package org.eclipse.jetty.security.authentication;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.servlet.q;
import javax.servlet.u;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.l;
import org.eclipse.jetty.server.d;
import org.eclipse.jetty.server.x;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;

/* loaded from: classes4.dex */
public class b extends e {
    private String a;
    private String d;
    private transient Password f;
    private boolean g;
    private String h;
    private String e = "JKS";
    private int i = -1;
    private boolean j = false;
    private boolean k = false;

    @Override // org.eclipse.jetty.security.a
    public String a() {
        return Constraint.__CERT_AUTH;
    }

    protected KeyStore a(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        return org.eclipse.jetty.util.security.a.a(inputStream, str, str2, str3, str4);
    }

    protected Collection<? extends CRL> a(String str) throws Exception {
        return org.eclipse.jetty.util.security.a.a(str);
    }

    @Override // org.eclipse.jetty.security.a
    public org.eclipse.jetty.server.d a(q qVar, u uVar, boolean z) throws ServerAuthException {
        if (!z) {
            return new c(this);
        }
        javax.servlet.http.c cVar = (javax.servlet.http.c) uVar;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((javax.servlet.http.a) qVar).a("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length > 0) {
                    if (this.g) {
                        new org.eclipse.jetty.util.security.b(a(null, this.a, this.e, this.d, this.f == null ? null : this.f.toString()), a(this.h)).a(x509CertificateArr);
                    }
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null) {
                            Principal subjectDN = x509Certificate.getSubjectDN();
                            if (subjectDN == null) {
                                subjectDN = x509Certificate.getIssuerDN();
                            }
                            x a = a(subjectDN == null ? "clientcert" : subjectDN.getName(), org.eclipse.jetty.util.d.a(x509Certificate.getSignature()), qVar);
                            if (a != null) {
                                return new l(a(), a);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                throw new ServerAuthException(e.getMessage());
            }
        }
        if (c.a(cVar)) {
            return org.eclipse.jetty.server.d.c;
        }
        cVar.b(403);
        return org.eclipse.jetty.server.d.f;
    }

    @Override // org.eclipse.jetty.security.a
    public boolean a(q qVar, u uVar, boolean z, d.f fVar) throws ServerAuthException {
        return true;
    }
}
