package org.keycloak.adapters.elytron;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.NodesRegistrationManagement;
import org.keycloak.adapters.PreAuthActionsHandler;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.UserSessionManagement;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/keycloak/adapters/elytron/KeycloakHttpServerAuthenticationMechanism.class */
class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticationMechanism {
    static Logger LOGGER = Logger.getLogger(KeycloakHttpServerAuthenticationMechanism.class);
    static final String NAME = "KEYCLOAK";
    private final Map<String, ?> properties;
    private final CallbackHandler callbackHandler;
    private final AdapterDeploymentContext deploymentContext;

    public KeycloakHttpServerAuthenticationMechanism(Map<String, ?> map, CallbackHandler callbackHandler, AdapterDeploymentContext adapterDeploymentContext) {
        this.properties = map;
        this.callbackHandler = callbackHandler;
        this.deploymentContext = adapterDeploymentContext;
    }

    public String getMechanismName() {
        return NAME;
    }

    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        LOGGER.debugf("Evaluating request for path [%s]", httpServerRequest.getRequestURI());
        AdapterDeploymentContext deploymentContext = getDeploymentContext(httpServerRequest);
        if (deploymentContext == null) {
            LOGGER.debugf("Ignoring request for path [%s] from mechanism [%s]. No deployment context found.", httpServerRequest.getRequestURI(), getMechanismName());
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        ElytronHttpFacade elytronHttpFacade = new ElytronHttpFacade(httpServerRequest, deploymentContext, this.callbackHandler);
        KeycloakDeployment deployment = elytronHttpFacade.getDeployment();
        if (!deployment.isConfigured()) {
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        ElytronRequestAuthenticator createRequestAuthenticator = createRequestAuthenticator(httpServerRequest, elytronHttpFacade, deployment);
        elytronHttpFacade.getTokenStore().checkCurrentToken();
        if (preActions(elytronHttpFacade, deploymentContext)) {
            LOGGER.debugf("Pre-actions has aborted the evaluation of [%s]", httpServerRequest.getRequestURI());
            elytronHttpFacade.authenticationInProgress();
            return;
        }
        AuthOutcome authenticate = createRequestAuthenticator.authenticate();
        if (AuthOutcome.AUTHENTICATED.equals(authenticate)) {
            if (new AuthenticatedActionsHandler(deployment, elytronHttpFacade).handledRequest()) {
                elytronHttpFacade.authenticationInProgress();
                return;
            } else {
                elytronHttpFacade.authenticationComplete();
                return;
            }
        }
        AuthChallenge challenge = createRequestAuthenticator.getChallenge();
        if (challenge != null) {
            elytronHttpFacade.noAuthenticationInProgress(challenge);
        } else if (!AuthOutcome.FAILED.equals(authenticate)) {
            elytronHttpFacade.noAuthenticationInProgress();
        } else {
            elytronHttpFacade.getResponse().setStatus(403);
            elytronHttpFacade.authenticationFailed();
        }
    }

    private ElytronRequestAuthenticator createRequestAuthenticator(HttpServerRequest httpServerRequest, ElytronHttpFacade elytronHttpFacade, KeycloakDeployment keycloakDeployment) {
        return new ElytronRequestAuthenticator(this.callbackHandler, elytronHttpFacade, keycloakDeployment, getConfidentialPort(httpServerRequest));
    }

    private AdapterDeploymentContext getDeploymentContext(HttpServerRequest httpServerRequest) {
        return this.deploymentContext == null ? (AdapterDeploymentContext) httpServerRequest.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE) : this.deploymentContext;
    }

    private boolean preActions(final ElytronHttpFacade elytronHttpFacade, AdapterDeploymentContext adapterDeploymentContext) {
        new NodesRegistrationManagement().tryRegister(elytronHttpFacade.getDeployment());
        return new PreAuthActionsHandler(new UserSessionManagement() { // from class: org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanism.1
            public void logoutAll() {
                logoutHttpSessions(new ArrayList(elytronHttpFacade.getScopeIds(Scope.SESSION)));
            }

            public void logoutHttpSessions(List<String> list) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    HttpScope scope = elytronHttpFacade.getScope(Scope.SESSION, it.next());
                    if (scope != null) {
                        scope.invalidate();
                    }
                }
            }
        }, adapterDeploymentContext, elytronHttpFacade).handleRequest();
    }

    private int getConfidentialPort(HttpServerRequest httpServerRequest) {
        return 8443;
    }
}
