package org.pac4j.http.credentials.authenticator;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.profile.definition.CommonProfileDefinition;
import org.pac4j.http.credentials.X509Credentials;
import org.pac4j.http.profile.X509Profile;

/* loaded from: input_file:WEB-INF/lib/pac4j-http-4.0.0-RC1.jar:org/pac4j/http/credentials/authenticator/X509Authenticator.class */
public class X509Authenticator extends AbstractRegexpAuthenticator<X509Profile> implements Authenticator<X509Credentials> {
    public X509Authenticator() {
        setRegexpPattern("CN=(.*?)(?:,|$)");
    }

    public X509Authenticator(String str) {
        setRegexpPattern(str);
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit() {
        defaultProfileDefinition(new CommonProfileDefinition(objArr -> {
            return new X509Profile();
        }));
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(X509Credentials x509Credentials, WebContext webContext) {
        init();
        X509Certificate certificate = x509Credentials.getCertificate();
        if (certificate == null) {
            throw new CredentialsException("No X509 certificate");
        }
        Principal subjectDN = certificate.getSubjectDN();
        if (subjectDN == null) {
            throw new CredentialsException("No X509 principal");
        }
        String name = subjectDN.getName();
        this.logger.debug("subjectDN: {}", name);
        if (name == null) {
            throw new CredentialsException("No X509 subjectDN");
        }
        Matcher matcher = this.pattern.matcher(name);
        if (!matcher.find()) {
            throw new CredentialsException("No matching for pattern: " + this.regexpPattern + " in subjectDN: " + name);
        }
        if (matcher.groupCount() != 1) {
            throw new CredentialsException("Too many matchings for pattern: " + this.regexpPattern + " in subjectDN: " + name);
        }
        String group = matcher.group(1);
        X509Profile x509Profile = (X509Profile) getProfileDefinition().newProfile(new Object[0]);
        x509Profile.setId(group);
        this.logger.debug("profile: {}", x509Profile);
        x509Credentials.setUserProfile(x509Profile);
    }
}
