package org.mockserver.authentication.mtls;

import com.fasterxml.jackson.databind.JsonSerializer;
import com.google.common.collect.ImmutableMap;
import java.security.cert.X509Certificate;
import org.mockserver.authentication.AuthenticationException;
import org.mockserver.authentication.AuthenticationHandler;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.model.HttpRequest;
import org.mockserver.serialization.ObjectMapperFactory;
import org.slf4j.event.Level;

/* loaded from: input_file:org/mockserver/authentication/mtls/MTLSAuthenticationHandler.class */
public class MTLSAuthenticationHandler implements AuthenticationHandler {
    private final MockServerLogger mockServerLogger;
    private final X509Certificate[] controlPlaneTLSMutualAuthenticationCAChain;

    public MTLSAuthenticationHandler(MockServerLogger mockServerLogger, X509Certificate[] x509CertificateArr) {
        this.mockServerLogger = mockServerLogger;
        this.controlPlaneTLSMutualAuthenticationCAChain = x509CertificateArr;
    }

    @Override // org.mockserver.authentication.AuthenticationHandler
    public boolean controlPlaneRequestAuthenticated(HttpRequest httpRequest) {
        if (this.controlPlaneTLSMutualAuthenticationCAChain == null || this.controlPlaneTLSMutualAuthenticationCAChain.length == 0) {
            throw new AuthenticationException("control plane request failed authentication no control plane CA specified");
        }
        if (httpRequest.getClientCertificateChain() == null) {
            throw new AuthenticationException("control plane request failed authentication no client certificates found");
        }
        for (org.mockserver.model.X509Certificate x509Certificate : httpRequest.getClientCertificateChain()) {
            for (X509Certificate x509Certificate2 : this.controlPlaneTLSMutualAuthenticationCAChain) {
                String clientCertificateInformation = getClientCertificateInformation(x509Certificate.getSerialNumber(), x509Certificate.getIssuerDistinguishedName(), x509Certificate.getSubjectDistinguishedName());
                String clientCertificateInformation2 = getClientCertificateInformation(x509Certificate2.getSerialNumber().toString(), x509Certificate2.getIssuerX500Principal().getName(), x509Certificate2.getSubjectX500Principal().getName());
                try {
                    x509Certificate.getCertificate().verify(x509Certificate2.getPublicKey());
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.DEBUG).setHttpRequest(httpRequest).setMessageFormat("validated client certificate:{}against control plane trust store certificate:{}").setArguments(clientCertificateInformation, clientCertificateInformation2));
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.DEBUG).setHttpRequest(httpRequest).setMessageFormat("control plane request passed authentication:{}").setArguments(httpRequest));
                    return true;
                } catch (Throwable th) {
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setHttpRequest(httpRequest).setMessageFormat("exception validating client certificate:{}against control plane trust store certificate:{}").setArguments(clientCertificateInformation, clientCertificateInformation2).setThrowable(th));
                }
            }
        }
        throw new AuthenticationException("control plane request failed authentication no client certificates can be validated by control plane CA");
    }

    private String getClientCertificateInformation(String str, String str2, String str3) {
        try {
            return ObjectMapperFactory.createObjectMapper(true, false, new JsonSerializer[0]).writeValueAsString(ImmutableMap.of("serialNumber", str, "issuerDistinguishedName", str2, "subjectDistinguishedName", str3));
        } catch (Throwable th) {
            this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("exception serialising certificate information").setThrowable(th));
            return "";
        }
    }
}
