package com.sun.server.http.security;

import com.sun.server.https.HttpsService;
import com.sun.server.realm.AuthenticationException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.realm.certificate.CertificateRealm;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.security.x509.X509Cert;

/* loaded from: input_file:com/sun/server/http/security/SSLAuthentication.class */
public class SSLAuthentication extends HttpAuthenticator {
    public SSLAuthentication(Realm realm) {
        super(realm, "SSL");
    }

    @Override // com.sun.server.http.security.HttpAuthenticator
    public Principal getAuthenticatedPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        if (!httpServletRequest.getScheme().equals("https")) {
            httpServletResponse.sendError(500);
            throw new AuthenticationException(failureString("Scheme used is not https"));
        }
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(HttpsService.keyPeerCertificates);
            if (x509CertificateArr == null) {
                throw new AuthenticationException(failureString("Cannot get peer certificates"));
            }
            X509Cert x509Cert = new X509Cert(x509CertificateArr[0].getEncoded());
            Realm realm = getRealm();
            if (realm instanceof CertificateRealm) {
                return ((CertificateRealm) realm).getUser(x509Cert);
            }
            throw new AuthenticationException(failureString("Realm is not an instance of CertificateRealm"));
        } catch (NoSuchUserException e) {
            e.printStackTrace();
            sendError(httpServletRequest, httpServletResponse);
            throw new AuthenticationException(failureString("Invalid user"));
        } catch (Exception e2) {
            e2.printStackTrace();
            sendError(httpServletRequest, httpServletResponse);
            throw new AuthenticationException(failureString(e2.getMessage()));
        }
    }

    @Override // com.sun.server.http.security.HttpAuthenticator
    protected void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(403);
    }
}
