package io.undertow.security.impl;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.X509CertificateCredential;
import io.undertow.server.HttpServerExchange;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:io/undertow/security/impl/ClientCertAuthenticationMechanism.class */
public class ClientCertAuthenticationMechanism implements AuthenticationMechanism {
    private final String name;

    public ClientCertAuthenticationMechanism() {
        this("CLIENT-CERT");
    }

    public ClientCertAuthenticationMechanism(String str) {
        this.name = str;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public String getName() {
        return this.name;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        SSLSession sslSession = httpServerExchange.getConnection().getSslSession();
        if (sslSession != null) {
            try {
                Certificate[] peerCertificates = sslSession.getPeerCertificates();
                if (peerCertificates[0] instanceof X509Certificate) {
                    return runClientCert(securityContext, (X509Certificate) peerCertificates[0]);
                }
            } catch (SSLPeerUnverifiedException e) {
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome runClientCert(SecurityContext securityContext, X509Certificate x509Certificate) {
        Account verify = securityContext.getIdentityManager().verify(new X509CertificateCredential(x509Certificate));
        if (verify == null) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
        securityContext.authenticationComplete(verify, getName(), false);
        return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return new AuthenticationMechanism.ChallengeResult(false);
    }
}
