package org.wildfly.security.http.oidc;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URLDecoder;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import org.jgroups.protocols.INJECT_VIEW;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.EvidenceVerifyCallback;
import org.wildfly.security.auth.callback.IdentityCredentialCallback;
import org.wildfly.security.auth.callback.SecurityIdentityCallback;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.credential.BearerTokenCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpServerCookie;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerResponse;
import org.wildfly.security.http.Scope;
import org.wildfly.security.http.oidc.Oidc;

/* loaded from: input_file:org/wildfly/security/http/oidc/OidcHttpFacade.class */
public class OidcHttpFacade {
    private final HttpServerRequest request;
    private final CallbackHandler callbackHandler;
    private final OidcClientContext oidcClientContext;
    private OidcAccount account;
    private SecurityIdentity securityIdentity;
    private boolean restored;
    private final Map<String, String> headers = new HashMap();
    private final OidcTokenStore tokenStore = createTokenStore();
    private Consumer<HttpServerResponse> responseConsumer = httpServerResponse -> {
    };

    /* loaded from: input_file:org/wildfly/security/http/oidc/OidcHttpFacade$Cookie.class */
    public class Cookie {
        protected String name;
        protected String value;
        protected int version;
        protected String domain;
        protected String path;

        public Cookie(String str, String str2, int i, String str3, String str4) {
            this.name = str;
            this.value = str2;
            this.version = i;
            this.domain = str3;
            this.path = str4;
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }

        public int getVersion() {
            return this.version;
        }

        public String getDomain() {
            return this.domain;
        }

        public String getPath() {
            return this.path;
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/OidcHttpFacade$Request.class */
    public interface Request {
        String getMethod();

        String getURI();

        String getRelativePath();

        boolean isSecure();

        String getFirstParam(String str);

        String getQueryParamValue(String str);

        Cookie getCookie(String str);

        String getHeader(String str);

        List<String> getHeaders(String str);

        InputStream getInputStream();

        InputStream getInputStream(boolean z);

        String getRemoteAddr();

        void setError(AuthenticationError authenticationError);

        void setError(LogoutError logoutError);
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/OidcHttpFacade$Response.class */
    public interface Response {
        void setStatus(int i);

        void addHeader(String str, String str2);

        void setHeader(String str, String str2);

        void resetCookie(String str, String str2);

        void setCookie(String str, String str2, String str3, String str4, int i, boolean z, boolean z2);

        OutputStream getOutputStream();

        void sendError(int i);

        void sendError(int i, String str);

        void end();
    }

    public OidcHttpFacade(HttpServerRequest httpServerRequest, OidcClientContext oidcClientContext, CallbackHandler callbackHandler) {
        this.request = httpServerRequest;
        this.oidcClientContext = oidcClientContext;
        this.callbackHandler = callbackHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationComplete(OidcAccount oidcAccount, boolean z) {
        this.securityIdentity = authorize(this.callbackHandler, oidcAccount.getPrincipal());
        if (this.securityIdentity != null) {
            this.account = oidcAccount;
            oidcAccount.setCurrentRequestInfo(oidcAccount.getOidcSecurityContext().getOidcClientConfiguration(), this.tokenStore);
            if (z) {
                this.tokenStore.saveAccountInfo(oidcAccount);
            }
        }
    }

