package io.micronaut.security.x509;

import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.filters.AuthenticationFetcher;
import io.micronaut.security.token.TokenAuthenticationFetcher;
import jakarta.inject.Singleton;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;

@Singleton
@Requires(classes = {HttpRequest.class})
/* loaded from: input_file:io/micronaut/security/x509/X509AuthenticationFetcher.class */
public class X509AuthenticationFetcher implements AuthenticationFetcher<HttpRequest<?>> {
    public static final int ORDER = TokenAuthenticationFetcher.ORDER.intValue() - 200;
    private final Pattern subjectDnPattern;

    public X509AuthenticationFetcher(X509Configuration x509Configuration) {
        this.subjectDnPattern = Pattern.compile(x509Configuration.getSubjectDnRegex(), 2);
    }

    @Override // io.micronaut.core.order.Ordered
    public int getOrder() {
        return ORDER;
    }

    @Override // io.micronaut.security.filters.AuthenticationFetcher
    public Publisher<Authentication> fetchAuthentication(HttpRequest<?> httpRequest) {
        return Mono.create(monoSink -> {
            Optional<Authentication> createAuthentication = createAuthentication(httpRequest);
            if (createAuthentication.isPresent()) {
                monoSink.success(createAuthentication.get());
            } else {
                monoSink.success();
            }
        });
    }

    @NonNull
    protected Optional<Authentication> createAuthentication(HttpRequest<?> httpRequest) {
        Optional<Certificate> certificate = httpRequest.getCertificate();
        if (certificate.isPresent()) {
            Certificate certificate2 = certificate.get();
            if (certificate2 instanceof X509Certificate) {
                return createX509Authentication((X509Certificate) certificate2);
            }
        }
        return Optional.empty();
    }

    @NonNull
    protected Optional<Authentication> createX509Authentication(@NonNull X509Certificate x509Certificate) {
        return extractName(x509Certificate).map(str -> {
            return new X509Authentication(str, x509Certificate);
        });
    }

    @NonNull
    protected Optional<String> extractName(@NonNull X509Certificate x509Certificate) {
        Matcher matcher = this.subjectDnPattern.matcher(x509Certificate.getSubjectX500Principal().getName());
        if (matcher.find() && matcher.groupCount() == 1) {
            return Optional.of(matcher.group(1));
        }
        return Optional.empty();
    }
}
