package net.handle.server.servletcontainer.auth;

import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import net.cnri.util.StringUtils;
import net.handle.hdllib.AbstractRequest;
import net.handle.hdllib.AbstractResponse;
import net.handle.hdllib.AbstractResponseAndIndex;
import net.handle.hdllib.AuthenticationInfo;
import net.handle.hdllib.ChallengeAnswerRequest;
import net.handle.hdllib.ChallengeResponse;
import net.handle.hdllib.Common;
import net.handle.hdllib.Encoder;
import net.handle.hdllib.GenericRequest;
import net.handle.hdllib.HandleException;
import net.handle.hdllib.HandleResolver;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.ResolutionRequest;
import net.handle.hdllib.ResolutionResponse;
import net.handle.hdllib.SecretKeyAuthenticationInfo;
import net.handle.hdllib.Util;
import net.handle.hdllib.ValueReference;
import net.handle.hdllib.VerifyAuthRequest;
import net.handle.hdllib.VerifyAuthResponse;
import net.handle.server.servletcontainer.HandleServerInterface;
import net.handle.server.servletcontainer.support.PreAuthenticatedAuthenticationInfo;
import net.handle.util.X509HSTrustManager;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:net/handle/server/servletcontainer/auth/StandardHandleAuthenticator.class */
public class StandardHandleAuthenticator {
    private final HttpServletRequest request;
    private final HttpSession session;
    private final HandleAuthenticationStatus handleAuthStatus;
    private final AuthenticationResponse authResp;
    private final String authHeader;
    private final HandleAuthorizationHeader parsedHandleAuthHeader;

    public StandardHandleAuthenticator(HttpServletRequest httpServletRequest, HttpSession httpSession, HandleAuthenticationStatus handleAuthenticationStatus, AuthenticationResponse authenticationResponse) {
        this.request = httpServletRequest;
        this.session = httpSession;
        this.handleAuthStatus = handleAuthenticationStatus;
        this.authResp = authenticationResponse;
        this.parsedHandleAuthHeader = (HandleAuthorizationHeader) httpServletRequest.getAttribute(HandleAuthorizationHeader.class.getName());
        this.authHeader = httpServletRequest.getHeader("Authorization");
    }

    public void authenticate() {
        AuthenticationInfoWithId authenticateViaSession;
        if (badSessionInHandleAuthorizationHeader()) {
            this.authResp.setAuthenticating(true);
            this.authResp.setAuthenticated(false);
            return;
        }
        boolean z = true;
        if (isAuthenticatingViaHeaderOrHandleAuthHeaderEntity()) {
            this.authResp.setAuthenticating(true);
            authenticateViaSession = checkSeenBefore();
            if (authenticateViaSession != null) {
                z = false;
            }
            if (authenticateViaSession == null) {
                authenticateViaSession = authenticateViaHandleAuthorizationHeader();
            }
            if (authenticateViaSession == null) {
                authenticateViaSession = authenticateViaBasic();
            }
        } else {
            authenticateViaSession = authenticateViaSession();
            if (authenticateViaSession != null) {
                z = false;
            }
            if (authenticateViaSession == null) {
                authenticateViaSession = authenticateViaClientSideCert();
            }
        }
        if (authenticateViaSession != null) {
            this.authResp.setAuthenticated(true);
            this.authResp.setId(authenticateViaSession.getId());
            if (this.session != null && z) {
                this.session.setAttribute(HandleAuthenticationStatus.class.getName(), new HandleAuthenticationStatus(this.handleAuthStatus.getSessionId(), this.handleAuthStatus.getNonce(), this.handleAuthStatus.getCnonce(), this.handleAuthStatus.getServerSignature(), this.authHeader, authenticateViaSession.getAuthInfo(), authenticateViaSession.getId()));
            }
            this.request.setAttribute(AuthenticationInfo.class.getName(), authenticateViaSession.getAuthInfo());
        }
    }

    private boolean badSessionInHandleAuthorizationHeader() {
        return (this.parsedHandleAuthHeader == null || this.parsedHandleAuthHeader.getSessionId() == null || (this.session != null && this.session.getId().equals(this.parsedHandleAuthHeader.getSessionId()))) ? false : true;
    }

