package grails.plugin.springsecurity.web.authentication.preauth.x509;

import groovy.lang.Closure;
import java.security.cert.X509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;

/* loaded from: input_file:WEB-INF/classes/grails/plugin/springsecurity/web/authentication/preauth/x509/ClosureX509PrincipalExtractor.class */
public class ClosureX509PrincipalExtractor implements X509PrincipalExtractor {
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    protected Logger log = LoggerFactory.getLogger(getClass());
    protected Closure<?> closure;

    @Override // org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
    public Object extractPrincipal(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        this.log.debug("Subject DN is '{}'", name);
        Object call = this.closure.call(name);
        if (call == null) {
            throw new BadCredentialsException(this.messages.getMessage("SubjectDnX509PrincipalExtractor.noMatching", new Object[]{name}, "No matching pattern was found in subject DN: {}"));
        }
        this.log.debug("Extracted Principal name is '{}'", call);
        return call;
    }

    public void setClosure(Closure<?> closure) {
        this.closure = closure;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }
}
