package org.apache.nifi.web.security.x509;

import java.security.cert.X509Certificate;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/x509/X509AuthenticationFilter.class */
public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(X509AuthenticationFilter.class);
    private X509CertificateExtractor certificateExtractor;
    private X509IdentityProvider certificateIdentityProvider;

    @Override // org.apache.nifi.web.security.NiFiAuthenticationFilter
    public NiFiAuthorizationRequestToken attemptAuthentication(HttpServletRequest httpServletRequest) {
        X509Certificate[] extractClientCertificate;
        if (!httpServletRequest.isSecure() || (extractClientCertificate = this.certificateExtractor.extractClientCertificate(httpServletRequest)) == null) {
            return null;
        }
        try {
            List<String> buildProxiedEntitiesChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(httpServletRequest, this.certificateIdentityProvider.authenticate(extractClientCertificate).getIdentity());
            return isNewAccountRequest(httpServletRequest) ? new NewAccountAuthorizationRequestToken(new NewAccountRequest(buildProxiedEntitiesChain, getJustification(httpServletRequest))) : new NiFiAuthorizationRequestToken(buildProxiedEntitiesChain);
        } catch (IllegalArgumentException e) {
            throw new InvalidAuthenticationException(e.getMessage(), e);
        }
    }

    public void setCertificateExtractor(X509CertificateExtractor x509CertificateExtractor) {
        this.certificateExtractor = x509CertificateExtractor;
    }

    public void setCertificateIdentityProvider(X509IdentityProvider x509IdentityProvider) {
        this.certificateIdentityProvider = x509IdentityProvider;
    }
}
