package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/tomcat-embed-core-9.0.43.jar:org/apache/catalina/authenticator/SSLAuthenticator.class
 */
/* loaded from: input_file:BOOT-INF/lib/tomcat-catalina-8.5.41.jar:org/apache/catalina/authenticator/SSLAuthenticator.class */
public class SSLAuthenticator extends AuthenticatorBase {
    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, false)) {
            return true;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(" Looking up certificates");
        }
        X509Certificate[] requestCertificates = getRequestCertificates(request);
        if (requestCertificates == null || requestCertificates.length < 1) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("  No certificates included with this request");
            }
            httpServletResponse.sendError(401, sm.getString("authenticator.certificates"));
            return false;
        }
        Principal authenticate = this.context.getRealm().authenticate(requestCertificates);
        if (authenticate != null) {
            register(request, httpServletResponse, authenticate, "CLIENT_CERT", null, null);
            return true;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("  Realm.authenticate() returned false");
        }
        httpServletResponse.sendError(401, sm.getString("authenticator.unauthorized"));
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return "CLIENT_CERT";
    }
}