    private boolean isAuthenticatingViaHeaderOrHandleAuthHeaderEntity() {
        if (this.authHeader == null || !this.authHeader.trim().startsWith("Basic")) {
            return this.parsedHandleAuthHeader != null ? this.parsedHandleAuthHeader.isAuthenticating() : this.authHeader != null;
        }
        return true;
    }

    private AuthenticationInfoWithId authenticateViaHandleAuthorizationHeader() {
        if (this.parsedHandleAuthHeader == null || !this.parsedHandleAuthHeader.isAuthenticating() || this.session == null) {
            return null;
        }
        return authenticateViaHandleAuthorizationHeaderWhichIsAuthenticatingInSession();
    }

    private AuthenticationInfoWithId authenticateViaHandleAuthorizationHeaderWhichIsAuthenticatingInSession() {
        if (this.parsedHandleAuthHeader.getVersion() != null && !"0".equals(this.parsedHandleAuthHeader.getVersion())) {
            this.authResp.addError("Unknown version in Authorization: Handle");
            return null;
        }
        if (this.parsedHandleAuthHeader.isIncompleteAuthentication()) {
            this.authResp.addError("Missing fields in authentication data");
            return null;
        }
        try {
            byte[] nonce = this.handleAuthStatus.getNonce();
            byte[] decodeBase64 = Base64.decodeBase64(this.parsedHandleAuthHeader.getCnonce());
            byte[] decodeBase642 = Base64.decodeBase64(this.parsedHandleAuthHeader.getSignature());
            String alg = this.parsedHandleAuthHeader.getAlg();
            ValueReference extractHandleValueReferenceFromString = extractHandleValueReferenceFromString(this.parsedHandleAuthHeader.getId());
            String type = this.parsedHandleAuthHeader.getType();
            byte[] encodeString = Util.encodeString(alg);
            if (Util.equalsIgnoreCaseAndPunctuation(encodeString, Common.HASH_ALG_PBKDF2_HMAC_SHA1) || Util.equalsIgnoreCaseAndPunctuation(encodeString, Common.HASH_ALG_PBKDF2_HMAC_SHA1_ALTERNATE)) {
                String salt = this.parsedHandleAuthHeader.getSalt();
                String iterations = this.parsedHandleAuthHeader.getIterations();
                String length = this.parsedHandleAuthHeader.getLength();
                if (salt != null && iterations != null && length != null) {
                    decodeBase642 = Util.constructPbkdf2Encoding(Base64.decodeBase64(salt), Integer.parseInt(iterations), Integer.parseInt(length), decodeBase642);
                }
            }
            byte[] constructSignedResponse = constructSignedResponse(type, alg, decodeBase642);
            if (constructSignedResponse == null) {
                this.authResp.addError("Error parsing Authorization: Handle");
                return null;
            }
            int verifyIdentityAndGetIndex = verifyIdentityAndGetIndex(extractHandleValueReferenceFromString, type, nonce, decodeBase64, constructSignedResponse);
            if (verifyIdentityAndGetIndex >= 0) {
                return new AuthenticationInfoWithId(this.parsedHandleAuthHeader.getId(), new PreAuthenticatedAuthenticationInfo(extractHandleValueReferenceFromString.handle, verifyIdentityAndGetIndex));
            }
            return null;
        } catch (Exception e) {
            this.authResp.addError("Exception (" + e.getClass().getName() + ") parsing Authorization: Handle");
            return null;
        }
    }

