package org.eclipse.hono.adapter.mqtt;

import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import java.util.Objects;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider;
import org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler;
import org.eclipse.hono.adapter.auth.device.PreCredentialsValidationHandler;
import org.eclipse.hono.adapter.auth.device.SubjectDnCredentials;
import org.eclipse.hono.adapter.auth.device.X509Authentication;
import org.eclipse.hono.client.ClientErrorException;

/* loaded from: input_file:org/eclipse/hono/adapter/mqtt/X509AuthHandler.class */
public class X509AuthHandler extends ExecutionContextAuthHandler<MqttConnectContext> {
    private static final ClientErrorException UNAUTHORIZED = new ClientErrorException(401);
    private final X509Authentication auth;

    public X509AuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider) {
        this(x509Authentication, deviceCredentialsAuthProvider, null);
    }

    public X509AuthHandler(X509Authentication x509Authentication, DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider, PreCredentialsValidationHandler<MqttConnectContext> preCredentialsValidationHandler) {
        super(deviceCredentialsAuthProvider, preCredentialsValidationHandler);
        this.auth = (X509Authentication) Objects.requireNonNull(x509Authentication);
    }

    public Future<JsonObject> parseCredentials(MqttConnectContext mqttConnectContext) {
        Objects.requireNonNull(mqttConnectContext);
        if (mqttConnectContext.deviceEndpoint() == null) {
            throw new IllegalArgumentException("no device endpoint");
        }
        if (!mqttConnectContext.deviceEndpoint().isSsl()) {
            return Future.failedFuture(UNAUTHORIZED);
        }
        try {
            return this.auth.validateClientCertificate(mqttConnectContext.deviceEndpoint().sslSession().getPeerCertificates(), mqttConnectContext.getTracingContext()).map(jsonObject -> {
                return jsonObject.put("client-id", mqttConnectContext.deviceEndpoint().clientIdentifier());
            });
        } catch (SSLPeerUnverifiedException e) {
            this.log.debug("could not retrieve client certificate from device endpoint: {}", e.getMessage());
            return Future.failedFuture(UNAUTHORIZED);
        }
    }
}
