package org.apache.shiro.web.filter.authc;

import java.security.cert.X509Certificate;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.x509.X509AuthenticationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/web/filter/authc/X509AuthenticationFilter.class */
public class X509AuthenticationFilter extends AuthenticatingFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(X509AuthenticationFilter.class);

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return executeLogin(servletRequest, servletResponse);
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
        LOGGER.info("X509AuthFilter.createToken() cert chain is {}", x509CertificateArr);
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new ShiroException("Request do not contain any X509Certificate");
        }
        return new X509AuthenticationToken(x509CertificateArr, getHost(servletRequest));
    }
}