    public static byte[] constructSignedResponse(String str, String str2, byte[] bArr) {
        byte[] bArr2;
        byte b;
        byte[] encodeString = Util.encodeString(str2);
        if (str2.equalsIgnoreCase("MD5")) {
            bArr2 = Common.HASH_ALG_MD5;
            b = 1;
        } else if (str2.equalsIgnoreCase("SHA") || str2.equalsIgnoreCase("SHA1") || str2.equalsIgnoreCase("SHA-1")) {
            bArr2 = Common.HASH_ALG_SHA1;
            b = 2;
        } else if (str2.equalsIgnoreCase("SHA-256") || str2.equalsIgnoreCase("SHA256") || str2.equalsIgnoreCase("SHA-2") || str2.equalsIgnoreCase("SHA2")) {
            bArr2 = Common.HASH_ALG_SHA256;
            b = 3;
        } else if (Util.equalsIgnoreCaseAndPunctuation(Common.HASH_ALG_HMAC_SHA1, encodeString)) {
            bArr2 = Common.HASH_ALG_HMAC_SHA1;
            b = 18;
        } else if (Util.equalsIgnoreCaseAndPunctuation(Common.HASH_ALG_HMAC_SHA256, encodeString)) {
            bArr2 = Common.HASH_ALG_HMAC_SHA256;
            b = 19;
        } else {
            if (!Util.equalsIgnoreCaseAndPunctuation(encodeString, Common.HASH_ALG_PBKDF2_HMAC_SHA1) && !Util.equalsIgnoreCaseAndPunctuation(encodeString, Common.HASH_ALG_PBKDF2_HMAC_SHA1_ALTERNATE)) {
                return null;
            }
            bArr2 = Common.HASH_ALG_PBKDF2_HMAC_SHA1;
            b = 34;
        }
        if ("HS_SECKEY".equals(str)) {
            byte[] bArr3 = new byte[bArr.length + 1];
            bArr3[0] = b;
            System.arraycopy(bArr, 0, bArr3, 1, bArr.length);
            return bArr3;
        }
        if (!"HS_PUBKEY".equals(str)) {
            return null;
        }
        byte[] bArr4 = new byte[bArr.length + bArr2.length + 8];
        int writeByteArray = 0 + Encoder.writeByteArray(bArr4, 0, bArr2);
        int writeByteArray2 = writeByteArray + Encoder.writeByteArray(bArr4, writeByteArray, bArr);
        return bArr4;
    }

    private AuthenticationInfoWithId authenticateViaBasic() {
        byte[] decodeBase64;
        int indexOf;
        if (this.authHeader == null) {
            return null;
        }
        String[] split = this.authHeader.trim().split("\\s++");
        if (split.length != 2 || !split[0].equalsIgnoreCase("Basic") || (indexOf = Util.indexOf((decodeBase64 = Base64.decodeBase64(split[1])), (byte) 58)) < 0) {
            return null;
        }
        byte[] substring = Util.substring(decodeBase64, 0, indexOf);
        byte[] substring2 = Util.substring(decodeBase64, indexOf + 1);
        ValueReference extractHandleValueReferenceFromUrlEncodedBytes = extractHandleValueReferenceFromUrlEncodedBytes(substring);
        if (checkSecretKey(extractHandleValueReferenceFromUrlEncodedBytes, substring2)) {
            return new AuthenticationInfoWithId(new PreAuthenticatedAuthenticationInfo(extractHandleValueReferenceFromUrlEncodedBytes.handle, extractHandleValueReferenceFromUrlEncodedBytes.index));
        }
        return null;
    }

    private AuthenticationInfoWithId checkSeenBefore() {
        if (this.session == null || this.authHeader == null) {
            return null;
        }
        if (this.authHeader.equals(this.handleAuthStatus.getAuthorizationHeader())) {
            return this.handleAuthStatus.getAuthInfoWithId();
        }
        return null;
    }

    private boolean checkSecretKey(ValueReference valueReference, byte[] bArr) {
        SecretKeyAuthenticationInfo secretKeyAuthenticationInfo = new SecretKeyAuthenticationInfo(valueReference.handle, valueReference.index, bArr);
        ServletContext servletContext = this.request.getServletContext();
        HandleServerInterface handleServerInterface = (HandleServerInterface) servletContext.getAttribute("net.handle.server.HandleServer");
        return handleServerInterface == null ? checkSecretKeyViaResolver(getHandleResolver(servletContext), secretKeyAuthenticationInfo) : checkSecretKeyViaServer(handleServerInterface, secretKeyAuthenticationInfo);
    }

    private int verifyIdentityAndGetIndex(ValueReference valueReference, String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        ServletContext servletContext = this.request.getServletContext();
        HandleServerInterface handleServerInterface = (HandleServerInterface) servletContext.getAttribute("net.handle.server.HandleServer");
        return handleServerInterface == null ? verifyIdentityViaResolver(getHandleResolver(servletContext), valueReference, str, bArr, bArr2, bArr3) : verifyIdentityViaServer(handleServerInterface, valueReference, str, bArr, bArr2, bArr3);
    }

    private HandleResolver getHandleResolverEvenIfInServer(ServletContext servletContext) {
        HandleServerInterface handleServerInterface = (HandleServerInterface) servletContext.getAttribute("net.handle.server.HandleServer");
        return handleServerInterface != null ? handleServerInterface.getResolver() : getHandleResolver(servletContext);
    }

