package org.picketbox.http.authentication;

import java.io.IOException;
import java.io.StringReader;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketbox.core.PicketBoxPrincipal;
import org.picketbox.core.authentication.AuthenticationInfo;
import org.picketbox.core.config.ClientCertConfiguration;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.http.PicketBoxConstants;
import org.picketbox.http.config.HTTPAuthenticationConfiguration;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.X509CertificateCredentials;

/* loaded from: input_file:org/picketbox/http/authentication/HTTPClientCertAuthentication.class */
public class HTTPClientCertAuthentication extends AbstractHTTPAuthentication {
    protected boolean useCertificateValidation = false;
    private boolean useCNAsPrincipal = true;

    public List<AuthenticationInfo> getAuthenticationInfo() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthenticationInfo("HTTP CLIENT-CERT Authentication Credential", "Authenticates users using the HTTP CLIENT-CERT Authentication scheme.", HTTPClientCertCredential.class));
        return arrayList;
    }

    public void setUseCertificateValidation(boolean z) {
        this.useCertificateValidation = z;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected boolean isAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(PicketBoxConstants.HTTP_CERTIFICATE) != null;
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    /* renamed from: doHTTPAuthentication */
    protected Principal mo5doHTTPAuthentication(HttpServletCredential httpServletCredential) {
        HTTPClientCertCredential hTTPClientCertCredential = (HTTPClientCertCredential) httpServletCredential;
        if (hTTPClientCertCredential.getCredential() == null) {
            return null;
        }
        X509CertificateCredentials credential = hTTPClientCertCredential.getCredential();
        String name = getCertificatePrincipal(credential.getCertificate().getValue()).getName();
        if (isUseCNAsPrincipal()) {
            Properties properties = new Properties();
            try {
                properties.load(new StringReader(name.replaceAll(",", "\n")));
            } catch (IOException e) {
                e.printStackTrace();
            }
            name = properties.getProperty("CN");
        }
        if (getIdentityManager().getUser(name) == null) {
            return null;
        }
        if (isUseCertificateValidation()) {
            getIdentityManager().validateCredentials(credential);
            if (!credential.getStatus().equals(Credentials.Status.VALID)) {
                return null;
            }
        }
        return new PicketBoxPrincipal(name);
    }

    @Override // org.picketbox.http.authentication.AbstractHTTPAuthentication
    protected void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
    }

    private Principal getCertificatePrincipal(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate.getSubjectDN();
        if (subjectDN == null) {
            subjectDN = x509Certificate.getIssuerDN();
        }
        return subjectDN;
    }

    public boolean isUseCertificateValidation() {
        ClientCertConfiguration clientCertAuthenticationConfig = getClientCertAuthenticationConfig();
        if (clientCertAuthenticationConfig != null) {
            this.useCertificateValidation = clientCertAuthenticationConfig.isUseCertificateValidation();
        }
        return this.useCertificateValidation;
    }

    private ClientCertConfiguration getClientCertAuthenticationConfig() {
        HTTPAuthenticationConfiguration authenticationConfig = getAuthenticationConfig();
        if (authenticationConfig != null) {
            return authenticationConfig.getCertConfiguration();
        }
        return null;
    }

    public boolean isUseCNAsPrincipal() {
        ClientCertConfiguration clientCertAuthenticationConfig = getClientCertAuthenticationConfig();
        if (clientCertAuthenticationConfig != null) {
            this.useCNAsPrincipal = clientCertAuthenticationConfig.isUseCNAsPrincipal();
        }
        return this.useCNAsPrincipal;
    }
}
