package org.picketlink.identity.federation.bindings.wildfly.idp;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.impl.ClientCertAuthenticationMechanism;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism;
import javax.servlet.http.HttpServletRequest;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.http.InboundHeaderConfiguration;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/picketlink/federation/bindings/main/picketlink-wildfly8-2.5.5.SP2.jar:org/picketlink/identity/federation/bindings/wildfly/idp/IDPAuthenticationMechanism.class */
public class IDPAuthenticationMechanism extends ServletFormAuthenticationMechanism {
    private final PicketLinkType configuration;
    private final ClientCertAuthenticationMechanism clientCertAuthMech;

    public IDPAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, PicketLinkType picketLinkType, PicketLinkAuditHelper picketLinkAuditHelper) {
        super(formParserFactory, str, str2, str3);
        this.configuration = picketLinkType;
        this.clientCertAuthMech = new ClientCertAuthenticationMechanism(true);
    }

    @Override // io.undertow.security.impl.FormAuthenticationMechanism, io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome = null;
        if (((IDPType) this.configuration.getIdpOrSP()).isSSLClientAuthentication()) {
            authenticationMechanismOutcome = this.clientCertAuthMech.authenticate(httpServerExchange, securityContext);
        }
        if (authenticationMechanismOutcome == null || !AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED.equals(authenticationMechanismOutcome)) {
            authenticationMechanismOutcome = super.authenticate(httpServerExchange, securityContext);
        }
        return authenticationMechanismOutcome;
    }

    @Override // io.undertow.security.impl.FormAuthenticationMechanism, io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getServletRequest();
        return (isAjaxRequest(httpServletRequest) && httpServletRequest.getUserPrincipal() == null) ? new AuthenticationMechanism.ChallengeResult(false, 403) : super.sendChallenge(httpServerExchange, securityContext);
    }

    private boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Requested-With");
        return header != null && InboundHeaderConfiguration.X_REQUESTED_WITH_AJAX.equalsIgnoreCase(header);
    }
}