    private HandleResolver getHandleResolver(ServletContext servletContext) {
        HandleResolver handleResolver = (HandleResolver) servletContext.getAttribute(HandleResolver.class.getName());
        if (handleResolver == null) {
            synchronized (servletContext) {
                handleResolver = (HandleResolver) servletContext.getAttribute(HandleResolver.class.getName());
                if (handleResolver == null) {
                    handleResolver = new HandleResolver();
                    servletContext.setAttribute(HandleResolver.class.getName(), handleResolver);
                }
            }
        }
        return handleResolver;
    }

    private X509HSTrustManager getTrustManager(ServletContext servletContext) {
        X509HSTrustManager x509HSTrustManager = (X509HSTrustManager) servletContext.getAttribute(X509HSTrustManager.class.getName());
        if (x509HSTrustManager == null) {
            synchronized (servletContext) {
                x509HSTrustManager = (X509HSTrustManager) servletContext.getAttribute(X509HSTrustManager.class.getName());
                if (x509HSTrustManager == null) {
                    x509HSTrustManager = new X509HSTrustManager(getHandleResolverEvenIfInServer(servletContext));
                    servletContext.setAttribute(X509HSTrustManager.class.getName(), x509HSTrustManager);
                }
            }
        }
        return x509HSTrustManager;
    }

    private boolean checkSecretKeyViaServer(HandleServerInterface handleServerInterface, SecretKeyAuthenticationInfo secretKeyAuthenticationInfo) {
        try {
            String requestURI = this.request.getRequestURI();
            if (this.request.getQueryString() != null) {
                requestURI = requestURI + "?" + this.request.getQueryString();
            }
            GenericRequest genericRequest = new GenericRequest(Util.encodeString(requestURI), 2, null);
            ChallengeResponse challengeResponse = new ChallengeResponse((AbstractRequest) genericRequest, true);
            if (handleServerInterface.verifyIdentity(challengeResponse, new ChallengeAnswerRequest(secretKeyAuthenticationInfo.getAuthType(), secretKeyAuthenticationInfo.getUserIdHandle(), secretKeyAuthenticationInfo.getUserIdIndex(), secretKeyAuthenticationInfo.authenticate(challengeResponse, genericRequest), secretKeyAuthenticationInfo), genericRequest) == null) {
                return true;
            }
            this.authResp.addError("Identity not verified");
            return false;
        } catch (HandleException e) {
            this.authResp.addError("Exception (" + e.getClass().getName() + ") verifying identity");
            return false;
        }
    }

    private int verifyIdentityViaServer(HandleServerInterface handleServerInterface, ValueReference valueReference, String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            String requestURI = this.request.getRequestURI();
            if (this.request.getQueryString() != null) {
                requestURI = requestURI + "?" + this.request.getQueryString();
            }
            GenericRequest genericRequest = new GenericRequest(Util.encodeString(requestURI), 2, null);
            ChallengeResponse challengeResponse = new ChallengeResponse(2, bArr);
            challengeResponse.majorProtocolVersion = (byte) 2;
            challengeResponse.minorProtocolVersion = (byte) 11;
            challengeResponse.rdHashType = hashTypeForCnonce(bArr2);
            challengeResponse.requestDigest = bArr2;
            AbstractResponseAndIndex verifyIdentityAndGetIndex = handleServerInterface.verifyIdentityAndGetIndex(challengeResponse, new ChallengeAnswerRequest(Util.encodeString(str), valueReference.handle, valueReference.index, bArr3, null), genericRequest);
            if (verifyIdentityAndGetIndex.getResponse() instanceof ChallengeResponse) {
                this.authResp.addError("Identity not verified; verifying server may only support older-format SHA-1 MAC");
                return -1;
            }
            if (verifyIdentityAndGetIndex.getResponse() == null) {
                return verifyIdentityAndGetIndex.getIndex() == 0 ? valueReference.index : verifyIdentityAndGetIndex.getIndex();
            }
            this.authResp.addError("Identity not verified");
            return -1;
        } catch (HandleException e) {
            this.authResp.addError("Exception (" + e.getClass().getName() + ") verifying identity");
            return -1;
        }
    }

    public static byte hashTypeForCnonce(byte[] bArr) {
        return (byte) 0;
    }

