package org.wildfly.security.http.util.sso;

import java.security.Principal;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.cache.CachedIdentity;
import org.wildfly.security.cache.IdentityCache;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
import org.wildfly.security.http.HttpServerCookie;
import org.wildfly.security.http.HttpServerMechanismsResponder;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerRequestWrapper;
import org.wildfly.security.http.HttpServerResponse;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.1.Final.jar:org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.class */
public class SingleSignOnServerMechanismFactory implements HttpServerAuthenticationMechanismFactory {
    private final HttpServerAuthenticationMechanismFactory delegate;
    private final SingleSignOnConfiguration configuration;
    private final SingleSignOnSessionFactory singleSignOnSessionFactory;

    /* renamed from: org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.1.Final.jar:org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory$1.class */
    class AnonymousClass1 implements HttpServerAuthenticationMechanism {
        final /* synthetic */ String val$mechanismName;
        final /* synthetic */ Map val$properties;
        final /* synthetic */ CallbackHandler val$callbackHandler;

        AnonymousClass1(String str, Map map, CallbackHandler callbackHandler) {
            this.val$mechanismName = str;
            this.val$properties = map;
            this.val$callbackHandler = callbackHandler;
        }

        @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
        public String getMechanismName() {
            return this.val$mechanismName;
        }

        @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
        public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
            SingleSignOnSession singleSignOnSession = getSingleSignOnSession(httpServerRequest);
            if (singleSignOnSession.logout()) {
                singleSignOnSession.close();
                return;
            }
            HttpServerAuthenticationMechanism targetMechanism = getTargetMechanism(this.val$mechanismName, singleSignOnSession);
            if (targetMechanism == null) {
                throw ElytronMessages.log.httpServerAuthenticationMechanismNotFound(this.val$mechanismName);
            }
            targetMechanism.evaluateRequest(createHttpServerRequest(httpServerRequest, singleSignOnSession));
        }

        private SingleSignOnSession getSingleSignOnSession(HttpServerRequest httpServerRequest) {
            HttpServerCookie cookie = getCookie(httpServerRequest);
            String value = cookie != null ? cookie.getValue() : null;
            SingleSignOnSession find = value != null ? SingleSignOnServerMechanismFactory.this.singleSignOnSessionFactory.find(value, httpServerRequest) : null;
            return find == null ? SingleSignOnServerMechanismFactory.this.singleSignOnSessionFactory.create(httpServerRequest, this.val$mechanismName) : find;
        }

        private HttpServerAuthenticationMechanism getTargetMechanism(String str, SingleSignOnSession singleSignOnSession) throws HttpAuthenticationException {
            return SingleSignOnServerMechanismFactory.this.delegate.createAuthenticationMechanism(str, this.val$properties, SingleSignOnServerMechanismFactory.this.createCallbackHandler(this.val$callbackHandler, str, singleSignOnSession));
        }

        private HttpServerRequest createHttpServerRequest(final HttpServerRequest httpServerRequest, final SingleSignOnSession singleSignOnSession) {
            return new HttpServerRequestWrapper(httpServerRequest) { // from class: org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory.1.1
                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void noAuthenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
                    HttpServerRequest httpServerRequest2 = httpServerRequest;
                    HttpServerRequest httpServerRequest3 = httpServerRequest;
                    SingleSignOnSession singleSignOnSession2 = singleSignOnSession;
                    httpServerRequest2.noAuthenticationInProgress(httpServerResponse -> {
                        try {
                            AnonymousClass1.this.clearCookie(httpServerRequest3, httpServerResponse, singleSignOnSession2);
                            if (httpServerMechanismsResponder != null) {
                                httpServerMechanismsResponder.sendResponse(httpServerResponse);
                            }
                        } finally {
                            singleSignOnSession2.close();
                        }
                    });
                }

                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void authenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
                    HttpServerRequest httpServerRequest2 = httpServerRequest;
                    HttpServerRequest httpServerRequest3 = httpServerRequest;
                    SingleSignOnSession singleSignOnSession2 = singleSignOnSession;
                    httpServerRequest2.authenticationInProgress(httpServerResponse -> {
                        try {
                            AnonymousClass1.this.clearCookie(httpServerRequest3, httpServerResponse, singleSignOnSession2);
                            if (httpServerMechanismsResponder != null) {
                                httpServerMechanismsResponder.sendResponse(httpServerResponse);
                            }
                        } finally {
                            singleSignOnSession2.close();
                        }
                    });
                }

