package org.apache.cxf.interceptor.security.callback;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;

/* loaded from: input_file:lib/cxf-shade-8.0.9.jar:org/apache/cxf/interceptor/security/callback/CertKeyToUserNameMapper.class */
public class CertKeyToUserNameMapper implements CertificateToNameMapper {
    private String key;

    @Override // org.apache.cxf.interceptor.security.callback.CertificateToNameMapper
    public String getUserName(Certificate certificate) {
        String name = ((X509Certificate) certificate).getSubjectDN().getName();
        LdapName ldapName = getLdapName(name);
        if (this.key == null) {
            throw new IllegalArgumentException("Must set a key");
        }
        for (Rdn rdn : ldapName.getRdns()) {
            if (this.key.equalsIgnoreCase(rdn.getType())) {
                return (String) rdn.getValue();
            }
        }
        throw new IllegalArgumentException("No " + this.key + " key found in certificate DN: " + name);
    }

    private LdapName getLdapName(String str) {
        try {
            return new LdapName(str);
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("Invalid DN", e);
        }
    }

    public void setKey(String str) {
        this.key = str;
    }
}
