package org.keycloak.adapters.saml.elytron;

import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlAuthenticator;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlDeploymentContext;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/keycloak/adapters/saml/elytron/KeycloakHttpServerAuthenticationMechanism.class */
class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticationMechanism {
    static Logger LOGGER = Logger.getLogger(KeycloakHttpServerAuthenticationMechanismFactory.class);
    static final String NAME = "KEYCLOAK-SAML";
    private final Map<String, ?> properties;
    private final CallbackHandler callbackHandler;
    private final SamlDeploymentContext deploymentContext;
    private final SessionIdMapper idMapper;

    public KeycloakHttpServerAuthenticationMechanism(Map<String, ?> map, CallbackHandler callbackHandler, SamlDeploymentContext samlDeploymentContext, SessionIdMapper sessionIdMapper) {
        this.properties = map;
        this.callbackHandler = callbackHandler;
        this.deploymentContext = samlDeploymentContext;
        this.idMapper = sessionIdMapper;
    }

    public String getMechanismName() {
        return NAME;
    }

    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        LOGGER.debugf("Evaluating request for path [%s]", httpServerRequest.getRequestURI());
        SamlDeploymentContext deploymentContext = getDeploymentContext(httpServerRequest);
        if (deploymentContext == null) {
            LOGGER.debugf("Ignoring request for path [%s] from mechanism [%s]. No deployment context found.", httpServerRequest.getRequestURI());
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        ElytronHttpFacade elytronHttpFacade = new ElytronHttpFacade(httpServerRequest, this.idMapper, deploymentContext, this.callbackHandler);
        SamlDeployment deployment = elytronHttpFacade.getDeployment();
        if (!deployment.isConfigured()) {
            httpServerRequest.noAuthenticationInProgress();
            return;
        }
        if (elytronHttpFacade.getRequest().getRelativePath().contains(deployment.getLogoutPage())) {
            LOGGER.debugf("Ignoring request for [%s] and logout page [%s].", httpServerRequest.getRequestURI(), deployment.getLogoutPage());
            elytronHttpFacade.authenticationCompleteAnonymous();
            return;
        }
        SamlAuthenticator elytronSamlEndpoint = elytronHttpFacade.getRequest().getRelativePath().endsWith("/saml") ? new ElytronSamlEndpoint(elytronHttpFacade, deployment) : new ElytronSamlAuthenticator(elytronHttpFacade, deployment, this.callbackHandler);
        AuthOutcome authenticate = elytronSamlEndpoint.authenticate();
        if (authenticate == AuthOutcome.AUTHENTICATED) {
            elytronHttpFacade.authenticationComplete();
            return;
        }
        if (authenticate == AuthOutcome.NOT_AUTHENTICATED) {
            elytronHttpFacade.noAuthenticationInProgress(null);
            return;
        }
        if (authenticate == AuthOutcome.LOGGED_OUT) {
            if (deployment.getLogoutPage() != null) {
                redirectLogout(deployment, elytronHttpFacade);
            }
            elytronHttpFacade.authenticationInProgress();
            return;
        }
        AuthChallenge challenge = elytronSamlEndpoint.getChallenge();
        if (challenge != null) {
            elytronHttpFacade.noAuthenticationInProgress(challenge);
        } else if (authenticate == AuthOutcome.FAILED) {
            elytronHttpFacade.authenticationFailed();
        } else {
            elytronHttpFacade.authenticationInProgress();
        }
    }

    private SamlDeploymentContext getDeploymentContext(HttpServerRequest httpServerRequest) {
        return this.deploymentContext == null ? (SamlDeploymentContext) httpServerRequest.getScope(Scope.APPLICATION).getAttachment(SamlDeploymentContext.class.getName()) : this.deploymentContext;
    }

    protected void redirectLogout(SamlDeployment samlDeployment, ElytronHttpFacade elytronHttpFacade) {
        sendRedirect(elytronHttpFacade, samlDeployment.getLogoutPage());
        elytronHttpFacade.getResponse().setStatus(302);
    }

    static void sendRedirect(ElytronHttpFacade elytronHttpFacade, String str) {
        String path = elytronHttpFacade.getURI().getPath();
        elytronHttpFacade.getResponse().setHeader("Location", elytronHttpFacade.getURI().getScheme() + "://" + elytronHttpFacade.getURI().getHost() + ":" + elytronHttpFacade.getURI().getPort() + path.substring(0, path.indexOf(elytronHttpFacade.getRequest().getRelativePath())) + str);
    }
}