    private boolean checkSecretKeyViaResolver(HandleResolver handleResolver, SecretKeyAuthenticationInfo secretKeyAuthenticationInfo) {
        try {
            String requestURI = this.request.getRequestURI();
            if (this.request.getQueryString() != null) {
                requestURI = requestURI + "?" + this.request.getQueryString();
            }
            GenericRequest genericRequest = new GenericRequest(Util.encodeString(requestURI), 2, null);
            ChallengeResponse challengeResponse = new ChallengeResponse((AbstractRequest) genericRequest, true);
            VerifyAuthRequest verifyAuthRequest = new VerifyAuthRequest(secretKeyAuthenticationInfo.getUserIdHandle(), challengeResponse.nonce, challengeResponse.requestDigest, challengeResponse.rdHashType, secretKeyAuthenticationInfo.authenticate(challengeResponse, genericRequest), secretKeyAuthenticationInfo.getUserIdIndex(), null);
            verifyAuthRequest.certify = true;
            AbstractResponse processRequest = handleResolver.processRequest(verifyAuthRequest);
            if (!(processRequest instanceof VerifyAuthResponse)) {
                this.authResp.addError("Identity not verified");
                return false;
            }
            if (((VerifyAuthResponse) processRequest).isValid) {
                return true;
            }
            this.authResp.addError("Identity not verified");
            return false;
        } catch (HandleException e) {
            this.authResp.addError("Exception (" + e.getClass().getName() + ") verifying identity");
            return false;
        }
    }

    private int verifyIdentityViaResolver(HandleResolver handleResolver, ValueReference valueReference, String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            if ("HS_SECKEY".equals(str)) {
                if (verifySecretKeyIdentityViaResolver(handleResolver, valueReference, bArr, bArr2, bArr3)) {
                    return -1;
                }
                return valueReference.index;
            }
            if ("HS_PUBKEY".equals(str)) {
                return verifyPublicKeyIdentityViaResolver(handleResolver, valueReference, bArr, bArr2, bArr3);
            }
            this.authResp.addError("Unknown authType " + str);
            return -1;
        } catch (Exception e) {
            this.authResp.addError("Exception (" + e.getClass().getName() + ") verifying identity");
            return -1;
        }
    }

    private int verifyPublicKeyIdentityViaResolver(HandleResolver handleResolver, ValueReference valueReference, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        HandleValue[] handleValues;
        Signature signature;
        ResolutionRequest resolutionRequest = new ResolutionRequest(valueReference.handle, valueReference.index > 0 ? null : Common.PUBLIC_KEY_TYPES, valueReference.index > 0 ? new int[]{valueReference.index} : null, null);
        resolutionRequest.certify = true;
        AbstractResponse processRequest = handleResolver.processRequest(resolutionRequest);
        if (!(processRequest instanceof ResolutionResponse) || (handleValues = ((ResolutionResponse) processRequest).getHandleValues()) == null || handleValues.length < 1) {
            return -1;
        }
        byte[] readByteArray = Encoder.readByteArray(bArr3, 0);
        int length = 0 + 4 + readByteArray.length;
        byte[] readByteArray2 = Encoder.readByteArray(bArr3, length);
        int length2 = length + 4 + readByteArray2.length;
        Arrays.sort(handleValues, HandleValue.INDEX_COMPARATOR);
        for (HandleValue handleValue : handleValues) {
            try {
                PublicKey publicKeyFromBytes = Util.getPublicKeyFromBytes(handleValue.getData(), 0);
                signature = Signature.getInstance(Util.getSigIdFromHashAlgId(readByteArray, publicKeyFromBytes.getAlgorithm()));
                signature.initVerify(publicKeyFromBytes);
                signature.update(bArr);
                signature.update(bArr2);
            } catch (Exception e) {
            }
            if (signature.verify(readByteArray2)) {
                return handleValue.getIndex();
            }
            continue;
        }
        this.authResp.addError("Identity not verified, signature failed");
        return -1;
    }

