package org.eclipse.jetty.security.authentication;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Password;

/* loaded from: classes5.dex */
public class ClientCertAuthenticator extends LoginAuthenticator {
    private static final String cZi = "org.eclipse.jetty.ssl.password";
    private String cZj;
    private String cZk;
    private transient Password cZm;
    private boolean cZn;
    private String cZo;
    private String cZs;
    private String cZl = "JKS";
    private int cZp = -1;
    private boolean cZq = false;
    private boolean cZr = false;

    protected KeyStore a(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        return CertificateUtils.a(inputStream, str, str2, str3, str4);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication a(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        if (!z) {
            return new DeferredAuthentication(this);
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) servletRequest).getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    if (this.cZn) {
                        new CertificateValidator(a(null, this.cZj, this.cZl, this.cZk, this.cZm == null ? null : this.cZm.toString()), ll(this.cZo)).a(x509CertificateArr);
                    }
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null) {
                            Principal subjectDN = x509Certificate.getSubjectDN();
                            if (subjectDN == null) {
                                subjectDN = x509Certificate.getIssuerDN();
                            }
                            UserIdentity b = b(subjectDN == null ? "clientcert" : subjectDN.getName(), B64Code.R(x509Certificate.getSignature()), servletRequest);
                            if (b != null) {
                                return new UserAuthentication(anC(), b);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                throw new ServerAuthException(e.getMessage());
            }
        }
        if (DeferredAuthentication.b(httpServletResponse)) {
            return Authentication.dbK;
        }
        httpServletResponse.lV(403);
        return Authentication.dbN;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean a(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }

    public String akj() {
        return this.cZl;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String anC() {
        return "CLIENT_CERT";
    }

    public boolean aok() {
        return this.cZn;
    }

    public String aol() {
        return this.cZj;
    }

    public String aom() {
        return this.cZk;
    }

    public String aon() {
        return this.cZo;
    }

    public int aoo() {
        return this.cZp;
    }

    public boolean aop() {
        return this.cZq;
    }

    public boolean aoq() {
        return this.cZr;
    }

    public String aor() {
        return this.cZs;
    }

    public void fh(boolean z) {
        this.cZn = z;
    }

    public void fi(boolean z) {
        this.cZq = z;
    }

    public void fj(boolean z) {
        this.cZr = z;
    }

    public void kn(String str) {
        this.cZm = Password.z("org.eclipse.jetty.ssl.password", str, null);
    }

    public void kp(String str) {
        this.cZl = str;
    }

    protected Collection<? extends CRL> ll(String str) throws Exception {
        return CertificateUtils.ll(str);
    }

    public void lm(String str) {
        this.cZj = str;
    }

    public void ln(String str) {
        this.cZk = str;
    }

    public void lo(String str) {
        this.cZo = str;
    }

    public void lp(String str) {
        this.cZs = str;
    }

    public void mX(int i) {
        this.cZp = i;
    }
}
