package org.infinispan.rest.authentication.impl;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.ssl.SslHandler;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;
import org.infinispan.rest.NettyRestResponse;
import org.infinispan.rest.authentication.RestAuthenticator;
import org.infinispan.rest.framework.RestRequest;
import org.infinispan.rest.framework.RestResponse;

/* loaded from: input_file:org/infinispan/rest/authentication/impl/ClientCertAuthenticator.class */
public class ClientCertAuthenticator implements RestAuthenticator {
    @Override // org.infinispan.rest.authentication.RestAuthenticator
    public CompletionStage<RestResponse> challenge(RestRequest restRequest, ChannelHandlerContext channelHandlerContext) {
        try {
            SSLSession session = channelHandlerContext.pipeline().get(SslHandler.class).engine().getSession();
            Subject subject = new Subject();
            subject.getPrincipals().add(session.getPeerPrincipal());
            restRequest.setSubject(subject);
            return CompletableFuture.completedFuture(new NettyRestResponse.Builder().build());
        } catch (SSLPeerUnverifiedException e) {
            return CompletableFuture.completedFuture(new NettyRestResponse.Builder().status(HttpResponseStatus.UNAUTHORIZED).build());
        }
    }
}
