package org.apache.catalina.authenticator.jaspic.provider.modules;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.coyote.ActionCode;

/* loaded from: input_file:org/apache/catalina/authenticator/jaspic/provider/modules/SSLAuthModule.class */
public class SSLAuthModule extends TomcatAuthModule {
    public SSLAuthModule(Context context) {
        super(context);
    }

    @Override // org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule
    public void initializeModule(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map<String, String> map) throws AuthException {
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        if (!isMandatory(messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        Request request = (Request) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        try {
            X509Certificate[] requestCertificates = getRequestCertificates(request);
            if (requestCertificates == null || requestCertificates.length < 1) {
                httpServletResponse.sendError(WebdavStatus.SC_UNAUTHORIZED, sm.getString("authenticator.certificates"));
                return AuthStatus.FAILURE;
            }
            Principal authenticate = this.context.getRealm().authenticate(requestCertificates);
            if (authenticate == null) {
                httpServletResponse.sendError(WebdavStatus.SC_UNAUTHORIZED, sm.getString("authenticator.unauthorized"));
                return AuthStatus.FAILURE;
            }
            handlePrincipalCallbacks(subject, authenticate);
            return AuthStatus.SUCCESS;
        } catch (Exception e) {
            throw new AuthException(e.getMessage());
        }
    }

    protected X509Certificate[] getRequestCertificates(Request request) throws IllegalStateException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            try {
                request.getCoyoteRequest().action(ActionCode.REQ_SSL_CERTIFICATE, (Object) null);
                x509CertificateArr = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
            } catch (IllegalStateException e) {
            }
        }
        return x509CertificateArr;
    }
}
