package org.apache.cxf.interceptor.security.callback;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.transport.TLSSessionInfo;

/* loaded from: input_file:WEB-INF/lib/cxf-core-3.1.5.redhat-630464.jar:org/apache/cxf/interceptor/security/callback/CallbackHandlerTlsCert.class */
public class CallbackHandlerTlsCert implements CallbackHandlerProvider {
    private CertificateToNameMapper certMapper = new CertificateToNameMapper() { // from class: org.apache.cxf.interceptor.security.callback.CallbackHandlerTlsCert.1
        @Override // org.apache.cxf.interceptor.security.callback.CertificateToNameMapper
        public String getUserName(Certificate certificate) {
            return ((X509Certificate) certificate).getSubjectDN().getName();
        }
    };
    private NameToPasswordMapper nameToPasswordMapper = new NameToPasswordMapper() { // from class: org.apache.cxf.interceptor.security.callback.CallbackHandlerTlsCert.2
        @Override // org.apache.cxf.interceptor.security.callback.NameToPasswordMapper
        public String getPassword(String str) {
            return CallbackHandlerTlsCert.this.fixedPassword;
        }
    };
    private String fixedPassword;

    @Override // org.apache.cxf.interceptor.security.callback.CallbackHandlerProvider
    public CallbackHandler create(Message message) {
        if (((TLSSessionInfo) message.get(TLSSessionInfo.class)) == null) {
            return null;
        }
        String userName = this.certMapper.getUserName(getCertificate(message));
        return new NamePasswordCallbackHandler(userName, this.nameToPasswordMapper.getPassword(userName));
    }

    private Certificate getCertificate(Message message) {
        TLSSessionInfo tLSSessionInfo = (TLSSessionInfo) message.get(TLSSessionInfo.class);
        if (tLSSessionInfo == null) {
            throw new SecurityException("Not TLS connection");
        }
        Certificate[] peerCertificates = tLSSessionInfo.getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            throw new SecurityException("No certificate found");
        }
        return peerCertificates[0];
    }

    public void setCertMapper(CertificateToNameMapper certificateToNameMapper) {
        this.certMapper = certificateToNameMapper;
    }

    public void setFixedPassword(String str) {
        this.fixedPassword = str;
    }

    public void setNameToPasswordMapper(NameToPasswordMapper nameToPasswordMapper) {
        this.nameToPasswordMapper = nameToPasswordMapper;
    }
}
