package org.b.c.c;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.b.c.af;
import org.b.c.ah;

/* compiled from: ClientCertAuthenticator.java */
/* loaded from: classes3.dex */
public class d implements a {

    /* renamed from: a, reason: collision with root package name */
    private int f10387a = 60;

    @Override // org.b.c.c.a
    public Principal a(o oVar, String str, af afVar, ah ahVar) throws IOException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) afVar.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || x509CertificateArr[0] == null) {
            if (ahVar != null) {
                ahVar.sendError(403, "A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate).");
            }
            return null;
        }
        Principal subjectDN = x509CertificateArr[0].getSubjectDN();
        if (subjectDN == null) {
            subjectDN = x509CertificateArr[0].getIssuerDN();
        }
        Principal a2 = oVar.a(subjectDN == null ? "clientcert" : subjectDN.getName(), x509CertificateArr, afVar);
        if (a2 == null) {
            if (ahVar != null) {
                ahVar.sendError(403, "The provided client certificate does not correspond to a trusted user.");
            }
            return null;
        }
        afVar.e(HttpServletRequest.CLIENT_CERT_AUTH);
        afVar.a(a2);
        return a2;
    }
}
