package com.floragunn.searchguard.ssl.transport;

import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.SpecialPermission;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/floragunn/searchguard/ssl/transport/DefaultPrincipalExtractor.class */
public class DefaultPrincipalExtractor implements PrincipalExtractor {
    private static final String EMAILADDRESS = "EMAILADDRESS";
    private static final String EMAILADDRESS_KEY = "EMAILADDRESS=";
    private static final String MAIL_OID = "1.2.840.113549.1.9.1";
    private static final int MAIL_OID_TOKEN_LEN = MAIL_OID.length() + 1;
    protected final Logger log = LogManager.getLogger(getClass());

    @Override // com.floragunn.searchguard.ssl.transport.PrincipalExtractor
    public String extractPrincipal(X509Certificate x509Certificate, PrincipalExtractor.Type type) {
        final X500Principal subjectX500Principal;
        if (x509Certificate == null || (subjectX500Principal = x509Certificate.getSubjectX500Principal()) == null) {
            return null;
        }
        String name = subjectX500Principal.getName();
        int indexOf = name.indexOf("1.2.840.113549.1.9.1=");
        if (indexOf > -1) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(new SpecialPermission());
            }
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.floragunn.searchguard.ssl.transport.DefaultPrincipalExtractor.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    return X500Name.asX500Name(subjectX500Principal).toString();
                }
            });
            int indexOf2 = str.toUpperCase().indexOf(EMAILADDRESS_KEY);
            if (indexOf2 == -1) {
                this.log.error("Cannot find {} token in {}", EMAILADDRESS_KEY, str.toUpperCase());
                return name;
            }
            try {
                int indexOf3 = name.indexOf(44, indexOf + MAIL_OID_TOKEN_LEN);
                String substring = indexOf3 > -1 ? name.substring(indexOf + MAIL_OID_TOKEN_LEN, indexOf3) : name.substring(indexOf + MAIL_OID_TOKEN_LEN);
                int indexOf4 = str.indexOf(44, indexOf2 + 13);
                name = name.replaceFirst(substring, indexOf4 > -1 ? str.substring(indexOf2 + 13, indexOf4) : str.substring(indexOf2 + 13)).replaceFirst(MAIL_OID, EMAILADDRESS);
            } catch (Exception e) {
                this.log.error("unexpected exception parsing emailaddress " + e, e);
                name = str;
            }
        }
        return name;
    }
}