                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void authenticationComplete(HttpServerMechanismsResponder httpServerMechanismsResponder) {
                    HttpServerRequest httpServerRequest2 = httpServerRequest;
                    SingleSignOnSession singleSignOnSession2 = singleSignOnSession;
                    HttpServerRequest httpServerRequest3 = httpServerRequest;
                    httpServerRequest2.authenticationComplete(httpServerResponse -> {
                        try {
                            String id = singleSignOnSession2.getId();
                            if (id != null && AnonymousClass1.this.getCookie(httpServerRequest3) == null) {
                                httpServerResponse.setResponseCookie(AnonymousClass1.this.createCookie(id, -1));
                            }
                            if (httpServerMechanismsResponder != null) {
                                httpServerMechanismsResponder.sendResponse(httpServerResponse);
                            }
                        } finally {
                            singleSignOnSession2.close();
                        }
                    });
                }

                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void authenticationComplete(HttpServerMechanismsResponder httpServerMechanismsResponder, Runnable runnable) {
                    HttpServerRequest httpServerRequest2 = httpServerRequest;
                    SingleSignOnSession singleSignOnSession2 = singleSignOnSession;
                    HttpServerRequest httpServerRequest3 = httpServerRequest;
                    httpServerRequest2.authenticationComplete(httpServerResponse -> {
                        try {
                            String id = singleSignOnSession2.getId();
                            if (id != null && AnonymousClass1.this.getCookie(httpServerRequest3) == null) {
                                httpServerResponse.setResponseCookie(AnonymousClass1.this.createCookie(id, -1));
                            }
                            if (httpServerMechanismsResponder != null) {
                                httpServerMechanismsResponder.sendResponse(httpServerResponse);
                            }
                        } finally {
                            singleSignOnSession2.close();
                        }
                    }, runnable);
                }

                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void authenticationFailed(String str, HttpServerMechanismsResponder httpServerMechanismsResponder) {
                    HttpServerRequest httpServerRequest2 = httpServerRequest;
                    HttpServerRequest httpServerRequest3 = httpServerRequest;
                    SingleSignOnSession singleSignOnSession2 = singleSignOnSession;
                    httpServerRequest2.authenticationFailed(str, httpServerResponse -> {
                        try {
                            AnonymousClass1.this.clearCookie(httpServerRequest3, httpServerResponse, singleSignOnSession2);
                            if (httpServerMechanismsResponder != null) {
                                httpServerMechanismsResponder.sendResponse(httpServerResponse);
                            }
                        } finally {
                            singleSignOnSession2.close();
                        }
                    });
                }

                @Override // org.wildfly.security.http.HttpServerRequestWrapper, org.wildfly.security.http.HttpServerRequest
                public void badRequest(HttpAuthenticationException httpAuthenticationException, HttpServerMechanismsResponder httpServerMechanismsResponder) {
                    try {
                        httpServerRequest.badRequest(httpAuthenticationException, httpServerMechanismsResponder);
                    } finally {
                        singleSignOnSession.close();
                    }
                }
            };
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void clearCookie(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse, IdentityCache identityCache) {
            identityCache.remove();
            if (getCookie(httpServerRequest) != null) {
                httpServerResponse.setResponseCookie(createCookie(null, 0));
            }
        }

        HttpServerCookie getCookie(HttpServerRequest httpServerRequest) {
            return httpServerRequest.getCookies().stream().filter(httpServerCookie -> {
                return SingleSignOnServerMechanismFactory.this.configuration.getCookieName().equals(httpServerCookie.getName());
            }).findFirst().orElse(null);
        }

