package io.confluent.common.security.jetty;

import io.confluent.common.security.auth.CertificatePrincipal;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/common/security/jetty/CertificateLoginService.class */
public class CertificateLoginService extends AbstractLifeCycle implements LoginService {
    private static final Logger log = LoggerFactory.getLogger(CertificateLoginService.class);
    private SslPrincipalMapper sslPrincipalMapper = null;
    private IdentityService identityService = null;

    public void setSslPrincipalMapper(SslPrincipalMapper sslPrincipalMapper) {
        this.sslPrincipalMapper = sslPrincipalMapper;
    }

    public void setIdentityService(IdentityService identityService) {
        this.identityService = identityService;
    }

    public IdentityService getIdentityService() {
        return this.identityService;
    }

    protected void doStart() throws Exception {
        super.doStart();
        if (this.identityService == null) {
            this.identityService = new DefaultIdentityService();
        }
    }

    public String getName() {
        return "X509";
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        try {
            log.debug("Processing certificate login request for: " + str);
            String name = this.sslPrincipalMapper.getName(str);
            Subject subject = new Subject();
            CertificatePrincipal certificatePrincipal = new CertificatePrincipal(name, (X509Certificate) obj);
            subject.getPrincipals().add(certificatePrincipal);
            UserIdentity newUserIdentity = this.identityService.newUserIdentity(subject, certificatePrincipal, new String[0]);
            log.debug("Logging in user " + newUserIdentity);
            return newUserIdentity;
        } catch (Exception e) {
            log.warn("Failed generating principal", e);
            return null;
        }
    }

    public boolean validate(UserIdentity userIdentity) {
        log.debug("Validating user " + userIdentity);
        return true;
    }

    public void logout(UserIdentity userIdentity) {
        log.debug("Logging out user " + userIdentity);
    }
}
