package org.apache.shiro.authc.x509;

import java.security.cert.CertificateEncodingException;
import org.apache.shiro.crypto.hash.Sha256Hash;

/* loaded from: input_file:org/apache/shiro/authc/x509/X509CredentialsSha256Matcher.class */
public class X509CredentialsSha256Matcher extends AbstractX509CredentialsMatcher {
    @Override // org.apache.shiro.authc.x509.AbstractX509CredentialsMatcher
    public boolean doX509CredentialsMatch(X509AuthenticationToken x509AuthenticationToken, X509AuthenticationInfo x509AuthenticationInfo) {
        try {
            String hex = new Sha256Hash(x509AuthenticationToken.getX509Certificate().getEncoded()).toHex();
            String hex2 = new Sha256Hash(x509AuthenticationInfo.getX509Certificate().getEncoded()).toHex();
            boolean equals = hex.equals(hex2);
            if (equals) {
                LOGGER.trace("Client certificate Sha256 hash match the one provided by the Realm, will return true");
            } else {
                LOGGER.trace("Client certificate Sha256 hash ({}) do not match the one provided by the Realm ({}), will return false", hex, hex2);
            }
            return equals;
        } catch (CertificateEncodingException e) {
            LOGGER.trace("Unable to do credentials matching", e);
            return false;
        }
    }
}
