package org.eclipse.jetty.security.authentication;

import g.a.p;
import g.a.t;
import g.a.y.a;
import g.a.y.c;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;

/* loaded from: classes2.dex */
public class ClientCertAuthenticator extends LoginAuthenticator {

    /* renamed from: d, reason: collision with root package name */
    public String f8882d;

    /* renamed from: e, reason: collision with root package name */
    public String f8883e;

    /* renamed from: f, reason: collision with root package name */
    public String f8884f = "JKS";

    /* renamed from: g, reason: collision with root package name */
    public transient Password f8885g;

    /* renamed from: h, reason: collision with root package name */
    public boolean f8886h;

    /* renamed from: i, reason: collision with root package name */
    public String f8887i;

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication a(p pVar, t tVar, boolean z) throws ServerAuthException {
        if (!z) {
            return new DeferredAuthentication(this);
        }
        c cVar = (c) tVar;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((a) pVar).getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    if (this.f8886h) {
                        String str = this.f8882d;
                        String str2 = this.f8884f;
                        String str3 = this.f8883e;
                        Password password = this.f8885g;
                        new CertificateValidator(g(null, str, str2, str3, password == null ? null : password.toString()), h(this.f8887i)).f(x509CertificateArr);
                    }
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null) {
                            Principal subjectDN = x509Certificate.getSubjectDN();
                            if (subjectDN == null) {
                                subjectDN = x509Certificate.getIssuerDN();
                            }
                            UserIdentity e2 = e(subjectDN == null ? "clientcert" : subjectDN.getName(), B64Code.f(x509Certificate.getSignature()), pVar);
                            if (e2 != null) {
                                return new UserAuthentication(getAuthMethod(), e2);
                            }
                        }
                    }
                }
            } catch (Exception e3) {
                throw new ServerAuthException(e3.getMessage());
            }
        }
        if (DeferredAuthentication.c(cVar)) {
            return Authentication.I;
        }
        cVar.d(403);
        return Authentication.L;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean c(p pVar, t tVar, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }

    public KeyStore g(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        return CertificateUtils.a(inputStream, str, str2, str3, str4);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return Constraint.__CERT_AUTH;
    }

    public Collection<? extends CRL> h(String str) throws Exception {
        return CertificateUtils.b(str);
    }
}
