package org.soitoolkit.commons.mule.cert;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.mule.api.MuleMessage;
import org.mule.api.expression.ExpressionEvaluator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/soitoolkit/commons/mule/cert/X509CertificateEvaluator.class */
public class X509CertificateEvaluator implements ExpressionEvaluator {
    private static final Logger log = LoggerFactory.getLogger(X509CertificateEvaluator.class);
    public static final String NAME = "x509cert";
    public static final String EXPR_SENDERID = "sender-id";
    private String propertyName;

    public String getName() {
        return NAME;
    }

    public void setPropertyName(String str) {
        this.propertyName = str;
        log.debug("propertyName = {}", str);
    }

    public void setName(String str) {
        throw new UnsupportedOperationException("setName");
    }

    public Object evaluate(String str, MuleMessage muleMessage) {
        try {
            String str2 = null;
            if (EXPR_SENDERID.equals(str)) {
                str2 = getSenderIdFromCertificate(muleMessage, "PEER_CERTIFICATES");
                if (log.isDebugEnabled()) {
                    log.debug("{} validates sender id: {}", getSenderIdFromCertificate(muleMessage, "LOCAL_CERTIFICATES"), str2);
                }
            }
            return str2;
        } catch (Exception e) {
            log.error(e.getMessage());
            throw new RuntimeException(e);
        }
    }

    private String getSenderIdFromCertificate(MuleMessage muleMessage, String str) {
        String str2 = null;
        X509Certificate x509Certificate = getX509Certificate(muleMessage, str);
        if (x509Certificate != null) {
            str2 = X509CertificateUtil.getPropertyFromX500Principal(x509Certificate, this.propertyName);
            if (str2 == null) {
                logAndThrowError("No senderId found in Certificate");
            }
        } else {
            logAndThrowError("No senderId found in Certificate: No certificate found from client");
        }
        return str2.startsWith("#") ? convertFromHexToString(str2.substring(5)) : str2;
    }

    private X509Certificate getX509Certificate(MuleMessage muleMessage, String str) {
        X509Certificate x509Certificate = null;
        Certificate[] certificateArr = (Certificate[]) muleMessage.getOutboundProperty(str);
        if (certificateArr == null) {
            logAndThrowError("No certificate chain found from client");
        } else if (certificateArr[0] instanceof X509Certificate) {
            x509Certificate = (X509Certificate) certificateArr[0];
        } else {
            logAndThrowError("First certificate in chain is not X509Certificate: " + certificateArr[0]);
        }
        return x509Certificate;
    }

    private void logAndThrowError(String str) {
        log.error(str);
        throw new RuntimeException(str);
    }

    private String convertFromHexToString(String str) {
        byte[] bArr = new byte[str.length() / 2];
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2 += 2) {
            int i3 = i;
            i++;
            bArr[i3] = Byte.parseByte(str.substring(i2, i2 + 2), 16);
        }
        return new String(bArr);
    }
}