    private int getIndexMatchingPublicKey(HandleResolver handleResolver, byte[] bArr, PublicKey publicKey) {
        HandleValue[] handleValues;
        try {
            ResolutionRequest resolutionRequest = new ResolutionRequest(bArr, Common.PUBLIC_KEY_TYPES, null, null);
            resolutionRequest.certify = true;
            AbstractResponse processRequest = handleResolver.processRequest(resolutionRequest);
            if (!(processRequest instanceof ResolutionResponse) || (handleValues = ((ResolutionResponse) processRequest).getHandleValues()) == null || handleValues.length < 1) {
                return 0;
            }
            Arrays.sort(handleValues, HandleValue.INDEX_COMPARATOR);
            for (HandleValue handleValue : handleValues) {
                PublicKey publicKeyFromBytes = Util.getPublicKeyFromBytes(handleValue.getData(), 0);
                if (publicKey.equals(publicKeyFromBytes) || Util.equals(publicKey.getEncoded(), publicKeyFromBytes.getEncoded())) {
                    return handleValue.getIndex();
                }
            }
            return 0;
        } catch (Exception e) {
            return 0;
        }
    }

    private boolean verifySecretKeyIdentityViaResolver(HandleResolver handleResolver, ValueReference valueReference, byte[] bArr, byte[] bArr2, byte[] bArr3) throws HandleException {
        VerifyAuthRequest verifyAuthRequest = new VerifyAuthRequest(valueReference.handle, bArr, bArr2, hashTypeForCnonce(bArr2), bArr3, valueReference.index, null);
        verifyAuthRequest.certify = true;
        AbstractResponse processRequest = handleResolver.processRequest(verifyAuthRequest);
        if (!(processRequest instanceof VerifyAuthResponse)) {
            this.authResp.addError("Identity not verified");
            return false;
        }
        if (((VerifyAuthResponse) processRequest).isValid) {
            return true;
        }
        this.authResp.addError("Identity not verified");
        return false;
    }

    private ValueReference extractHandleValueReferenceFromUrlEncodedBytes(byte[] bArr) {
        return extractHandleValueReferenceFromUrlEncodedString(Util.decodeString(bArr));
    }

    private ValueReference extractHandleValueReferenceFromUrlEncodedString(String str) {
        return extractHandleValueReferenceFromString(StringUtils.decodeURLIgnorePlus(str));
    }

    private ValueReference extractHandleValueReferenceFromString(String str) {
        int indexOf = str.indexOf(58);
        if (indexOf < 0) {
            return new ValueReference(Util.encodeString(str), 0);
        }
        String substring = str.substring(0, indexOf);
        return isDigits(substring) ? new ValueReference(Util.encodeString(str.substring(indexOf + 1)), Integer.parseInt(substring)) : new ValueReference(Util.encodeString(str), 0);
    }

    private AuthenticationInfoWithId authenticateViaClientSideCert() {
        X509Certificate[] extractCertificates = extractCertificates(this.request);
        if (extractCertificates == null || extractCertificates.length == 0) {
            return null;
        }
        X509Certificate x509Certificate = extractCertificates[0];
        try {
            getTrustManager(this.request.getServletContext()).checkClientTrusted(extractCertificates, x509Certificate.getPublicKey().getAlgorithm());
            ValueReference parseIdentity = X509HSTrustManager.parseIdentity(x509Certificate);
            if (parseIdentity == null) {
                this.authResp.addError("Unable to parse identity from client-side certificate");
                return null;
            }
            int i = parseIdentity.index;
            if (i == 0) {
                i = getIndexMatchingPublicKey(getHandleResolverEvenIfInServer(this.request.getServletContext()), parseIdentity.handle, x509Certificate.getPublicKey());
            }
            return new AuthenticationInfoWithId(new PreAuthenticatedAuthenticationInfo(parseIdentity.handle, i));
        } catch (Exception e) {
            String message = e.getMessage();
            if (e.getCause() != null && e.getCause().getMessage() != null) {
                message = message + ": " + e.getCause().getMessage();
            }
            this.authResp.addError(message);
            return null;
        }
    }

    public static X509Certificate[] extractCertificates(HttpServletRequest httpServletRequest) {
        return (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
    }

    public static X509Certificate extractCertificate(HttpServletRequest httpServletRequest) {
        X509Certificate[] extractCertificates = extractCertificates(httpServletRequest);
        if (null == extractCertificates || extractCertificates.length <= 0) {
            return null;
        }
        return extractCertificates[0];
    }

    private AuthenticationInfoWithId authenticateViaSession() {
        if (this.session == null) {
            return null;
        }
        return this.handleAuthStatus.getAuthInfoWithId();
    }

    private static boolean isDigits(String str) {
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt < '0' || charAt > '9') {
                return false;
            }
        }
        return true;
    }
}
