package org.xdi.tomcat7;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.authenticator.SSLAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;

/* loaded from: input_file:org/xdi/tomcat7/WantSslAuthenticator.class */
public class WantSslAuthenticator extends SSLAuthenticator {
    private String infoStr;

    public WantSslAuthenticator() {
        this.infoStr = null;
        this.infoStr = getClass().getName();
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, false)) {
            return true;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(" Looking up certificates");
        }
        X509Certificate[] requestCertificates = getRequestCertificates(request);
        if ((requestCertificates == null || requestCertificates.length < 1) && this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(" There is no user certificate");
        }
        Principal authenticate = this.context.getRealm().authenticate(requestCertificates);
        if (authenticate != null) {
            register(request, httpServletResponse, authenticate, "CLIENT_CERT", null, null);
            return true;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("  Realm.authenticate() returned false");
        }
        httpServletResponse.sendError(401, sm.getString("authenticator.unauthorized"));
        return false;
    }

    public String getInfo() {
        return this.infoStr;
    }
}
