package co.cask.cdap.security.server;

import com.google.common.base.Splitter;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import org.eclipse.jetty.security.MappedLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Credential;

/* loaded from: input_file:co/cask/cdap/security/server/MTLSUserIdentity.class */
public class MTLSUserIdentity implements UserIdentity {
    private String userName;
    private Object credentials;
    private static final String PRINCIPAL_CANONICAL_NAME = "CN";

    private String getX509PrincipalCN(String str) {
        Map split = Splitter.on(",").withKeyValueSeparator("=").split(str.replaceAll("\\s", ""));
        if (split.containsKey(PRINCIPAL_CANONICAL_NAME)) {
            return (String) split.get(PRINCIPAL_CANONICAL_NAME);
        }
        return null;
    }

    public MTLSUserIdentity(String str, Object obj) {
        this.userName = str;
        this.credentials = obj;
    }

    public Subject getSubject() {
        Subject subject = new Subject();
        subject.getPrincipals().add(getUserPrincipal());
        subject.getPublicCredentials().add(this.credentials);
        subject.setReadOnly();
        return subject;
    }

    public Principal getUserPrincipal() {
        return new MappedLoginService.KnownUser(getX509PrincipalCN(this.userName), this.credentials instanceof Credential ? (Credential) this.credentials : Credential.getCredential(this.credentials.toString()));
    }

    public boolean isUserInRole(String str, UserIdentity.Scope scope) {
        return true;
    }
}
