.getName()).getRdns()) {
                if (COMMON_NAME.equals(rdn.getType())) {
                    return rdn.getValue().toString();
                }
            }
            return null;
        } catch (InvalidNameException e) {
            return null;
        }
    }
}
