package org.apereo.cas.web.extractcert;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.crypto.CertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/web/extractcert/RequestHeaderX509CertificateExtractor.class */
public class RequestHeaderX509CertificateExtractor implements X509CertificateExtractor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RequestHeaderX509CertificateExtractor.class);
    private static final String X509_HEADER = "-----BEGIN CERTIFICATE-----";
    private static final String X509_FOOTER = "-----END CERTIFICATE-----";
    private final String sslClientCertHeader;

    private String getCertFromHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.sslClientCertHeader);
        if (StringUtils.isBlank(header) || "(null)".equalsIgnoreCase(header)) {
            return null;
        }
        return StringUtils.trim(header);
    }

    public X509Certificate[] extract(HttpServletRequest httpServletRequest) {
        String certFromHeader = getCertFromHeader(httpServletRequest);
        if (StringUtils.isBlank(certFromHeader)) {
            LOGGER.debug("No header [{}] found in request (or value was null)", this.sslClientCertHeader);
            return null;
        }
        if (certFromHeader.length() < X509_HEADER.length()) {
            LOGGER.debug("Header [{}] found but it is too short to parse. Header value: [{}]", this.sslClientCertHeader, certFromHeader);
            return null;
        }
        String sanitizeCertificateBody = sanitizeCertificateBody(certFromHeader);
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(sanitizeCertificateBody.getBytes(StandardCharsets.ISO_8859_1));
            try {
                X509Certificate readCertificate = CertUtils.readCertificate(byteArrayInputStream);
                LOGGER.debug("Certificate extracted from header [{}] with subject: [{}]", this.sslClientCertHeader, readCertificate.getSubjectDN());
                X509Certificate[] x509CertificateArr = {readCertificate};
                byteArrayInputStream.close();
                return x509CertificateArr;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.warn("Error parsing the certificate in header: [{}] value: [{}] with error msg: [{}]", new Object[]{this.sslClientCertHeader, sanitizeCertificateBody, e.getMessage()});
            LOGGER.debug("Error parsing the certificate in header: [{}] value: [{}]", new Object[]{this.sslClientCertHeader, sanitizeCertificateBody, e});
            return null;
        }
    }

    private String sanitizeCertificateBody(String str) {
        return X509_HEADER.concat("\n").concat(str.substring(X509_HEADER.length(), str.length() - X509_FOOTER.length()).replace(' ', '\n').replace('\t', '\n')).concat("\n").concat(X509_FOOTER).concat("\n");
    }

    @Generated
    public String getSslClientCertHeader() {
        return this.sslClientCertHeader;
    }

    @Generated
    public RequestHeaderX509CertificateExtractor(String str) {
        this.sslClientCertHeader = str;
    }
}
