package org.keycloak.adapters.undertow;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.ServletException;
import org.jboss.logging.Logger;
import org.keycloak.SkeletonKeySession;
import org.keycloak.adapters.config.ManagedResourceConfig;

/* loaded from: input_file:org/keycloak/adapters/undertow/AuthenticatedActionsHandler.class */
public class AuthenticatedActionsHandler implements HttpHandler {
    private static final Logger log = Logger.getLogger(AuthenticatedActionsHandler.class);
    protected ManagedResourceConfig config;
    protected HttpHandler next;

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticatedActionsHandler(ManagedResourceConfig managedResourceConfig, HttpHandler httpHandler) {
        this.config = managedResourceConfig;
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        log.debugv("AuthenticatedActionsValve.invoke {0}", httpServerExchange.getRequestURI());
        SkeletonKeySession skeletonKeySession = getSkeletonKeySession(httpServerExchange);
        if (corsRequest(httpServerExchange, skeletonKeySession)) {
            return;
        }
        if (httpServerExchange.getRequestURI().endsWith("K_QUERY_BEARER_TOKEN")) {
            queryBearerToken(httpServerExchange, skeletonKeySession);
        } else {
            this.next.handleRequest(httpServerExchange);
        }
    }

    public SkeletonKeySession getSkeletonKeySession(HttpServerExchange httpServerExchange) {
        SkeletonKeySession skeletonKeySession = (SkeletonKeySession) httpServerExchange.getAttachment(KeycloakAuthenticationMechanism.SKELETON_KEY_SESSION_ATTACHMENT_KEY);
        if (skeletonKeySession != null) {
            return skeletonKeySession;
        }
        return null;
    }

    protected void queryBearerToken(HttpServerExchange httpServerExchange, SkeletonKeySession skeletonKeySession) throws IOException, ServletException {
        log.debugv("queryBearerToken {0}", httpServerExchange.getRequestURI());
        if (abortTokenResponse(httpServerExchange, skeletonKeySession)) {
            return;
        }
        httpServerExchange.setResponseCode(200);
        httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
        httpServerExchange.getResponseSender().send(skeletonKeySession.getTokenString());
        httpServerExchange.endExchange();
    }

    protected boolean abortTokenResponse(HttpServerExchange httpServerExchange, SkeletonKeySession skeletonKeySession) throws IOException {
        if (skeletonKeySession == null) {
            log.debugv("session was null, sending back 401: {0}", httpServerExchange.getRequestURI());
            httpServerExchange.setResponseCode(200);
            httpServerExchange.endExchange();
            return true;
        }
        if (!this.config.isExposeToken()) {
            httpServerExchange.setResponseCode(200);
            httpServerExchange.endExchange();
            return true;
        }
        if (this.config.isCors() || httpServerExchange.getRequestHeaders().getFirst(Headers.ORIGIN) == null) {
            return false;
        }
        httpServerExchange.setResponseCode(200);
        httpServerExchange.endExchange();
        return true;
    }

    protected boolean corsRequest(HttpServerExchange httpServerExchange, SkeletonKeySession skeletonKeySession) throws IOException {
        if (!this.config.isCors()) {
            return false;
        }
        log.debugv("CORS enabled + request.getRequestURI()", new Object[0]);
        String first = httpServerExchange.getRequestHeaders().getFirst("Origin");
        log.debugv("Origin: {0} uri: {1}", first, httpServerExchange.getRequestURI());
        if (skeletonKeySession == null || first == null) {
            log.debugv("session or origin was null: {0}", httpServerExchange.getRequestURI());
            return false;
        }
        Set allowedOrigins = skeletonKeySession.getToken().getAllowedOrigins();
        if (log.isDebugEnabled()) {
            Iterator it = allowedOrigins.iterator();
            while (it.hasNext()) {
                log.debug("   " + ((String) it.next()));
            }
        }
        if (allowedOrigins != null && (allowedOrigins.contains("*") || allowedOrigins.contains(first))) {
            log.debugv("returning origin: {0}", first);
            httpServerExchange.setResponseCode(200);
            httpServerExchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_ORIGIN, first);
            httpServerExchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            return false;
        }
        if (allowedOrigins == null) {
            log.debugv("allowedOrigins was null in token", new Object[0]);
        }
        if (!allowedOrigins.contains("*") && !allowedOrigins.contains(first)) {
            log.debugv("allowedOrigins did not contain origin", new Object[0]);
        }
        httpServerExchange.setResponseCode(403);
        httpServerExchange.endExchange();
        return true;
    }
}
