package io.undertow.servlet.handlers.security;

import io.undertow.security.handlers.SinglePortConfidentialityHandler;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.UndertowServletMessages;
import io.undertow.servlet.api.ConfidentialPortManager;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.0.27.Final/undertow-servlet-2.0.27.Final.jar:io/undertow/servlet/handlers/security/ServletConfidentialityConstraintHandler.class */
public class ServletConfidentialityConstraintHandler extends SinglePortConfidentialityHandler {
    private final ConfidentialPortManager portManager;

    public ServletConfidentialityConstraintHandler(ConfidentialPortManager confidentialPortManager, HttpHandler httpHandler) {
        super(httpHandler, -1);
        this.portManager = confidentialPortManager;
    }

    @Override // io.undertow.security.handlers.AbstractConfidentialityHandler, io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        TransportGuaranteeType transportGuarantee = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager().transportGuarantee(servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE, servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
        servletRequestContext.setTransportGuarenteeType(transportGuarantee);
        if (TransportGuaranteeType.REJECTED == transportGuarantee) {
            ((HttpServletResponse) servletRequestContext.getServletResponse()).sendError(403);
        } else {
            super.handleRequest(httpServerExchange);
        }
    }

    @Override // io.undertow.security.handlers.AbstractConfidentialityHandler
    protected boolean confidentialityRequired(HttpServerExchange httpServerExchange) {
        TransportGuaranteeType transportGuarenteeType = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getTransportGuarenteeType();
        return TransportGuaranteeType.CONFIDENTIAL == transportGuarenteeType || TransportGuaranteeType.INTEGRAL == transportGuarenteeType;
    }

    @Override // io.undertow.security.handlers.SinglePortConfidentialityHandler, io.undertow.security.handlers.AbstractConfidentialityHandler
    protected URI getRedirectURI(HttpServerExchange httpServerExchange) throws URISyntaxException {
        int confidentialPort = this.portManager.getConfidentialPort(httpServerExchange);
        if (confidentialPort < 0) {
            throw UndertowServletMessages.MESSAGES.noConfidentialPortAvailable();
        }
        return super.getRedirectURI(httpServerExchange, confidentialPort);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.undertow.security.handlers.AbstractConfidentialityHandler
    public boolean isConfidential(HttpServerExchange httpServerExchange) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        return servletRequestContext != null ? servletRequestContext.getOriginalRequest().isSecure() : super.isConfidential(httpServerExchange);
    }
}
