package org.eclipse.jetty.security.authentication;

import a9.l;
import b9.e;
import b9.u;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;

/* compiled from: ClientCertAuthenticator.java */
/* loaded from: classes.dex */
public class b extends e {

    /* renamed from: d, reason: collision with root package name */
    private String f15881d;

    /* renamed from: e, reason: collision with root package name */
    private String f15882e;

    /* renamed from: g, reason: collision with root package name */
    private transient Password f15884g;

    /* renamed from: h, reason: collision with root package name */
    private boolean f15885h;

    /* renamed from: i, reason: collision with root package name */
    private String f15886i;

    /* renamed from: f, reason: collision with root package name */
    private String f15883f = "JKS";

    /* renamed from: j, reason: collision with root package name */
    private int f15887j = -1;

    /* renamed from: k, reason: collision with root package name */
    private boolean f15888k = false;

    /* renamed from: l, reason: collision with root package name */
    private boolean f15889l = false;

    @Override // a9.a
    public boolean a(ServletRequest servletRequest, ServletResponse servletResponse, boolean z10, e.h hVar) throws ServerAuthException {
        return true;
    }

    @Override // a9.a
    public b9.e b(ServletRequest servletRequest, ServletResponse servletResponse, boolean z10) throws ServerAuthException {
        if (!z10) {
            return new c(this);
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) servletRequest).getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    if (this.f15885h) {
                        String str = this.f15881d;
                        String str2 = this.f15883f;
                        String str3 = this.f15882e;
                        Password password = this.f15884g;
                        new org.eclipse.jetty.util.security.b(g(null, str, str2, str3, password == null ? null : password.toString()), h(this.f15886i)).f(x509CertificateArr);
                    }
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null) {
                            Principal subjectDN = x509Certificate.getSubjectDN();
                            if (subjectDN == null) {
                                subjectDN = x509Certificate.getIssuerDN();
                            }
                            u e10 = e(subjectDN == null ? "clientcert" : subjectDN.getName(), org.eclipse.jetty.util.d.e(x509Certificate.getSignature()), servletRequest);
                            if (e10 != null) {
                                return new l(getAuthMethod(), e10);
                            }
                        }
                    }
                }
            } catch (Exception e11) {
                throw new ServerAuthException(e11.getMessage());
            }
        }
        if (c.e(httpServletResponse)) {
            return b9.e.f6888g;
        }
        httpServletResponse.sendError(403);
        return b9.e.f6891j;
    }

    protected KeyStore g(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        return org.eclipse.jetty.util.security.a.a(inputStream, str, str2, str3, str4);
    }

    @Override // a9.a
    public String getAuthMethod() {
        return Constraint.__CERT_AUTH;
    }

    protected Collection<? extends CRL> h(String str) throws Exception {
        return org.eclipse.jetty.util.security.a.b(str);
    }
}
