package com.betfair.cougar.core.impl.security;

import com.betfair.cougar.api.security.IdentityToken;
import com.betfair.cougar.api.security.IdentityTokenResolver;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.ldap.LdapName;

/* loaded from: input_file:com/betfair/cougar/core/impl/security/SSLAwareTokenResolver.class */
public abstract class SSLAwareTokenResolver<I, O, C> implements IdentityTokenResolver<I, O, C> {
    public static final String SSL_CERT_INFO = "X-SSL-Cert-Info";
    private final CertInfoExtractor certInfoExtractor;

    protected SSLAwareTokenResolver(CertInfoExtractor certInfoExtractor) {
        if (certInfoExtractor == null) {
            throw new IllegalArgumentException("CertInfoExtractor cannot be null");
        }
        this.certInfoExtractor = certInfoExtractor;
    }

    protected void attachCertInfo(List<IdentityToken> list, X509Certificate[] x509CertificateArr) throws NamingException {
        String findCertInfo = findCertInfo(x509CertificateArr);
        if (findCertInfo != null) {
            list.add(new IdentityToken(SSL_CERT_INFO, findCertInfo));
        }
    }

    protected String findCertInfo(X509Certificate[] x509CertificateArr) throws NamingException {
        Principal subjectDN;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || (subjectDN = x509CertificateArr[0].getSubjectDN()) == null || subjectDN.getName() == null) {
            return null;
        }
        try {
            return this.certInfoExtractor.extractCertInfo(new LdapName(subjectDN.getName()).getRdns());
        } catch (InvalidNameException e) {
            return null;
        }
    }
}
