package org.keycloak.common.crypto;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.jboss.logging.Logger;
import org.keycloak.common.util.PemUtils;

/* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider.class */
public abstract class UserIdentityExtractorProvider {
    private static final Logger logger = Logger.getLogger((Class<?>) UserIdentityExtractorProvider.class);

    /* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider$OrBuilder.class */
    public class OrBuilder {
        UserIdentityExtractor extractor;
        UserIdentityExtractor other;

        OrBuilder(UserIdentityExtractor userIdentityExtractor) {
            this.extractor = userIdentityExtractor;
        }

        public UserIdentityExtractor or(UserIdentityExtractor userIdentityExtractor) {
            return new OrExtractor(this.extractor, userIdentityExtractor);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider$OrExtractor.class */
    protected class OrExtractor implements UserIdentityExtractor {
        UserIdentityExtractor extractor;
        UserIdentityExtractor other;

        OrExtractor(UserIdentityExtractor userIdentityExtractor, UserIdentityExtractor userIdentityExtractor2) {
            this.extractor = userIdentityExtractor;
            this.other = userIdentityExtractor2;
            if (this.extractor == null) {
                throw new IllegalArgumentException("extractor is null");
            }
            if (this.other == null) {
                throw new IllegalArgumentException("other is null");
            }
        }

        @Override // org.keycloak.common.crypto.UserIdentityExtractor
        public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
            Object extractUserIdentity = this.extractor.extractUserIdentity(x509CertificateArr);
            if (extractUserIdentity == null) {
                extractUserIdentity = this.other.extractUserIdentity(x509CertificateArr);
            }
            return extractUserIdentity;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider$PatternMatcher.class */
    public class PatternMatcher implements UserIdentityExtractor {
        private final String _pattern;
        private final Function<X509Certificate[], String> _f;

        PatternMatcher(String str, Function<X509Certificate[], String> function) {
            this._pattern = str;
            this._f = function;
        }

        @Override // org.keycloak.common.crypto.UserIdentityExtractor
        public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
            String str = (String) Optional.ofNullable(this._f.apply(x509CertificateArr)).orElseThrow(IllegalArgumentException::new);
            Matcher matcher = Pattern.compile(this._pattern, 2).matcher(str);
            if (!matcher.find()) {
                UserIdentityExtractorProvider.logger.debugf("[PatternMatcher:extract] No matches were found for input \"%s\", pattern=\"%s\"", str, this._pattern);
                return null;
            }
            if (matcher.groupCount() == 1) {
                return matcher.group(1);
            }
            UserIdentityExtractorProvider.logger.debugf("[PatternMatcher:extract] Match produced more than a single group for input \"%s\", pattern=\"%s\"", str, this._pattern);
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider$SubjectAltNameExtractor.class */
    public abstract class SubjectAltNameExtractor implements UserIdentityExtractor {
        public SubjectAltNameExtractor() {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-common-24.0.4.jar:org/keycloak/common/crypto/UserIdentityExtractorProvider$X500NameRDNExtractor.class */
    public abstract class X500NameRDNExtractor implements UserIdentityExtractor {
        public X500NameRDNExtractor() {
        }
    }

    public OrBuilder either(UserIdentityExtractor userIdentityExtractor) {
        return new OrBuilder(userIdentityExtractor);
    }

    public UserIdentityExtractor getCertificatePemIdentityExtractor() {
        return new UserIdentityExtractor() { // from class: org.keycloak.common.crypto.UserIdentityExtractorProvider.1
            @Override // org.keycloak.common.crypto.UserIdentityExtractor
            public Object extractUserIdentity(X509Certificate[] x509CertificateArr) {
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    throw new IllegalArgumentException();
                }
                String encodeCertificate = PemUtils.encodeCertificate(x509CertificateArr[0]);
                UserIdentityExtractorProvider.logger.debugf("Using PEM certificate \"%s\" as user identity.", encodeCertificate);
                return encodeCertificate;
            }
        };
    }

    public UserIdentityExtractor getPatternIdentityExtractor(String str, Function<X509Certificate[], String> function) {
        return new PatternMatcher(str, function);
    }

    public abstract UserIdentityExtractor getX500NameExtractor(String str, Function<X509Certificate[], Principal> function);

    public abstract SubjectAltNameExtractor getSubjectAltNameExtractor(int i);
}
