package org.apache.nifi.processors.standard.http;

import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.security.cert.CertificateAttributeReader;
import org.apache.nifi.security.cert.StandardCertificateAttributeReader;
import org.apache.nifi.security.cert.SubjectAlternativeName;

/* loaded from: input_file:org/apache/nifi/processors/standard/http/HandleHttpRequestCertificateAttributesProvider.class */
public class HandleHttpRequestCertificateAttributesProvider implements CertificateAttributesProvider {
    protected static final String REQUEST_CERTIFICATES_ATTRIBUTE_NAME = "javax.servlet.request.X509Certificate";
    private static final String SAN_NAME_TYPE_FORMAT = "%s.%d.nameType";
    private static final String SAN_NAME_FORMAT = "%s.%d.name";
    private final CertificateAttributeReader certificateAttributeReader = new StandardCertificateAttributeReader();

    @Override // org.apache.nifi.processors.standard.http.CertificateAttributesProvider
    public Map<String, String> getCertificateAttributes(HttpServletRequest httpServletRequest) {
        Map<String, String> emptyMap;
        Objects.requireNonNull(httpServletRequest, "HTTP Servlet Request required");
        Object attribute = httpServletRequest.getAttribute(REQUEST_CERTIFICATES_ATTRIBUTE_NAME);
        if (attribute instanceof X509Certificate[]) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) attribute;
            emptyMap = x509CertificateArr.length == 0 ? Collections.emptyMap() : getCertificateAttributes(x509CertificateArr[0]);
        } else {
            emptyMap = Collections.emptyMap();
        }
        return emptyMap;
    }

    private Map<String, String> getCertificateAttributes(X509Certificate x509Certificate) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String name = x509Certificate.getSubjectX500Principal().getName();
        String name2 = x509Certificate.getIssuerX500Principal().getName();
        linkedHashMap.put(CertificateAttribute.HTTP_SUBJECT_DN.getName(), name);
        linkedHashMap.put(CertificateAttribute.HTTP_ISSUER_DN.getName(), name2);
        linkedHashMap.putAll(getSubjectAlternativeNameAttributes(x509Certificate));
        return linkedHashMap;
    }

    private Map<String, String> getSubjectAlternativeNameAttributes(X509Certificate x509Certificate) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        int i = 0;
        for (SubjectAlternativeName subjectAlternativeName : this.certificateAttributeReader.getSubjectAlternativeNames(x509Certificate)) {
            linkedHashMap.put(String.format(SAN_NAME_TYPE_FORMAT, CertificateAttribute.HTTP_CERTIFICATE_SANS.getName(), Integer.valueOf(i)), subjectAlternativeName.getGeneralNameType().getGeneralName());
            linkedHashMap.put(String.format(SAN_NAME_FORMAT, CertificateAttribute.HTTP_CERTIFICATE_SANS.getName(), Integer.valueOf(i)), subjectAlternativeName.getName());
            i++;
        }
        return linkedHashMap;
    }
}