    static final SecurityIdentity authorize(CallbackHandler callbackHandler, final Principal principal) {
        try {
            EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.1
                @Override // org.wildfly.security.evidence.Evidence
                public Principal getPrincipal() {
                    return principal;
                }
            });
            callbackHandler.handle(new Callback[]{evidenceVerifyCallback});
            if (!evidenceVerifyCallback.isVerified()) {
                return null;
            }
            Callback authorizeCallback = new AuthorizeCallback((String) null, (String) null);
            try {
                callbackHandler.handle(new Callback[]{authorizeCallback});
                authorizeCallback.isAuthorized();
                SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
                callbackHandler.handle(new Callback[]{new IdentityCredentialCallback(new BearerTokenCredential(((OidcPrincipal) OidcPrincipal.class.cast(principal)).getOidcSecurityContext().getTokenString()), true), AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback});
                return securityIdentityCallback.getSecurityIdentity();
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
        } catch (IOException | UnsupportedCallbackException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationComplete() {
        if (this.securityIdentity != null) {
            this.request.getScope(Scope.EXCHANGE).setAttachment(OidcSecurityContext.class.getName(), this.account.getOidcSecurityContext());
            this.request.authenticationComplete(httpServerResponse -> {
                if (this.restored) {
                    return;
                }
                this.responseConsumer.accept(httpServerResponse);
            }, () -> {
                this.tokenStore.logout(true);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationFailed() {
        this.request.authenticationFailed("Authentication Failed", httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void noAuthenticationInProgress() {
        this.request.noAuthenticationInProgress();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void noAuthenticationInProgress(AuthChallenge authChallenge) {
        if (authChallenge != null) {
            authChallenge.challenge(this);
        }
        this.request.noAuthenticationInProgress(httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationInProgress() {
        this.request.authenticationInProgress(httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpScope getScope(Scope scope) {
        return this.request.getScope(scope);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpScope getScope(Scope scope, String str) {
        return this.request.getScope(scope, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<String> getScopeIds(Scope scope) {
        return this.request.getScopeIds(scope);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcTokenStore getTokenStore() {
        return this.tokenStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcClientConfiguration getOidcClientConfiguration() {
        return this.oidcClientContext.resolveDeployment(this);
    }

    private OidcTokenStore createTokenStore() {
        return Oidc.TokenStore.SESSION.equals(getOidcClientConfiguration().getTokenStore()) ? new OidcSessionTokenStore(this) : new OidcCookieTokenStore(this);
    }

    public Request getRequest() {
        return new Request() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.2
            private InputStream inputStream;

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getMethod() {
                return OidcHttpFacade.this.request.getRequestMethod();
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getURI() {
                try {
                    return URLDecoder.decode(OidcHttpFacade.this.request.getRequestURI().toString(), "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    throw ElytronMessages.log.failedToDecodeRequestUri(e);
                }
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getRelativePath() {
                return OidcHttpFacade.this.request.getRequestPath();
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public boolean isSecure() {
                return OidcHttpFacade.this.request.getRequestURI().getScheme().equals("https");
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getFirstParam(String str) {
                return OidcHttpFacade.this.request.getFirstParameterValue(str);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getQueryParamValue(String str) {
                String query = OidcHttpFacade.this.request.getRequestURI().getQuery();
                if (query == null) {
                    return null;
                }
                for (String str2 : query.split("&")) {
                    String[] split = str2.split(INJECT_VIEW.VIEW_SEPARATOR, 2);
                    if (split[0].equals(str)) {
                        try {
                            return URLDecoder.decode(split[1], "UTF-8");
                        } catch (IOException e) {
                            throw ElytronMessages.log.failedToDecodeRequestUri(e);
                        }
                    }
                }
                return null;
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public Cookie getCookie(String str) {
                List<HttpServerCookie> cookies = OidcHttpFacade.this.request.getCookies();
                if (cookies == null) {
                    return null;
                }
                for (HttpServerCookie httpServerCookie : cookies) {
                    if (httpServerCookie.getName().equals(str)) {
                        return new Cookie(httpServerCookie.getName(), httpServerCookie.getValue(), httpServerCookie.getVersion(), httpServerCookie.getDomain(), httpServerCookie.getPath());
                    }
                }
                return null;
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getHeader(String str) {
                return OidcHttpFacade.this.request.getFirstRequestHeaderValue(str);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public List<String> getHeaders(String str) {
                return OidcHttpFacade.this.request.getRequestHeaderValues(str);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public InputStream getInputStream() {
                return getInputStream(false);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public InputStream getInputStream(boolean z) {
                if (this.inputStream != null) {
                    return this.inputStream;
                }
                if (!z) {
                    return OidcHttpFacade.this.request.getInputStream();
                }
                this.inputStream = new BufferedInputStream(OidcHttpFacade.this.request.getInputStream());
                OidcHttpFacade.this.request.setRequestInputStreamSupplier(() -> {
                    this.inputStream.mark(0);
                    return new ServletInputStream() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.2.1
                        public int read() throws IOException {
                            return AnonymousClass2.this.inputStream.read();
                        }

