package io.axual.security.auth;

import io.axual.util.PrincipalBuilderUtil;
import java.io.IOException;
import java.security.cert.Certificate;
import javax.net.ssl.SSLSession;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.PlaintextAuthenticationContext;
import org.apache.kafka.common.security.auth.SaslAuthenticationContext;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/security/auth/SslPrincipalBuilder.class */
public class SslPrincipalBuilder implements KafkaPrincipalBuilder {
    private static final Logger log = LoggerFactory.getLogger(SslPrincipalBuilder.class);

    public KafkaPrincipal convertToCustomPrincipal(SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            return (peerCertificates == null || peerCertificates.length <= 0) ? KafkaPrincipal.ANONYMOUS : new KafkaPrincipal("User", PrincipalBuilderUtil.buildAdvancedPrincipalChain(peerCertificates));
        } catch (IOException e) {
            log.error("Something went wrong in convertToCustomPrincipal", e);
            return KafkaPrincipal.ANONYMOUS;
        }
    }

    public KafkaPrincipal build(AuthenticationContext authenticationContext) {
        if (authenticationContext instanceof PlaintextAuthenticationContext) {
            return KafkaPrincipal.ANONYMOUS;
        }
        if (authenticationContext instanceof SslAuthenticationContext) {
            return convertToCustomPrincipal(((SslAuthenticationContext) authenticationContext).session());
        }
        if (authenticationContext instanceof SaslAuthenticationContext) {
            return KafkaPrincipal.ANONYMOUS;
        }
        throw new IllegalArgumentException("Unhandled authentication context type: " + authenticationContext.getClass().getName());
    }
}
