package org.jboss.as.domain.http.server.security;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import org.jboss.as.domain.http.server.Constants;
import org.jboss.as.domain.http.server.HttpServerLogger;
import org.jboss.as.domain.management.AuthenticationMechanism;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.com.sun.net.httpserver.Authenticator;
import org.jboss.com.sun.net.httpserver.HttpExchange;
import org.jboss.com.sun.net.httpserver.HttpPrincipal;
import org.jboss.com.sun.net.httpserver.HttpsExchange;

/* loaded from: input_file:org/jboss/as/domain/http/server/security/ClientCertAuthenticator.class */
public class ClientCertAuthenticator extends Authenticator {
    private final SecurityRealm securityRealm;
    private final String realm;

    public ClientCertAuthenticator(SecurityRealm securityRealm) {
        this.securityRealm = securityRealm;
        this.realm = securityRealm.getName();
    }

    public Authenticator.Result authenticate(HttpExchange httpExchange) {
        SSLSession sSLSession;
        Subject subject = (Subject) httpExchange.getAttribute(Subject.class.getName(), HttpExchange.AttributeScope.CONNECTION);
        if (subject != null) {
            Set principals = subject.getPrincipals(HttpPrincipal.class);
            if (principals.size() > 0) {
                return new Authenticator.Success((HttpPrincipal) principals.iterator().next());
            }
        }
        Authenticator.Success success = null;
        if ((httpExchange instanceof HttpsExchange) && (sSLSession = ((HttpsExchange) httpExchange).getSSLSession()) != null) {
            try {
                success = new Authenticator.Success(new HttpPrincipal(sSLSession.getPeerPrincipal().getName(), this.realm));
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        if (success == null) {
            success = new Authenticator.Failure(Constants.FORBIDDEN);
        } else if (success instanceof Authenticator.Success) {
            HttpPrincipal principal = success.getPrincipal();
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(principal);
                httpExchange.setAttribute(Subject.class.getName(), this.securityRealm.getAuthorizingCallbackHandler(AuthenticationMechanism.CLIENT_CERT).createSubjectUserInfo(hashSet).getSubject(), HttpExchange.AttributeScope.CONNECTION);
            } catch (IOException e2) {
                HttpServerLogger.ROOT_LOGGER.debug("Unable to create SubjectUserInfo", e2);
                success = new Authenticator.Failure(Constants.INTERNAL_SERVER_ERROR);
            }
        }
        return success;
    }
}
