package org.springframework.security.web.server.authentication;

import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.server.reactive.SslInfo;
import org.springframework.lang.NonNull;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-5.2.0.RELEASE.jar:org/springframework/security/web/server/authentication/ServerX509AuthenticationConverter.class */
public class ServerX509AuthenticationConverter implements ServerAuthenticationConverter {
    protected final Log logger = LogFactory.getLog(getClass());
    private final X509PrincipalExtractor principalExtractor;

    public ServerX509AuthenticationConverter(@NonNull X509PrincipalExtractor x509PrincipalExtractor) {
        this.principalExtractor = x509PrincipalExtractor;
    }

    @Override // org.springframework.security.web.server.authentication.ServerAuthenticationConverter
    public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
        SslInfo sslInfo = serverWebExchange.getRequest().getSslInfo();
        if (sslInfo == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No SslInfo provided with a request, skipping x509 authentication");
            }
            return Mono.empty();
        }
        if (sslInfo.getPeerCertificates() != null && sslInfo.getPeerCertificates().length != 0) {
            X509Certificate x509Certificate = sslInfo.getPeerCertificates()[0];
            return Mono.just(new PreAuthenticatedAuthenticationToken(this.principalExtractor.extractPrincipal(x509Certificate), x509Certificate));
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
        }
        return Mono.empty();
    }
}
