package org.zowe.apiml.gateway.security.mapping;

import java.security.cert.X509Certificate;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.stereotype.Component;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.X509AuthSource;

@Component("x509Mapper")
@ConditionalOnExpression("T(org.springframework.util.StringUtils).isEmpty('${apiml.security.x509.externalMapperUrl}')")
/* loaded from: input_file:org/zowe/apiml/gateway/security/mapping/X509CommonNameUserMapper.class */
public class X509CommonNameUserMapper implements AuthenticationMapper {
    @Override // org.zowe.apiml.gateway.security.mapping.AuthenticationMapper
    public String mapToMainframeUserId(AuthSource authSource) {
        if (!(authSource instanceof X509AuthSource)) {
            return null;
        }
        for (Rdn rdn : getLdapName(((X509Certificate) authSource.getRawSource()).getSubjectX500Principal().getName()).getRdns()) {
            if ("cn".equalsIgnoreCase(rdn.getType())) {
                return String.valueOf(rdn.getValue());
            }
        }
        return null;
    }

    public LdapName getLdapName(String str) {
        try {
            return new LdapName(str);
        } catch (InvalidNameException e) {
            throw new AuthenticationServiceException("Not able to create ldap name from certificate. Cause: " + e.getMessage(), e);
        }
    }
}
