package de.rwh.utils.jetty;

import de.rwh.utils.crypto.io.PemIo;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Request;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/rwh/utils/jetty/ForwardedSecureRequestCustomizer.class */
public class ForwardedSecureRequestCustomizer implements HttpConfiguration.Customizer {
    public static final String X_CLIENT_CERT_HEADER = "X-ClientCert";
    private static final String CERT_BEGIN = "-----BEGIN CERTIFICATE-----";
    private static final String CERT_END = "-----END CERTIFICATE-----";
    private static final Logger logger = LoggerFactory.getLogger(ForwardedSecureRequestCustomizer.class);

    public void customize(Connector connector, HttpConfiguration httpConfiguration, Request request) {
        X509Certificate clientCert = getClientCert(request);
        if (clientCert != null) {
            request.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{clientCert});
        }
    }

    private X509Certificate getClientCert(Request request) {
        String header = request.getHeader(X_CLIENT_CERT_HEADER);
        if (header == null) {
            logger.warn("No {} header found", X_CLIENT_CERT_HEADER);
            return null;
        }
        if (header.isEmpty()) {
            logger.warn("{} header empty", X_CLIENT_CERT_HEADER);
            return null;
        }
        if (!header.startsWith(CERT_BEGIN)) {
            logger.warn("{} header does not start with {}", X_CLIENT_CERT_HEADER, CERT_BEGIN);
            return null;
        }
        if (header.endsWith(CERT_END)) {
            try {
                return PemIo.readX509CertificateFromPem("-----BEGIN CERTIFICATE-----" + header.replace(CERT_BEGIN, "").replace(CERT_END, "").replaceAll(" ", "\n") + "-----END CERTIFICATE-----");
            } catch (IOException | CertificateException e) {
                return null;
            }
        }
        logger.warn("{} header does not end with {}", X_CLIENT_CERT_HEADER, CERT_END);
        return null;
    }
}
