package io.undertow.security.impl;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.X509CertificateCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.SSLSessionInfo;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: input_file:io/undertow/security/impl/ClientCertAuthenticationMechanism.class */
public class ClientCertAuthenticationMechanism implements AuthenticationMechanism {
    private final String name;

    public ClientCertAuthenticationMechanism() {
        this("CLIENT-CERT");
    }

    public ClientCertAuthenticationMechanism(String str) {
        this.name = str;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        SSLSessionInfo sslSessionInfo = httpServerExchange.getConnection().getSslSessionInfo();
        if (sslSessionInfo != null) {
            try {
                Certificate[] peerCertificates = sslSessionInfo.getPeerCertificates();
                if (peerCertificates[0] instanceof X509Certificate) {
                    Account verify = securityContext.getIdentityManager().verify(new X509CertificateCredential((X509Certificate) peerCertificates[0]));
                    if (verify != null) {
                        securityContext.authenticationComplete(verify, this.name);
                        return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
                    }
                }
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return new AuthenticationMechanism.ChallengeResult(false);
    }
}
