package org.springframework.security.providers.x509.populator;

import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.x509.X509AuthoritiesPopulator;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-2.0.8.RELEASE.jar:org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.class */
public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, InitializingBean, MessageSourceAware {
    private static final Log logger;
    private Pattern subjectDNPattern;
    private UserDetailsService userDetailsService;
    static Class class$org$springframework$security$providers$x509$populator$DaoX509AuthoritiesPopulator;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private String subjectDNRegex = "CN=(.*?),";

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "An authenticationDao must be set");
        Assert.notNull(this.messages, "A message source must be set");
        this.subjectDNPattern = Pattern.compile(this.subjectDNRegex, 2);
    }

    @Override // org.springframework.security.providers.x509.X509AuthoritiesPopulator
    public UserDetails getUserDetails(X509Certificate x509Certificate) throws AuthenticationException {
        String name = x509Certificate.getSubjectDN().getName();
        Matcher matcher = this.subjectDNPattern.matcher(name);
        if (!matcher.find()) {
            throw new BadCredentialsException(this.messages.getMessage("DaoX509AuthoritiesPopulator.noMatching", new Object[]{name}, "No matching pattern was found in subjectDN: {0}"));
        }
        if (matcher.groupCount() != 1) {
            throw new IllegalArgumentException("Regular expression must contain a single group ");
        }
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(matcher.group(1));
        if (loadUserByUsername == null) {
            throw new AuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
        }
        return loadUserByUsername;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setSubjectDNRegex(String str) {
        this.subjectDNRegex = str;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$springframework$security$providers$x509$populator$DaoX509AuthoritiesPopulator == null) {
            cls = class$("org.springframework.security.providers.x509.populator.DaoX509AuthoritiesPopulator");
            class$org$springframework$security$providers$x509$populator$DaoX509AuthoritiesPopulator = cls;
        } else {
            cls = class$org$springframework$security$providers$x509$populator$DaoX509AuthoritiesPopulator;
        }
        logger = LogFactory.getLog(cls);
    }
}
