package org.wildfly.elytron.web.undertow.server;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.impl.AbstractSecurityContext;
import io.undertow.server.HttpServerExchange;
import java.util.List;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.FlexibleIdentityAssociation;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.cache.IdentityCache;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpAuthenticator;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;

/* loaded from: input_file:org/wildfly/elytron/web/undertow/server/SecurityContextImpl.class */
public class SecurityContextImpl extends AbstractSecurityContext {
    private static final Logger log = Logger.getLogger("org.wildfly.security.http");
    private final ElytronHttpExchange httpExchange;
    protected final SecurityDomain securityDomain;
    private final Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
    private final String programmaticMechanismName;
    private Supplier<IdentityCache> identityCacheSupplier;
    private final FlexibleIdentityAssociation flexibleIdentityAssociation;
    private HttpAuthenticator httpAuthenticator;
    private Runnable logoutHandler;
    private AuthenticationMode authMode;

    /* loaded from: input_file:org/wildfly/elytron/web/undertow/server/SecurityContextImpl$Builder.class */
    public static class Builder {
        HttpServerExchange exchange;
        String programmaticMechanismName;
        SecurityDomain securityDomain;
        Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
        ElytronHttpExchange httpExchange;
        AuthenticationMode authMode;
        Supplier<IdentityCache> identityCacheSupplier;

        protected Builder() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setExchange(HttpServerExchange httpServerExchange) {
            this.exchange = httpServerExchange;
            return this;
        }

        @Deprecated
        Builder setProgramaticMechanismName(String str) {
            return setProgrammaticMechanismName(str);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setProgrammaticMechanismName(String str) {
            this.programmaticMechanismName = str;
            return this;
        }

        public Builder setAuthMode(AuthenticationMode authenticationMode) {
            this.authMode = authenticationMode;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setSecurityDomain(SecurityDomain securityDomain) {
            this.securityDomain = securityDomain;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setMechanismSupplier(Supplier<List<HttpServerAuthenticationMechanism>> supplier) {
            this.mechanismSupplier = supplier;
            return this;
        }

        @Deprecated
        Builder setHttpExchangeSupplier(ElytronHttpExchange elytronHttpExchange) {
            return setHttpExchange(elytronHttpExchange);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setHttpExchange(ElytronHttpExchange elytronHttpExchange) {
            this.httpExchange = elytronHttpExchange;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder setIdentityCacheSupplier(Supplier<IdentityCache> supplier) {
            this.identityCacheSupplier = supplier;
            return this;
        }

        public SecurityContext build() {
            return new SecurityContextImpl(this);
        }
    }

    protected SecurityContextImpl(Builder builder) {
        super((HttpServerExchange) Assert.checkNotNullParam("exchange", builder.exchange));
        this.httpExchange = (ElytronHttpExchange) Assert.checkNotNullParam("httpExchange", builder.httpExchange);
        this.securityDomain = builder.securityDomain;
        this.mechanismSupplier = builder.mechanismSupplier;
        this.programmaticMechanismName = builder.programmaticMechanismName;
        this.authMode = builder.authMode;
        this.identityCacheSupplier = builder.identityCacheSupplier;
        if (this.securityDomain != null) {
            this.flexibleIdentityAssociation = this.securityDomain.getAnonymousSecurityIdentity().createFlexibleAssociation();
        } else {
            this.flexibleIdentityAssociation = null;
        }
    }

    public boolean authenticate() {
        if (isAuthenticated()) {
            return true;
        }
        if (this.authMode == AuthenticationMode.CONSTRAINT_DRIVEN && !isAuthenticationRequired()) {
            return true;
        }
        this.httpAuthenticator = HttpAuthenticator.builder().setMechanismSupplier((Supplier) Assert.checkNotNullParam("mechanismSupplier", this.mechanismSupplier)).setIdentityCacheSupplier(this.identityCacheSupplier).setProgrammaticMechanismName((String) Assert.checkNotNullParam("programmaticMechanismName", this.programmaticMechanismName)).setSecurityDomain(this.securityDomain).setHttpExchangeSpi(this.httpExchange).setRequired(isAuthenticationRequired()).setIgnoreOptionalFailures(false).registerLogoutHandler(this::setLogoutHandler).build();
        try {
            return this.httpAuthenticator.authenticate();
        } catch (HttpAuthenticationException e) {
            log.trace("Authentication failed.", e);
            this.exchange.setStatusCode(500);
            return false;
        }
    }

    protected void setLogoutHandler(Runnable runnable) {
        this.logoutHandler = runnable;
    }

    public boolean login(String str, String str2) {
        if (this.httpAuthenticator == null) {
            log.trace("No HttpAuthenticator available for authentication.");
            return false;
        }
        SecurityIdentity login = this.httpAuthenticator.login(str, str2);
        if (login != null) {
            this.flexibleIdentityAssociation.setIdentity(login);
        }
        return login != null;
    }

    public void logout() {
        super.logout();
        if (this.logoutHandler != null) {
            this.logoutHandler.run();
        }
        if (this.flexibleIdentityAssociation != null) {
            this.flexibleIdentityAssociation.setIdentity(this.securityDomain.getAnonymousSecurityIdentity());
        }
    }

    protected void authenticationComplete(SecurityIdentity securityIdentity, String str) {
        this.flexibleIdentityAssociation.setIdentity(securityIdentity);
        authenticationComplete(new ElytronAccount(securityIdentity), str, false);
    }

    public void addAuthenticationMechanism(AuthenticationMechanism authenticationMechanism) {
        throw new UnsupportedOperationException();
    }

    public List<AuthenticationMechanism> getAuthenticationMechanisms() {
        throw new UnsupportedOperationException();
    }

    public IdentityManager getIdentityManager() {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FlexibleIdentityAssociation getFlexibleIdentityAssociation() {
        return this.flexibleIdentityAssociation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Builder builder() {
        return new Builder();
    }
}
