package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.webcontainer.security.AuthResult;
import com.ibm.ws.webcontainer.security.AuthenticationResult;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.WebAuthenticator;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.metadata.LoginConfigurationImpl;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/webcontainer/security/internal/CertificateLoginAuthenticator.class */
public class CertificateLoginAuthenticator implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(CertificateLoginAuthenticator.class);
    private AuthenticationService authenticationService;
    private SSOCookieHelper ssoCookieHelper;
    public static final String PEER_CERTIFICATES = "javax.net.ssl.peer_certificates";
    static final long serialVersionUID = -2325844543998989967L;

    public CertificateLoginAuthenticator(AuthenticationService authenticationService, SSOCookieHelper sSOCookieHelper) {
        this.authenticationService = null;
        this.ssoCookieHelper = null;
        this.authenticationService = authenticationService;
        this.ssoCookieHelper = sSOCookieHelper;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(WebRequest webRequest) {
        return authenticate(webRequest.getHttpServletRequest(), webRequest.getHttpServletResponse(), null);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    @FFDCIgnore({AuthenticationException.class})
    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) {
        AuthenticationResult authenticationResult;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(PEER_CERTIFICATES);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The CLIENT-CERT authentication failed because no client certificate was found.", new Object[0]);
            }
            AuthenticationResult authenticationResult2 = new AuthenticationResult(AuthResult.FAILURE, "The CLIENT-CERT authentication failed because no client certificate was found.");
            authenticationResult2.setAuditCredType(LoginConfigurationImpl.CLIENT_CERT_AUTH_METHOD);
            authenticationResult2.setAuditCredValue("UNAUTHORIZED");
            authenticationResult2.setAuditOutcome("failure");
            return authenticationResult2;
        }
        try {
            WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
            wSAuthenticationData.set("HTTP_SERVLET_REQUEST", httpServletRequest);
            wSAuthenticationData.set("HTTP_SERVLET_RESPONSE", httpServletResponse);
            wSAuthenticationData.set("CERTCHAIN", x509CertificateArr);
            authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, this.authenticationService.authenticate("system.WEB_INBOUND", wSAuthenticationData, (Subject) null), LoginConfigurationImpl.CLIENT_CERT_AUTH_METHOD, x509CertificateArr[0].getSubjectX500Principal().getName(), "success");
        } catch (AuthenticationException e) {
            authenticationResult = new AuthenticationResult(AuthResult.FAILURE, e.getMessage(), LoginConfigurationImpl.CLIENT_CERT_AUTH_METHOD, x509CertificateArr[0].getSubjectX500Principal().getName(), "denied");
        }
        authenticationResult.certdn = x509CertificateArr[0].getSubjectX500Principal().getName();
        if (authenticationResult.getStatus() == AuthResult.SUCCESS) {
            this.ssoCookieHelper.addSSOCookiesToResponse(authenticationResult.getSubject(), httpServletRequest, httpServletResponse);
        }
        return authenticationResult;
    }
}
