package com.thetransactioncompany.jsonrpc2.server.accessfilter;

import com.thetransactioncompany.jsonrpc2.JSONRPC2Request;
import com.thetransactioncompany.jsonrpc2.server.MessageContext;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPException;
import java.security.Principal;

/* loaded from: input_file:com/thetransactioncompany/jsonrpc2/server/accessfilter/X509ClientCertFilter.class */
public class X509ClientCertFilter implements AccessFilter {
    private boolean requireCert;
    private DN certPrincipal;

    public void init(boolean z, DN dn) {
        this.requireCert = z;
        this.certPrincipal = dn;
    }

    public boolean requiresCertificate() {
        return this.requireCert;
    }

    public DN getCertificatePrincipal() {
        return this.certPrincipal;
    }

    @Override // com.thetransactioncompany.jsonrpc2.server.accessfilter.AccessFilter
    public AccessFilterResult filter(JSONRPC2Request jSONRPC2Request, MessageContext messageContext) {
        String name;
        if (!this.requireCert) {
            return AccessFilterResult.ACCESS_ALLOWED;
        }
        if (this.requireCert && messageContext.getPrincipal() == null) {
            return new AccessFilterResult(AccessDeniedError.CLIENT_CERT_REQUIRED);
        }
        if (this.requireCert && this.certPrincipal == null && messageContext.getPrincipal() != null) {
            return AccessFilterResult.ACCESS_ALLOWED;
        }
        if (this.requireCert && this.certPrincipal != null) {
            for (Principal principal : messageContext.getPrincipals()) {
                if (principal != null && (name = principal.getName()) != null) {
                    try {
                        if (new DN(name).equals(this.certPrincipal)) {
                            return AccessFilterResult.ACCESS_ALLOWED;
                        }
                    } catch (LDAPException e) {
                        return new AccessFilterResult(AccessDeniedError.INVALID_CLIENT_PRINCIPAL_DN);
                    }
                }
            }
        }
        return new AccessFilterResult(AccessDeniedError.CLIENT_PRINCIPAL_DENIED);
    }
}
