package org.apache.pulsar.broker.authentication;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.naming.AuthenticationException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.metrics.AuthenticationMetrics;
import org.apache.pulsar.client.impl.PulsarChannelInitializer;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderTls.class */
public class AuthenticationProviderTls implements AuthenticationProvider {

    /* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderTls$ErrorCode.class */
    private enum ErrorCode {
        UNKNOWN,
        INVALID_CERTS,
        INVALID_CN
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String getAuthMethodName() {
        return PulsarChannelInitializer.TLS_HANDLER;
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        String str = null;
        ErrorCode errorCode = ErrorCode.UNKNOWN;
        try {
            if (authenticationDataSource.hasDataFromTls()) {
                Certificate[] tlsCertificates = authenticationDataSource.getTlsCertificates();
                if (null != tlsCertificates) {
                    String[] split = ((X509Certificate) tlsCertificates[0]).getSubjectX500Principal().getName().split(",");
                    int length = split.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String[] split2 = split[i].split("=", 2);
                        if (split2.length == 2 && "CN".equals(split2[0]) && !split2[1].isEmpty()) {
                            str = split2[1];
                            break;
                        }
                        i++;
                    }
                } else {
                    ErrorCode errorCode2 = ErrorCode.INVALID_CERTS;
                    throw new AuthenticationException("Failed to get TLS certificates from client");
                }
            }
            if (str == null) {
                ErrorCode errorCode3 = ErrorCode.INVALID_CN;
                throw new AuthenticationException("Client unable to authenticate with TLS certificate");
            }
            AuthenticationMetrics.authenticateSuccess(getClass().getSimpleName(), getAuthMethodName());
            return str;
        } catch (AuthenticationException e) {
            incrementFailureMetric(errorCode);
            throw e;
        }
    }
}