        HttpServerCookie createCookie(final String str, final int i) {
            return new HttpServerCookie() { // from class: org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory.1.2
                @Override // org.wildfly.security.http.HttpServerCookie
                public String getName() {
                    return SingleSignOnServerMechanismFactory.this.configuration.getCookieName();
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public String getValue() {
                    return str;
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public String getDomain() {
                    return SingleSignOnServerMechanismFactory.this.configuration.getDomain();
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public int getMaxAge() {
                    return i;
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public String getPath() {
                    return SingleSignOnServerMechanismFactory.this.configuration.getPath();
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public boolean isSecure() {
                    return SingleSignOnServerMechanismFactory.this.configuration.isSecure();
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public int getVersion() {
                    return 0;
                }

                @Override // org.wildfly.security.http.HttpServerCookie
                public boolean isHttpOnly() {
                    return SingleSignOnServerMechanismFactory.this.configuration.isHttpOnly();
                }
            };
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.1.Final.jar:org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory$SingleSignOnConfiguration.class */
    public static final class SingleSignOnConfiguration {
        private final String cookieName;
        private final String domain;
        private final String path;
        private final boolean httpOnly;
        private final boolean secure;

        public SingleSignOnConfiguration(String str, String str2, String str3, boolean z, boolean z2) {
            this.cookieName = str;
            this.domain = str2;
            this.path = str3;
            this.httpOnly = z;
            this.secure = z2;
        }

        public String getCookieName() {
            return this.cookieName;
        }

        public String getDomain() {
            return this.domain;
        }

        public String getPath() {
            return this.path;
        }

        public boolean isSecure() {
            return this.secure;
        }

        public boolean isHttpOnly() {
            return this.httpOnly;
        }
    }

    public SingleSignOnServerMechanismFactory(HttpServerAuthenticationMechanismFactory httpServerAuthenticationMechanismFactory, SingleSignOnSessionFactory singleSignOnSessionFactory, SingleSignOnConfiguration singleSignOnConfiguration) {
        this.delegate = httpServerAuthenticationMechanismFactory;
        this.configuration = singleSignOnConfiguration;
        this.singleSignOnSessionFactory = singleSignOnSessionFactory;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanismFactory
    public String[] getMechanismNames(Map<String, ?> map) {
        return this.delegate.getMechanismNames(map);
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanismFactory
    public HttpServerAuthenticationMechanism createAuthenticationMechanism(String str, Map<String, ?> map, CallbackHandler callbackHandler) throws HttpAuthenticationException {
        return new AnonymousClass1(str, map, callbackHandler);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CallbackHandler createCallbackHandler(CallbackHandler callbackHandler, String str, SingleSignOnSession singleSignOnSession) {
        return callbackArr -> {
            CachedIdentity cachedIdentity = singleSignOnSession.get();
            if (cachedIdentity == null || str.equals(cachedIdentity.getMechanismName())) {
                for (int i = 0; i < callbackArr.length; i++) {
                    Callback callback = callbackArr[i];
                    if (callback instanceof CachedIdentityAuthorizeCallback) {
                        final CachedIdentityAuthorizeCallback cachedIdentityAuthorizeCallback = (CachedIdentityAuthorizeCallback) callback;
                        if (!cachedIdentityAuthorizeCallback.isLocalCache()) {
                            Principal authorizationPrincipal = cachedIdentityAuthorizeCallback.getAuthorizationPrincipal();
                            if (authorizationPrincipal != null) {
                                callbackArr[i] = new CachedIdentityAuthorizeCallback(authorizationPrincipal, singleSignOnSession) { // from class: org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory.2
                                    @Override // org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback
                                    public void setAuthorized(SecurityIdentity securityIdentity) {
                                        super.setAuthorized(securityIdentity);
                                        cachedIdentityAuthorizeCallback.setAuthorized(securityIdentity);
                                    }
                                };
                            } else {
                                callbackArr[i] = new CachedIdentityAuthorizeCallback(singleSignOnSession, cachedIdentityAuthorizeCallback.isLocalCache()) { // from class: org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory.3
                                    @Override // org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback
                                    public void setAuthorized(SecurityIdentity securityIdentity) {
                                        super.setAuthorized(securityIdentity);
                                        cachedIdentityAuthorizeCallback.setAuthorized(securityIdentity);
                                    }
                                };
                            }
                        }
                    }
                }
            }
            callbackHandler.handle(callbackArr);
        };
    }
}
