package org.jboss.as.domain.http.server.security;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.RenegotiationRequiredException;
import io.undertow.server.SSLSessionInfo;
import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.jboss.as.domain.http.server.logging.HttpServerLogger;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.SecurityRealm;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-http-interface/main/wildfly-domain-http-interface-2.2.0.Final.jar:org/jboss/as/domain/http/server/security/RealmReadinessHandler.class */
abstract class RealmReadinessHandler implements HttpHandler {
    private final SecurityRealm securityRealm;
    private final HttpHandler next;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RealmReadinessHandler(SecurityRealm securityRealm, HttpHandler httpHandler) {
        this.securityRealm = securityRealm;
        this.next = httpHandler;
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (this.securityRealm == null || this.securityRealm.isReadyForHttpChallenge() || clientCertPotentiallyPossible(httpServerExchange)) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        try {
            rejectRequest(httpServerExchange);
        } catch (IOException e) {
            HttpServerLogger.ROOT_LOGGER.error(e);
            httpServerExchange.setResponseCode(500);
            httpServerExchange.endExchange();
        }
    }

    private boolean clientCertPotentiallyPossible(HttpServerExchange httpServerExchange) {
        SSLSessionInfo sslSessionInfo;
        if (!this.securityRealm.getSupportedAuthenticationMechanisms().contains(AuthMechanism.CLIENT_CERT) || (sslSessionInfo = httpServerExchange.getConnection().getSslSessionInfo()) == null) {
            return false;
        }
        try {
            return sslSessionInfo.getPeerCertificates()[0] instanceof X509Certificate;
        } catch (RenegotiationRequiredException e) {
            return false;
        } catch (SSLPeerUnverifiedException e2) {
            return false;
        }
    }

    abstract void rejectRequest(HttpServerExchange httpServerExchange) throws Exception;
}
