package org.aktin.broker.util;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.function.Function;
import java.util.logging.Logger;
import org.aktin.broker.server.auth.AuthInfo;
import org.aktin.broker.server.auth.AuthInfoImpl;
import org.aktin.broker.server.auth.AuthRole;
import org.aktin.broker.server.auth.HeaderAuthentication;

/* loaded from: input_file:org/aktin/broker/util/AuthFilterSSLHeaders.class */
public class AuthFilterSSLHeaders implements HeaderAuthentication {
    private static final Logger log = Logger.getLogger(AuthFilterSSLHeaders.class.getName());
    public static final String X_SSL_CLIENT_ID = "X-SSL-Client-ID";
    public static final String X_SSL_CLIENT_DN = "X-SSL-Client-DN";
    public static final String X_SSL_CLIENT_VERIFY = "X-SSL-Client-Verify";

    public Set<AuthRole> loadRolesFromClientDN(String str) {
        return str.contains("OU=admin") ? new HashSet(Arrays.asList(AuthRole.ADMIN_READ, AuthRole.ADMIN_WRITE)) : new HashSet(Arrays.asList(AuthRole.NODE_READ, AuthRole.NODE_WRITE));
    }

    public AuthInfo authenticateByHeaders(Function<String, String> function) throws IOException {
        String apply = function.apply(X_SSL_CLIENT_VERIFY);
        String apply2 = function.apply(X_SSL_CLIENT_ID);
        String apply3 = function.apply(X_SSL_CLIENT_DN);
        if (apply == null || !apply.equals("SUCCESS")) {
            log.info("Client verify header not found or not successful");
            return null;
        }
        log.info("Authenticated user " + apply2 + " with dn " + apply3);
        return new AuthInfoImpl(apply2, apply3, loadRolesFromClientDN(apply3));
    }
}
