package org.jasig.cas.adaptors.x509.authentication.principal;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.validation.constraints.NotNull;
import org.cryptacular.x509.dn.Attribute;
import org.cryptacular.x509.dn.AttributeType;
import org.cryptacular.x509.dn.NameReader;
import org.cryptacular.x509.dn.RDN;
import org.cryptacular.x509.dn.RDNSequence;
import org.cryptacular.x509.dn.StandardAttributeType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("x509SubjectPrincipalResolver")
/* loaded from: input_file:org/jasig/cas/adaptors/x509/authentication/principal/X509SubjectPrincipalResolver.class */
public class X509SubjectPrincipalResolver extends AbstractX509PrincipalResolver {
    private static final Pattern ATTR_PATTERN = Pattern.compile("\\$(\\w+)");

    @NotNull
    private String descriptor;

    /* loaded from: input_file:org/jasig/cas/adaptors/x509/authentication/principal/X509SubjectPrincipalResolver$AttributeContext.class */
    private static final class AttributeContext {
        private int currentIndex;
        private String name;
        private final String[] values;

        AttributeContext(String str, String[] strArr) {
            this.values = strArr;
        }

        public String nextValue() {
            if (this.currentIndex == this.values.length) {
                throw new IllegalStateException("No values remaining for attribute " + this.name);
            }
            String[] strArr = this.values;
            int i = this.currentIndex;
            this.currentIndex = i + 1;
            return strArr[i];
        }
    }

    @Autowired
    public void setDescriptor(@Value("${cas.x509.authn.principal.descriptor:}") String str) {
        this.descriptor = str;
    }

    @Override // org.jasig.cas.adaptors.x509.authentication.principal.AbstractX509PrincipalResolver
    protected String resolvePrincipalInternal(X509Certificate x509Certificate) {
        this.logger.debug("Resolving principal for {}", x509Certificate);
        StringBuffer stringBuffer = new StringBuffer();
        Matcher matcher = ATTR_PATTERN.matcher(this.descriptor);
        HashMap hashMap = new HashMap();
        RDNSequence readSubject = new NameReader(x509Certificate).readSubject();
        while (matcher.find()) {
            String group = matcher.group(1);
            if (!hashMap.containsKey(group)) {
                hashMap.put(group, new AttributeContext(group, getAttributeValues(readSubject, StandardAttributeType.fromName(group))));
            }
            matcher.appendReplacement(stringBuffer, ((AttributeContext) hashMap.get(group)).nextValue());
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    private static String[] getAttributeValues(RDNSequence rDNSequence, AttributeType attributeType) {
        ArrayList arrayList = new ArrayList();
        Iterator it = rDNSequence.backward().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((RDN) it.next()).getAttributes().iterator();
            while (it2.hasNext()) {
                Attribute attribute = (Attribute) it2.next();
                if (attribute.getType().equals(attributeType)) {
                    arrayList.add(attribute.getValue());
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }
}
