package org.keycloak.adapters.osgi.undertow;

import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.handlers.AuthenticationCallHandler;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.security.handlers.AuthenticationMechanismsHandler;
import io.undertow.security.handlers.SecurityInitialHandler;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.util.Collections;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.apache.cxf.transport.http_undertow.CXFUndertowHttpHandler;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.NodesRegistrationManagement;
import org.keycloak.adapters.spi.InMemorySessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.undertow.UndertowAuthenticationMechanism;
import org.keycloak.adapters.undertow.UndertowUserSessionManagement;
import org.keycloak.representations.adapters.config.AdapterConfig;

/* loaded from: input_file:org/keycloak/adapters/osgi/undertow/CxfKeycloakAuthHandler.class */
public class CxfKeycloakAuthHandler implements CXFUndertowHttpHandler {
    private static final Logger LOG = Logger.getLogger(CxfKeycloakAuthHandler.class.getName());
    private static final IdentityManager IDENTITY_MANAGER = new IdentityManager() { // from class: org.keycloak.adapters.osgi.undertow.CxfKeycloakAuthHandler.1
        public Account verify(Account account) {
            return account;
        }

        public Account verify(String str, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    };
    private Pattern skipPattern;
    private HttpHandler next;
    private KeycloakConfigResolver configResolver;
    private AdapterConfig adapterConfig;
    private final UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    protected final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
    protected final SessionIdMapper idMapper = new InMemorySessionIdMapper();
    private final AtomicReference<HttpHandler> securityHandler = new AtomicReference<>();
    private int confidentialPort = 8443;

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (shouldSkip(httpServerExchange.getRequestPath())) {
            this.next.handleRequest(httpServerExchange);
        } else {
            getSecurityHandler().handleRequest(httpServerExchange);
        }
    }

    private HttpHandler getSecurityHandler() {
        if (this.securityHandler.get() == null) {
            this.securityHandler.compareAndSet(null, new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, IDENTITY_MANAGER, "KEYCLOAK", new AuthenticationMechanismsHandler(new AuthenticationConstraintHandler(new AuthenticationCallHandler(this.next)), Collections.singletonList(new UndertowAuthenticationMechanism(buildDeploymentContext(), this.userSessionManagement, this.nodesRegistrationManagement, this.confidentialPort, (String) null)))));
        }
        return this.securityHandler.get();
    }

    private AdapterDeploymentContext buildDeploymentContext() {
        if (this.configResolver != null) {
            LOG.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", this.configResolver.getClass());
            return new AdapterDeploymentContext(this.configResolver);
        }
        if (this.adapterConfig != null) {
            return new AdapterDeploymentContext(KeycloakDeploymentBuilder.build(this.adapterConfig));
        }
        LOG.warning("Adapter is unconfigured, Keycloak will deny every request");
        return new AdapterDeploymentContext();
    }

    public void setNext(HttpHandler httpHandler) {
        this.next = httpHandler;
    }

    private boolean shouldSkip(String str) {
        return this.skipPattern != null && this.skipPattern.matcher(str).matches();
    }

    public KeycloakConfigResolver getConfigResolver() {
        return this.configResolver;
    }

    public void setConfigResolver(KeycloakConfigResolver keycloakConfigResolver) {
        this.configResolver = keycloakConfigResolver;
    }

    public int getConfidentialPort() {
        return this.confidentialPort;
    }

    public void setConfidentialPort(int i) {
        this.confidentialPort = i;
    }

    public AdapterConfig getAdapterConfig() {
        return this.adapterConfig;
    }

    public void setAdapterConfig(AdapterConfig adapterConfig) {
        this.adapterConfig = adapterConfig;
    }

    public String getSkipPattern() {
        return this.skipPattern.pattern();
    }

    public void setSkipPattern(String str) {
        this.skipPattern = Pattern.compile(str, 32);
    }
}
