package com.yahoo.jdisc.http.server.jetty;

import com.yahoo.jdisc.http.ConnectorConfig;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.Callback;

/* loaded from: input_file:com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.class */
class TlsClientAuthenticationEnforcer extends Handler.Wrapper {
    private final ConnectorConfig.TlsClientAuthEnforcer cfg;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsClientAuthenticationEnforcer(ConnectorConfig.TlsClientAuthEnforcer tlsClientAuthEnforcer, Handler handler) {
        super(handler);
        if (!tlsClientAuthEnforcer.enable()) {
            throw new IllegalArgumentException();
        }
        this.cfg = tlsClientAuthEnforcer;
    }

    public boolean handle(Request request, Response response, Callback callback) throws Exception {
        if (isRequestToWhitelistedBinding(request) || hasClientX509Certificate(request)) {
            return super.handle(request, response, callback);
        }
        Response.writeError(request, response, callback, 401, "Client did not present a x509 certificate, or presented a certificate not issued by any of the CA certificates in trust store.");
        return true;
    }

    private boolean isRequestToWhitelistedBinding(Request request) {
        return this.cfg.pathWhitelist().contains(request.getHttpURI().getPath());
    }

    private boolean hasClientX509Certificate(Request request) {
        Optional ofNullable = Optional.ofNullable(request.getAttribute("org.eclipse.jetty.io.Endpoint.SslSessionData"));
        Class<EndPoint.SslSessionData> cls = EndPoint.SslSessionData.class;
        Objects.requireNonNull(EndPoint.SslSessionData.class);
        return ((Boolean) ofNullable.map(cls::cast).map(sslSessionData -> {
            return Boolean.valueOf(sslSessionData.peerCertificates() != null);
        }).orElse(false)).booleanValue();
    }
}
