package org.zowe.apiml.gateway.ribbon.http;

import com.netflix.zuul.context.RequestContext;
import java.security.cert.X509Certificate;
import org.apache.http.impl.client.CloseableHttpClient;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.zowe.apiml.gateway.security.service.schema.ByPassScheme;

/* loaded from: input_file:org/zowe/apiml/gateway/ribbon/http/HttpClientChooser.class */
public class HttpClientChooser {
    private final CloseableHttpClient clientWithoutCertificate;
    private final CloseableHttpClient clientWithCertificate;

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClientChooser(CloseableHttpClient closeableHttpClient, CloseableHttpClient closeableHttpClient2) {
        this.clientWithoutCertificate = closeableHttpClient;
        this.clientWithCertificate = closeableHttpClient2;
    }

    private boolean isRequestToSign() {
        Authentication authentication;
        if (Boolean.TRUE.equals(RequestContext.getCurrentContext().get(ByPassScheme.AUTHENTICATION_SCHEME_BY_PASS_KEY)) && (authentication = SecurityContextHolder.getContext().getAuthentication()) != null && (authentication.getCredentials() instanceof X509Certificate)) {
            return authentication.isAuthenticated();
        }
        return false;
    }

    public CloseableHttpClient chooseClient() {
        return isRequestToSign() ? this.clientWithCertificate : this.clientWithoutCertificate;
    }
}
