package org.eclipse.jetty.security.jaspi.modules;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.util.security.Password;

@Deprecated
/* loaded from: input_file:gwt-2.10.0/gwt-dev.jar:org/eclipse/jetty/security/jaspi/modules/ClientCertAuthModule.class */
public class ClientCertAuthModule extends BaseAuthModule {
    public ClientCertAuthModule() {
    }

    public ClientCertAuthModule(CallbackHandler callbackHandler) {
        super(callbackHandler);
    }

    @Override // org.eclipse.jetty.security.jaspi.modules.BaseAuthModule
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(SecureRequestCustomizer.JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE);
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length != 0 && x509CertificateArr[0] != null) {
                    Principal subjectDN = x509CertificateArr[0].getSubjectDN();
                    if (subjectDN == null) {
                        subjectDN = x509CertificateArr[0].getIssuerDN();
                    }
                    if (!login(subject, subjectDN == null ? "clientcert" : subjectDN.getName(), new Password(Base64.getEncoder().encodeToString(x509CertificateArr[0].getSignature())), "CLIENT_CERT", messageInfo) && isMandatory(messageInfo)) {
                        httpServletResponse.sendError(403, "The provided client certificate does not correspond to a trusted user.");
                        return AuthStatus.SEND_FAILURE;
                    }
                    return AuthStatus.SUCCESS;
                }
            } catch (IOException e) {
                throw new AuthException(e.getMessage());
            } catch (UnsupportedCallbackException e2) {
                throw new AuthException(e2.getMessage());
            }
        }
        httpServletResponse.sendError(403, "A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate).");
        return AuthStatus.SEND_FAILURE;
    }
}
