package io.confluent.ksql.api.auth;

import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpConnection;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;
import java.security.Principal;
import java.util.Objects;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:io/confluent/ksql/api/auth/SystemAuthenticationHandler.class */
public class SystemAuthenticationHandler implements Handler<RoutingContext> {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/ksql/api/auth/SystemAuthenticationHandler$SystemUser.class */
    public static class SystemUser implements ApiUser {
        private final Principal principal;

        SystemUser(Principal principal) {
            this.principal = (Principal) Objects.requireNonNull(principal);
        }

        public User isAuthorized(String str, Handler<AsyncResult<Boolean>> handler) {
            throw new UnsupportedOperationException();
        }

        public User clearCache() {
            throw new UnsupportedOperationException();
        }

        public JsonObject principal() {
            throw new UnsupportedOperationException();
        }

        public void setAuthProvider(AuthProvider authProvider) {
            throw new UnsupportedOperationException();
        }

        @Override // io.confluent.ksql.api.auth.ApiUser
        public Principal getPrincipal() {
            return this.principal;
        }
    }

    public void handle(RoutingContext routingContext) {
        HttpConnection connection = routingContext.request().connection();
        if (!connection.isSsl()) {
            throw new IllegalStateException("Should only have ssl connections");
        }
        routingContext.setUser(new SystemUser(getPeerPrincipal(connection.sslSession())));
        routingContext.next();
    }

    private static Principal getPeerPrincipal(SSLSession sSLSession) {
        try {
            return sSLSession.getPeerPrincipal();
        } catch (SSLPeerUnverifiedException e) {
            throw new IllegalStateException("Peer should always be verified", e);
        }
    }

    public static boolean isAuthenticatedAsSystemUser(RoutingContext routingContext) {
        return routingContext.user() instanceof SystemUser;
    }
}
