package org.apache.catalina.authenticator;

import com.sun.enterprise.util.Utility;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.LogFacade;
import org.apache.catalina.deploy.LoginConfig;

/* loaded from: input_file:org/apache/catalina/authenticator/SSLAuthenticator.class */
public class SSLAuthenticator extends AuthenticatorBase {
    protected static final String info = "org.apache.catalina.authenticator.SSLAuthenticator/1.0";

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return "CLIENT_CERT";
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve, org.glassfish.web.valve.GlassFishValve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        Principal userPrincipal = ((HttpServletRequest) httpRequest.getRequest()).getUserPrincipal();
        if (userPrincipal != null) {
            if (this.debug < 1) {
                return true;
            }
            log(MessageFormat.format(rb.getString(LogFacade.PRINCIPAL_BEEN_AUTHENTICATED_INFO), userPrincipal.getName()));
            return true;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        if (this.debug >= 1) {
            log(rb.getString(LogFacade.LOOK_UP_CERTIFICATE_INFO));
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpRequest.getRequest().getAttribute("jakarta.servlet.request.X509Certificate");
        if (Utility.isEmpty((Object[]) x509CertificateArr)) {
            x509CertificateArr = (X509Certificate[]) httpRequest.getRequest().getAttribute("org.apache.coyote.request.X509Certificate");
        }
        if (Utility.isEmpty((Object[]) x509CertificateArr)) {
            if (this.debug >= 1) {
                log(rb.getString(LogFacade.NO_CERTIFICATE_INCLUDED_INFO));
            }
            httpServletResponse.sendError(400);
            httpResponse.setDetailMessage(rb.getString(LogFacade.NO_CLIENT_CERTIFICATE_CHAIN));
            return false;
        }
        Principal authenticate = this.context.getRealm().authenticate(httpRequest, x509CertificateArr);
        if (authenticate == null) {
            if (this.debug >= 1) {
                log("Realm.authenticate() returned false");
            }
            httpServletResponse.sendError(401);
            httpResponse.setDetailMessage(rb.getString(LogFacade.CANNOT_AUTHENTICATE_WITH_CREDENTIALS));
            return false;
        }
        register(httpRequest, httpResponse, authenticate, "CLIENT_CERT", null, null);
        if (((String) httpRequest.getNote(Constants.REQ_SSOID_NOTE)) == null) {
            return true;
        }
        getSession(httpRequest, true);
        return true;
    }
}
