package org.wildfly.security.http.oidc;

import java.io.IOException;
import java.util.List;
import org.keycloak.constants.AdapterConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/AuthenticatedActionsHandler.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-http-oidc-1.15.16.Final.jar:org/wildfly/security/http/oidc/AuthenticatedActionsHandler.class */
public class AuthenticatedActionsHandler {
    private OidcClientConfiguration deployment;
    private OidcHttpFacade facade;

    public AuthenticatedActionsHandler(OidcClientConfiguration oidcClientConfiguration, OidcHttpFacade oidcHttpFacade) {
        this.deployment = oidcClientConfiguration;
        this.facade = oidcHttpFacade;
    }

    public boolean handledRequest() {
        ElytronMessages.log.debugv("AuthenticatedActionsValve.invoke {0}", this.facade.getRequest().getURI());
        if (corsRequest()) {
            return true;
        }
        if (!this.facade.getRequest().getURI().endsWith(AdapterConstants.K_QUERY_BEARER_TOKEN)) {
            return false;
        }
        queryBearerToken();
        return true;
    }

    protected void queryBearerToken() {
        ElytronMessages.log.debugv("queryBearerToken {0}", this.facade.getRequest().getURI());
        if (abortTokenResponse()) {
            return;
        }
        this.facade.getResponse().setStatus(200);
        this.facade.getResponse().setHeader("Content-Type", "text/plain");
        try {
            this.facade.getResponse().getOutputStream().write(this.facade.getSecurityContext().getTokenString().getBytes());
            this.facade.getResponse().end();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected boolean abortTokenResponse() {
        if (this.facade.getSecurityContext() == null) {
            ElytronMessages.log.debugv("Not logged in, sending back 401: {0}", this.facade.getRequest().getURI());
            this.facade.getResponse().sendError(401);
            this.facade.getResponse().end();
            return true;
        }
        if (!this.deployment.isExposeToken()) {
            this.facade.getResponse().setStatus(200);
            this.facade.getResponse().end();
            return true;
        }
        String header = this.facade.getRequest().getHeader("Origin");
        if (this.deployment.isCors() || header == null || header.equals("null")) {
            return false;
        }
        this.facade.getResponse().setStatus(200);
        this.facade.getResponse().end();
        return true;
    }

    protected boolean corsRequest() {
        if (!this.deployment.isCors()) {
            return false;
        }
        OidcSecurityContext securityContext = this.facade.getSecurityContext();
        String header = this.facade.getRequest().getHeader("Origin");
        String str = "null".equals(header) ? null : header;
        String corsExposedHeaders = this.deployment.getCorsExposedHeaders();
        String origin = getOrigin(this.facade.getRequest().getURI());
        ElytronMessages.log.debugv("Origin: {0} uri: {1}", str, this.facade.getRequest().getURI());
        if (securityContext == null || str == null || str.equals(origin)) {
            ElytronMessages.log.debugv("cors validation not needed as we are not a secure session or origin header was null: {0}", this.facade.getRequest().getURI());
            return false;
        }
        List<String> allowedOrigins = securityContext.getToken().getAllowedOrigins();
        ElytronMessages.log.debugf("Allowed origins in token: %s", allowedOrigins);
        if (allowedOrigins == null || !(allowedOrigins.contains("*") || allowedOrigins.contains(str))) {
            if (allowedOrigins == null) {
                ElytronMessages.log.debugv("allowedOrigins was null in token", new Object[0]);
            } else {
                ElytronMessages.log.debugv("allowedOrigins did not contain origin", new Object[0]);
            }
            this.facade.getResponse().sendError(403);
            this.facade.getResponse().end();
            return true;
        }
        ElytronMessages.log.debugv("returning origin: {0}", str);
        this.facade.getResponse().setStatus(200);
        this.facade.getResponse().setHeader("Access-Control-Allow-Origin", str);
        this.facade.getResponse().setHeader("Access-Control-Allow-Credentials", "true");
        if (corsExposedHeaders == null) {
            return false;
        }
        this.facade.getResponse().setHeader("Access-Control-Expose-Headers", corsExposedHeaders);
        return false;
    }

    private static String getOrigin(String str) {
        return str.indexOf(47, 8) != -1 ? str.substring(0, str.indexOf(47, 8)) : str;
    }
}
