package com.yahoo.vespa.zookeeper;

import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.ServerCnxn;
import org.apache.zookeeper.server.auth.X509AuthenticationProvider;

/* loaded from: input_file:com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.class */
public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider {
    private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName());

    public VespaMtlsAuthenticationProvider() {
        super((X509TrustManager) null, (X509KeyManager) null);
    }

    public KeeperException.Code handleAuthentication(ServerCnxn serverCnxn, byte[] bArr) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) serverCnxn.getClientCertificateChain();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            log.warning("Client not authenticated - should not be possible with clientAuth=NEED");
            return KeeperException.Code.AUTHFAILED;
        }
        serverCnxn.addAuthInfo(new Id(getScheme(), x509CertificateArr[0].getSubjectX500Principal().getName()));
        return KeeperException.Code.OK;
    }
}
