package org.jboss.web.tomcat.security.jaspi.modules;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.StringManager;
import org.apache.coyote.ActionCode;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/jboss/web/tomcat/security/jaspi/modules/HTTPClientCertServerAuthModule.class */
public class HTTPClientCertServerAuthModule extends TomcatServerAuthModule {
    protected Context context;
    protected boolean cache = false;
    private String delgatingLoginContextName;
    public static final String CERTIFICATES_ATTR = "javax.servlet.request.X509Certificate";
    private static Logger log = Logger.getLogger(HTTPClientCertServerAuthModule.class);
    protected static final StringManager sm = StringManager.getManager("org.apache.catalina.authenticator");

    public HTTPClientCertServerAuthModule() {
    }

    public HTTPClientCertServerAuthModule(String str) {
        this.delgatingLoginContextName = str;
    }

    @Override // org.jboss.web.tomcat.security.jaspi.modules.TomcatServerAuthModule
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        throw new RuntimeException("Not Applicable");
    }

    @Override // org.jboss.web.tomcat.security.jaspi.modules.TomcatServerAuthModule
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        Request request = (Request) messageInfo.getRequestMessage();
        Response response = (Response) messageInfo.getResponseMessage();
        this.context = request.getContext();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) request.getAttribute(CERTIFICATES_ATTR);
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            request.getCoyoteRequest().action(ActionCode.ACTION_REQ_SSL_CERTIFICATE, (Object) null);
            x509CertificateArr = (X509Certificate[]) request.getAttribute(CERTIFICATES_ATTR);
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            log.debug("  No certificates included with this request");
            try {
                response.sendError(401, sm.getString("authenticator.certificates"));
            } catch (IOException e) {
                log.error(e.getLocalizedMessage(), e);
            }
            return AuthStatus.FAILURE;
        }
        Principal authenticate = this.context.getRealm().authenticate(x509CertificateArr);
        if (authenticate != null) {
            registerWithCallbackHandler(authenticate, authenticate.getName(), null);
            return AuthStatus.SUCCESS;
        }
        log.debug("  Realm.authenticate() returned false");
        try {
            response.sendError(401, sm.getString("authenticator.unauthorized"));
        } catch (IOException e2) {
            log.error(e2.getLocalizedMessage(), e2);
        }
        return AuthStatus.FAILURE;
    }
}
