package winstone.auth;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Node;
import winstone.AuthenticationPrincipal;
import winstone.AuthenticationRealm;
import winstone.Logger;
import winstone.WinstoneRequest;

/* loaded from: input_file:winstone.jar:winstone/auth/ClientcertAuthenticationHandler.class */
public class ClientcertAuthenticationHandler extends BaseAuthenticationHandler {
    public ClientcertAuthenticationHandler(Node node, List list, Set set, AuthenticationRealm authenticationRealm) {
        super(node, list, set, authenticationRealm);
        Logger.log(Logger.DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, "ClientcertAuthenticationHandler.Initialised", this.realmName);
    }

    @Override // winstone.auth.BaseAuthenticationHandler
    protected void requestAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendError(401, BaseAuthenticationHandler.AUTH_RESOURCES.getString("ClientcertAuthenticationHandler.UnauthorizedMessage"));
    }

    @Override // winstone.auth.BaseAuthenticationHandler
    protected boolean validatePossibleAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        AuthenticationPrincipal retrieveUser;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return true;
        }
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity();
            } catch (Throwable th) {
                z = true;
            }
        }
        if (z || (retrieveUser = this.realm.retrieveUser(x509CertificateArr[0].getSubjectDN().getName())) == null) {
            return true;
        }
        retrieveUser.setAuthType("CLIENT_CERT");
        if (httpServletRequest instanceof WinstoneRequest) {
            ((WinstoneRequest) httpServletRequest).setRemoteUser(retrieveUser);
            return true;
        }
        if (!(httpServletRequest instanceof HttpServletRequestWrapper)) {
            Logger.log(Logger.WARNING, BaseAuthenticationHandler.AUTH_RESOURCES, "ClientCertAuthenticationHandler.CantSetUser", httpServletRequest.getClass().getName());
            return true;
        }
        HttpServletRequestWrapper httpServletRequestWrapper = (HttpServletRequestWrapper) httpServletRequest;
        if (httpServletRequestWrapper.getRequest() instanceof WinstoneRequest) {
            ((WinstoneRequest) httpServletRequestWrapper.getRequest()).setRemoteUser(retrieveUser);
            return true;
        }
        Logger.log(Logger.WARNING, BaseAuthenticationHandler.AUTH_RESOURCES, "ClientCertAuthenticationHandler.CantSetUser", httpServletRequestWrapper.getRequest().getClass().getName());
        return true;
    }
}
