package org.springframework.security.web.authentication.preauth.x509;

import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import oadd.org.apache.commons.logging.Log;
import oadd.org.apache.commons.logging.LogFactory;
import oadd.org.apache.drill.common.expression.fn.JodaDateValidator;
import org.springframework.context.MessageSource;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.class */
public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
    protected final Log logger = LogFactory.getLog(getClass());
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private Pattern subjectDnPattern;

    public SubjectDnX509PrincipalExtractor() {
        setSubjectDnRegex("CN=(.*?)(?:,|$)");
    }

    @Override // org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
    public Object extractPrincipal(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        this.logger.debug("Subject DN is '" + name + JodaDateValidator.JODA_ESCAPE_CHARACTER);
        Matcher matcher = this.subjectDnPattern.matcher(name);
        if (!matcher.find()) {
            throw new BadCredentialsException(this.messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching", new Object[]{name}, "No matching pattern was found in subject DN: {0}"));
        }
        if (matcher.groupCount() != 1) {
            throw new IllegalArgumentException("Regular expression must contain a single group ");
        }
        String group = matcher.group(1);
        this.logger.debug("Extracted Principal name is '" + group + JodaDateValidator.JODA_ESCAPE_CHARACTER);
        return group;
    }

    public void setSubjectDnRegex(String str) {
        Assert.hasText(str, "Regular expression may not be null or empty");
        this.subjectDnPattern = Pattern.compile(str, 2);
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }
}
