package org.apache.qpid.server.management.plugin.auth;

import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator;
import org.apache.qpid.server.plugin.PluggableService;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;

@PluggableService
/* loaded from: input_file:org/apache/qpid/server/management/plugin/auth/SSLClientCertPreemptiveAuthenticator.class */
public class SSLClientCertPreemptiveAuthenticator implements HttpRequestPreemptiveAuthenticator {
    private static final String SSL_CLIENT_AUTH = "SSLClientAuth";
    private static final String CERTIFICATE_ATTRIBUTE_NAME = "javax.servlet.request.X509Certificate";

    @Override // org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator
    public Subject attemptAuthentication(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        ExternalAuthenticationManager authenticationProvider = httpManagementConfiguration.getAuthenticationProvider(httpServletRequest);
        SubjectCreator subjectCreator = httpManagementConfiguration.mo6getPort(httpServletRequest).getSubjectCreator(httpServletRequest.isSecure(), httpServletRequest.getServerName());
        if (!httpServletRequest.isSecure() || !(authenticationProvider instanceof ExternalAuthenticationManager) || !Collections.list(httpServletRequest.getAttributeNames()).contains(CERTIFICATE_ATTRIBUTE_NAME)) {
            return null;
        }
        ExternalAuthenticationManager externalAuthenticationManager = authenticationProvider;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(CERTIFICATE_ATTRIBUTE_NAME);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        UsernamePrincipal subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal();
        if (!externalAuthenticationManager.getUseFullDN()) {
            subjectX500Principal = new UsernamePrincipal(SSLUtil.getIdFromSubjectDN(((X500Principal) subjectX500Principal).getName("RFC2253")), authenticationProvider);
        }
        return subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(subjectX500Principal));
    }

    public String getType() {
        return SSL_CLIENT_AUTH;
    }
}
