package co.cask.cdap.security.server;

import javax.security.auth.login.Configuration;
import org.apache.commons.lang.StringUtils;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;

/* loaded from: input_file:co/cask/cdap/security/server/CertificateAuthenticationHandler.class */
public class CertificateAuthenticationHandler extends AbstractAuthenticationHandler {
    public static final String AUTH_SSL_CONFIG_BASE = "security.auth.server.ssl.";

    private void setupClientCertAuthenticator(ClientCertAuthenticator clientCertAuthenticator) {
        String str = (String) this.handlerProps.get(AUTH_SSL_CONFIG_BASE.concat("truststore.path"));
        String str2 = (String) this.handlerProps.get(AUTH_SSL_CONFIG_BASE.concat("truststore.password"));
        String str3 = (String) this.handlerProps.get(AUTH_SSL_CONFIG_BASE.concat("truststore.type"));
        if (StringUtils.isNotEmpty(str)) {
            clientCertAuthenticator.setTrustStore(str);
        }
        if (StringUtils.isNotEmpty(str2)) {
            clientCertAuthenticator.setTrustStorePassword(str2);
        }
        if (StringUtils.isNotEmpty(str3)) {
            clientCertAuthenticator.setTrustStoreType(str3);
        }
        clientCertAuthenticator.setValidateCerts(true);
    }

    protected LoginService getHandlerLoginService() {
        return new MTLSLoginService((String) this.handlerProps.get("realmfile"));
    }

    protected Authenticator getHandlerAuthenticator() {
        ClientCertAuthenticator clientCertAuthenticator = new ClientCertAuthenticator();
        setupClientCertAuthenticator(clientCertAuthenticator);
        return clientCertAuthenticator;
    }

    public IdentityService getHandlerIdentityService() {
        return new DefaultIdentityService();
    }

    protected Configuration getLoginModuleConfiguration() {
        return null;
    }
}
