package org.picketbox.http.authentication;

import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketbox.core.Credential;
import org.picketbox.core.authentication.credential.CertificateCredential;
import org.picketbox.core.authentication.credential.UsernamePasswordCredential;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.util.Base64;

/* loaded from: input_file:org/picketbox/http/authentication/HTTPClientCertAuthentication.class */
public class HTTPClientCertAuthentication extends AbstractHTTPAuthentication {
    protected boolean useCertificateValidation = false;

    public void setUseCertificateValidation(boolean z) {
        this.useCertificateValidation = z;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected boolean isAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute("javax.servlet.request.X509Certificate") != null;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected Credential getAuthenticationCallbackHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null) {
            return null;
        }
        if (this.useCertificateValidation) {
            return new CertificateCredential(x509CertificateArr);
        }
        if (0 >= x509CertificateArr.length) {
            return null;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        Principal subjectDN = x509Certificate.getSubjectDN();
        if (subjectDN == null) {
            subjectDN = x509Certificate.getIssuerDN();
        }
        if (subjectDN == null) {
            return null;
        }
        return new UsernamePasswordCredential(subjectDN.getName(), Base64.encodeBytes(x509Certificate.getSignature()));
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
    }
}
