package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.bcel.Constants;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.app_1.0.1.jar:com/ibm/ws/webcontainer/security/internal/CertificateLoginAuthenticator.class
 */
@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.admin_1.0.1.jar:com/ibm/ws/webcontainer/security/internal/CertificateLoginAuthenticator.class */
public class CertificateLoginAuthenticator implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(CertificateLoginAuthenticator.class);
    private AuthenticationService authenticationService;
    private SSOCookieHelper ssoCookieHelper;
    static final String PEER_CERTIFICATES = "javax.net.ssl.peer_certificates";
    static final long serialVersionUID = -147972814282110026L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public CertificateLoginAuthenticator(AuthenticationService authenticationService, SSOCookieHelper sSOCookieHelper) {
        this.authenticationService = null;
        this.ssoCookieHelper = null;
        this.authenticationService = authenticationService;
        this.ssoCookieHelper = sSOCookieHelper;
    }

    @Override // com.ibm.ws.webcontainer.security.internal.WebAuthenticator
    @FFDCIgnore({AuthenticationException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AuthenticationResult authenticate(WebRequest webRequest) {
        AuthenticationResult authenticationResult;
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = webRequest.getHttpServletResponse();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) webRequest.getHttpServletRequest().getAttribute(PEER_CERTIFICATES);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The CLIENT-CERT authentication failed because no client certificate was found.", new Object[0]);
            }
            return new AuthenticationResult(AuthResult.FAILURE, "The CLIENT-CERT authentication failed because no client certificate was found.");
        }
        try {
            WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
            wSAuthenticationData.set(AuthenticationData.CERTCHAIN, x509CertificateArr);
            authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, this.authenticationService.authenticate("system.WEB_INBOUND", wSAuthenticationData, (Subject) null));
        } catch (AuthenticationException e) {
            authenticationResult = new AuthenticationResult(AuthResult.FAILURE, e.getMessage());
        }
        authenticationResult.certdn = x509CertificateArr[0].getSubjectX500Principal().getName();
        if (authenticationResult.getStatus() == AuthResult.SUCCESS) {
            this.ssoCookieHelper.addSSOCookiesToResponse(authenticationResult.getSubject(), httpServletRequest, httpServletResponse);
        }
        return authenticationResult;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
