package org.infinispan.rest.embedded.netty4.security;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.ws.rs.core.SecurityContext;
import org.infinispan.rest.embedded.netty4.NettySecurityContext;
import org.jboss.resteasy.plugins.server.embedded.SecurityDomain;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;

/* loaded from: input_file:WEB-INF/classes/org/infinispan/rest/embedded/netty4/security/ClientCertAuthenticator.class */
public class ClientCertAuthenticator implements Authenticator {
    private final SecurityDomain domain;

    public ClientCertAuthenticator(SecurityDomain securityDomain) {
        this.domain = securityDomain;
    }

    @Override // org.infinispan.rest.embedded.netty4.security.Authenticator
    public SecurityContext authenticate(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        try {
            return new NettySecurityContext(((SslHandler) channelHandlerContext.pipeline().get(SslHandler.class)).engine().getSession().getPeerPrincipal(), this.domain, "ClientCert", true);
        } catch (SSLPeerUnverifiedException e) {
            httpResponse.sendError(401);
            return null;
        }
    }
}
