package org.eclipse.jetty.security.authentication;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.k;
import org.eclipse.jetty.security.o;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;

/* compiled from: ClientCertAuthenticator.java */
/* loaded from: classes7.dex */
public class b extends LoginAuthenticator {
    private static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";

    /* renamed from: a, reason: collision with root package name */
    private transient org.eclipse.jetty.util.security.e f9721a;
    private boolean uh;
    private String vp;
    private String vq;
    private String vs;
    private String vt;
    private String vr = "JKS";
    private int agm = -1;
    private boolean ui = false;
    private boolean uj = false;

    protected KeyStore a(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        return org.eclipse.jetty.util.security.b.a(inputStream, str, str2, str3, str4);
    }

    protected Collection<? extends CRL> c(String str) throws Exception {
        return org.eclipse.jetty.util.security.b.c(str);
    }

    public void cF(boolean z) {
        this.uh = z;
    }

    public void cG(boolean z) {
        this.ui = z;
    }

    public void cH(boolean z) {
        this.uj = z;
    }

    public void ef(String str) {
        this.vp = str;
    }

    public void eg(String str) {
        this.vq = str;
    }

    public void eh(String str) {
        this.vr = str;
    }

    public void ei(String str) {
        this.f9721a = org.eclipse.jetty.util.security.e.a("org.eclipse.jetty.ssl.password", str, null);
    }

    public void ej(String str) {
        this.vs = str;
    }

    public void ek(String str) {
        this.vt = str;
    }

    public void fq(int i) {
        this.agm = i;
    }

    public String gA() {
        return this.vr;
    }

    public String gB() {
        return this.vs;
    }

    public String gC() {
        return this.vt;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return "CLIENT_CERT";
    }

    public String gy() {
        return this.vp;
    }

    public String gz() {
        return this.vq;
    }

    public int jA() {
        return this.agm;
    }

    public boolean kP() {
        return this.uh;
    }

    public boolean kQ() {
        return this.ui;
    }

    public boolean kR() {
        return this.uj;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws k {
        return true;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws k {
        if (!z) {
            return new c(this);
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) servletRequest).getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    if (this.uh) {
                        new org.eclipse.jetty.util.security.c(a(null, this.vp, this.vr, this.vq, this.f9721a != null ? this.f9721a.toString() : null), c(this.vs)).a(x509CertificateArr);
                    }
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null) {
                            Principal subjectDN = x509Certificate.getSubjectDN();
                            if (subjectDN == null) {
                                subjectDN = x509Certificate.getIssuerDN();
                            }
                            UserIdentity login = login(subjectDN == null ? "clientcert" : subjectDN.getName(), org.eclipse.jetty.util.d.encode(x509Certificate.getSignature()), servletRequest);
                            if (login != null) {
                                return new o(getAuthMethod(), login);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                throw new k(e.getMessage());
            }
        }
        if (c.a(httpServletResponse)) {
            return Authentication.UNAUTHENTICATED;
        }
        httpServletResponse.sendError(403);
        return Authentication.SEND_FAILURE;
    }
}
