package org.wildfly.security.http.oidc;

import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.Scope;
import org.wildfly.security.http.oidc.Oidc;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/OidcAuthenticationMechanism.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-http-oidc-1.15.16.Final.jar:org/wildfly/security/http/oidc/OidcAuthenticationMechanism.class */
final class OidcAuthenticationMechanism implements HttpServerAuthenticationMechanism {
    private final Map<String, ?> properties;
    private final CallbackHandler callbackHandler;
    private final OidcClientContext oidcClientContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcAuthenticationMechanism(Map<String, ?> map, CallbackHandler callbackHandler, OidcClientContext oidcClientContext) {
        this.properties = map;
        this.callbackHandler = callbackHandler;
        this.oidcClientContext = oidcClientContext;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public String getMechanismName() {
        return Oidc.OIDC_NAME;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        OidcClientContext oidcClientContext = getOidcClientContext(httpServerRequest);
        if (oidcClientContext == null) {
            ElytronMessages.log.debugf("Ignoring request for path [%s] from mechanism [%s]. No client configuration context found.", httpServerRequest.getRequestURI(), getMechanismName());
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        OidcHttpFacade oidcHttpFacade = new OidcHttpFacade(httpServerRequest, oidcClientContext, this.callbackHandler);
        OidcClientConfiguration oidcClientConfiguration = oidcHttpFacade.getOidcClientConfiguration();
        if (!oidcClientConfiguration.isConfigured()) {
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        RequestAuthenticator createRequestAuthenticator = createRequestAuthenticator(oidcHttpFacade, oidcClientConfiguration);
        oidcHttpFacade.getTokenStore().checkCurrentToken();
        if (oidcClientConfiguration.getAuthServerBaseUrl() != null && keycloakPreActions(oidcHttpFacade, oidcClientContext)) {
            ElytronMessages.log.debugf("Pre-actions has aborted the evaluation of [%s]", httpServerRequest.getRequestURI());
            oidcHttpFacade.authenticationInProgress();
            return;
        }
        Oidc.AuthOutcome authenticate = createRequestAuthenticator.authenticate();
        if (Oidc.AuthOutcome.AUTHENTICATED.equals(authenticate)) {
            if (new AuthenticatedActionsHandler(oidcClientConfiguration, oidcHttpFacade).handledRequest()) {
                oidcHttpFacade.authenticationInProgress();
                return;
            } else {
                oidcHttpFacade.authenticationComplete();
                return;
            }
        }
        AuthChallenge challenge = createRequestAuthenticator.getChallenge();
        if (challenge != null) {
            oidcHttpFacade.noAuthenticationInProgress(challenge);
        } else if (!Oidc.AuthOutcome.FAILED.equals(authenticate)) {
            oidcHttpFacade.noAuthenticationInProgress();
        } else {
            oidcHttpFacade.getResponse().setStatus(403);
            oidcHttpFacade.authenticationFailed();
        }
    }

    private RequestAuthenticator createRequestAuthenticator(OidcHttpFacade oidcHttpFacade, OidcClientConfiguration oidcClientConfiguration) {
        return new RequestAuthenticator(oidcHttpFacade, oidcClientConfiguration, getConfidentialPort());
    }

    private OidcClientContext getOidcClientContext(HttpServerRequest httpServerRequest) {
        return this.oidcClientContext == null ? (OidcClientContext) httpServerRequest.getScope(Scope.APPLICATION).getAttachment(Oidc.OIDC_CLIENT_CONTEXT_KEY) : this.oidcClientContext;
    }

    private int getConfidentialPort() {
        return 8443;
    }

    private boolean keycloakPreActions(OidcHttpFacade oidcHttpFacade, OidcClientContext oidcClientContext) {
        new NodesRegistrationManagement().tryRegister(oidcHttpFacade.getOidcClientConfiguration());
        return false;
    }
}
