package com.sun.web.security;

import java.io.IOException;
import java.net.Socket;
import java.security.cert.X509Certificate;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSocket;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.core.HttpServletRequestFacade;
import org.apache.tomcat.service.http.HttpRequestAdapter;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sun/web/security/MutualAuthentication.class */
public class MutualAuthentication extends HttpAuthenticator implements HandshakeCompletedListener {
    private static final String REALM_NAME = "certificate";
    private static final boolean debug = false;
    private boolean rehandshake;

    public MutualAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(httpServletRequest, httpServletResponse);
        this.rehandshake = false;
        setRealm(REALM_NAME);
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public boolean authenticate() throws IOException {
        while (this.rehandshake) {
            try {
                Thread.sleep(1000L);
            } catch (InterruptedException unused) {
            }
        }
        SecurityInterceptor.setSSLAttributes(getRequest());
        if (getSocket() == null) {
            return false;
        }
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) getRequest().getAttribute(Constants.X509CERT_CHAIN);
            if (x509CertificateArr.length <= 0) {
                return false;
            }
            try {
                return authenticate(getPrincipalName(x509CertificateArr[0]), REALM_NAME, x509CertificateArr[0].getEncoded());
            } catch (Exception unused2) {
                return false;
            }
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    private String getPrincipalName(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf("CN=") + 3;
        return name.substring(indexOf, name.indexOf(",", indexOf)).trim();
    }

    private SSLSocket getSocket() {
        Socket socket = ((HttpRequestAdapter) ((HttpServletRequestFacade) getRequest()).getRealRequest().getRequestAdapter()).getSocket();
        if (socket instanceof SSLSocket) {
            return (SSLSocket) socket;
        }
        return null;
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        handshakeCompletedEvent.getSocket().removeHandshakeCompletedListener(this);
        this.rehandshake = false;
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public void init() throws IOException {
        try {
            getRequest();
            getResponse();
            SSLSocket socket = getSocket();
            if (socket != null) {
                socket.setNeedClientAuth(true);
                socket.addHandshakeCompletedListener(this);
                this.rehandshake = true;
                socket.startHandshake();
                socket.getOutputStream().flush();
            }
        } catch (Exception unused) {
        }
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public void sendError() throws IOException {
        HttpServletResponse response = getResponse();
        response.sendError(403);
        response.setStatus(403);
    }
}
