package org.apache.catalina.authenticator;

import com.iplanet.ias.web.connector.nsapi.NSAPICertificatesValve;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.deploy.LoginConfig;

/* loaded from: input_file:120982-02/SUNWproxy/reloc/bin/proxy/jar/webserv-rt.jar:org/apache/catalina/authenticator/SSLAuthenticator.class */
public class SSLAuthenticator extends AuthenticatorBase {
    private static final String info = "org.apache.catalina.authenticator.SSLAuthenticator/1.0";

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        Principal userPrincipal = ((HttpServletRequest) httpRequest.getRequest()).getUserPrincipal();
        if (userPrincipal != null) {
            if (this.debug < 1) {
                return true;
            }
            log(new StringBuffer().append("Already authenticated '").append(userPrincipal.getName()).append("'").toString());
            return true;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        if (this.debug >= 1) {
            log(" Looking up certificates");
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpRequest.getRequest().getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null) {
            x509CertificateArr = NSAPICertificatesValve.getCertificates(httpRequest.getConnector(), true);
            httpRequest.getRequest().setAttribute("javax.servlet.request.X509Certificate", x509CertificateArr);
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            if (this.debug >= 1) {
                log("  No certificates included with this request");
            }
            httpServletResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return false;
        }
        Principal authenticate = this.context.getRealm().authenticate(x509CertificateArr);
        if (authenticate != null) {
            register(httpRequest, httpResponse, authenticate, Constants.CERT_METHOD, null, null);
            return true;
        }
        if (this.debug >= 1) {
            log("  Realm.authenticate() returned false");
        }
        httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        super.start();
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        super.stop();
    }
}
