package io.axual.common.principal;

import io.confluent.kafka.schemaregistry.utils.QualifiedSubject;
import java.security.Principal;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.X509Certificate;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/common/principal/DefaultPrincipalBuilder.class */
public class DefaultPrincipalBuilder implements KafkaPrincipalBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultPrincipalBuilder.class);

    @Override // org.apache.kafka.common.security.auth.KafkaPrincipalBuilder
    public KafkaPrincipal build(AuthenticationContext authenticationContext) {
        if (authenticationContext instanceof SslAuthenticationContext) {
            try {
                X509Certificate[] peerCertificateChain = ((SslAuthenticationContext) authenticationContext).session().getPeerCertificateChain();
                if (peerCertificateChain != null && peerCertificateChain.length > 0) {
                    String str = "";
                    for (int length = peerCertificateChain.length - 1; length >= 0; length--) {
                        str = appendEntry(str, peerCertificateChain[length].getSubjectDN(), (peerCertificateChain.length - length) - 1);
                    }
                    LOG.info("SSLSession principal: {}", str);
                    return new KafkaPrincipal(KafkaPrincipal.USER_TYPE, str);
                }
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        return KafkaPrincipal.ANONYMOUS;
    }

    private static String appendEntry(String str, Principal principal, int i) {
        if (!str.isEmpty()) {
            str = str + ", ";
        }
        return str + "[" + i + "] " + principal.getName().replaceAll("[\n\r\t]", QualifiedSubject.TENANT_DELIMITER);
    }
}
