package test.cert.mappers;

import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.X509CertificateMapper;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;

/* loaded from: input_file:test/cert/mappers/CertificateMapper4.class */
public class CertificateMapper4 implements X509CertificateMapper {
    private static final String CLASS_NAME = CertificateMapper4.class.getSimpleName();

    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapFailedException {
        if (x509CertificateArr == null || x509CertificateArr.length != 2) {
            throw new CertificateMapFailedException("The expected certificate chain was not provided.");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        X509Certificate x509Certificate2 = x509CertificateArr[1];
        String name = x509Certificate.getIssuerDN().getName();
        if (!"cn=chain_ca".equalsIgnoreCase(name)) {
            throw new CertificateMapFailedException("Subject's certificate was signed by unknown CA: " + name);
        }
        String name2 = x509Certificate2.getIssuerDN().getName();
        if (!"cn=chain_root".equalsIgnoreCase(x509Certificate2.getIssuerDN().getName())) {
            throw new CertificateMapFailedException("CA's certificate was signed by unknown root: " + name2);
        }
        try {
            List rdns = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName()).getRdns();
            String str = (String) ((Rdn) rdns.get(rdns.size() - 1)).getValue();
            System.out.println(CLASS_NAME + ".mapCertificate(...) returns: " + str);
            return str;
        } catch (InvalidNameException e) {
            throw new CertificateMapFailedException("The certificate's subject's X.500 principal was not in the form of a distinguished name.", e);
        }
    }
}
