package org.keycloak.proxy;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.AttachmentKey;
import org.jboss.logging.Logger;
import org.keycloak.proxy.SecurityInfo;

/* loaded from: input_file:org/keycloak/proxy/ConstraintMatcherHandler.class */
public class ConstraintMatcherHandler implements HttpHandler {
    protected static Logger log = Logger.getLogger(ConstraintMatcherHandler.class);
    public static final AttachmentKey<SingleConstraintMatch> CONSTRAINT_KEY = AttachmentKey.create(SingleConstraintMatch.class);
    protected SecurityPathMatches matcher;
    protected HttpHandler securedHandler;
    protected HttpHandler unsecuredHandler;
    protected String errorPage;

    public ConstraintMatcherHandler(SecurityPathMatches securityPathMatches, HttpHandler httpHandler, HttpHandler httpHandler2, String str) {
        this.matcher = securityPathMatches;
        this.securedHandler = httpHandler;
        this.unsecuredHandler = httpHandler2;
        this.errorPage = str;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        log.debugv("ConstraintMatcherHandler: {0}", httpServerExchange.getRelativePath());
        SingleConstraintMatch securityInfo = this.matcher.getSecurityInfo(httpServerExchange.getRelativePath(), httpServerExchange.getRequestMethod().toString());
        if (securityInfo == null || (securityInfo.getRequiredRoles().isEmpty() && securityInfo.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.PERMIT)) {
            this.unsecuredHandler.handleRequest(httpServerExchange);
            return;
        }
        if (!securityInfo.getRequiredRoles().isEmpty() || securityInfo.getEmptyRoleSemantic() != SecurityInfo.EmptyRoleSemantic.DENY) {
            log.debug("found constraint");
            httpServerExchange.getSecurityContext().setAuthenticationRequired();
            httpServerExchange.putAttachment(CONSTRAINT_KEY, securityInfo);
            this.securedHandler.handleRequest(httpServerExchange);
            return;
        }
        if (this.errorPage == null) {
            httpServerExchange.setResponseCode(403);
            httpServerExchange.endExchange();
        } else {
            httpServerExchange.setRequestPath(this.errorPage);
            httpServerExchange.setRelativePath(this.errorPage);
            httpServerExchange.setResolvedPath(this.errorPage);
            this.unsecuredHandler.handleRequest(httpServerExchange);
        }
    }
}