                        public boolean isFinished() {
                            try {
                                return AnonymousClass2.this.inputStream.available() == 0;
                            } catch (IOException e) {
                                return true;
                            }
                        }

                        public boolean isReady() {
                            return true;
                        }

                        public void setReadListener(ReadListener readListener) {
                            throw new UnsupportedOperationException();
                        }
                    };
                });
                return this.inputStream;
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public String getRemoteAddr() {
                InetSocketAddress sourceAddress = OidcHttpFacade.this.request.getSourceAddress();
                if (sourceAddress == null) {
                    return "";
                }
                InetAddress address = sourceAddress.getAddress();
                return address == null ? sourceAddress.getHostString() : address.getHostAddress();
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public void setError(AuthenticationError authenticationError) {
                OidcHttpFacade.this.request.getScope(Scope.EXCHANGE).setAttachment(AuthenticationError.class.getName(), authenticationError);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Request
            public void setError(LogoutError logoutError) {
                OidcHttpFacade.this.request.getScope(Scope.EXCHANGE).setAttachment(LogoutError.class.getName(), logoutError);
            }
        };
    }

    public Response getResponse() {
        return new Response() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.3
            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void setStatus(int i) {
                if (i < 200 || i > 300) {
                    OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                        httpServerResponse.setStatusCode(i);
                    });
                }
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void addHeader(final String str, final String str2) {
                OidcHttpFacade.this.headers.put(str, str2);
                OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(new Consumer<HttpServerResponse>() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.3.1
                    @Override // java.util.function.Consumer
                    public void accept(HttpServerResponse httpServerResponse) {
                        String str3 = (String) OidcHttpFacade.this.headers.get(str);
                        if (str3.equals(str2)) {
                            httpServerResponse.addResponseHeader(str, str3);
                        }
                    }
                });
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void setHeader(String str, String str2) {
                addHeader(str, str2);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void resetCookie(String str, String str2) {
                OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    setCookie(str, "", str2, null, 0, false, false, httpServerResponse);
                });
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void setCookie(String str, String str2, String str3, String str4, int i, boolean z, boolean z2) {
                OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    setCookie(str, str2, str3, str4, i, z, z2, httpServerResponse);
                });
            }

            private void setCookie(final String str, final String str2, final String str3, final String str4, final int i, final boolean z, final boolean z2, HttpServerResponse httpServerResponse) {
                httpServerResponse.setResponseCookie(new HttpServerCookie() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.3.2
                    @Override // org.wildfly.security.http.HttpServerCookie
                    public String getName() {
                        return str;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public String getValue() {
                        return str2;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public String getDomain() {
                        return str4;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public int getMaxAge() {
                        return i;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public String getPath() {
                        return str3;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public boolean isSecure() {
                        return z;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public int getVersion() {
                        return 0;
                    }

                    @Override // org.wildfly.security.http.HttpServerCookie
                    public boolean isHttpOnly() {
                        return z2;
                    }
                });
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public OutputStream getOutputStream() {
                final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(new Consumer<HttpServerResponse>() { // from class: org.wildfly.security.http.oidc.OidcHttpFacade.3.3
                    @Override // java.util.function.Consumer
                    public void accept(HttpServerResponse httpServerResponse) {
                        try {
                            httpServerResponse.getOutputStream().write(byteArrayOutputStream.toByteArray());
                        } catch (IOException e) {
                            throw ElytronMessages.log.failedToWriteToResponseOutputStream(e);
                        }
                    }
                });
                return byteArrayOutputStream;
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void sendError(int i) {
                setStatus(i);
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void sendError(int i, String str) {
                OidcHttpFacade.this.responseConsumer = OidcHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    httpServerResponse.setStatusCode(i);
                    httpServerResponse.addResponseHeader("Content-Type", Oidc.HTML_CONTENT_TYPE);
                    try {
                        httpServerResponse.getOutputStream().write(str.getBytes());
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                });
            }

            @Override // org.wildfly.security.http.oidc.OidcHttpFacade.Response
            public void end() {
            }
        };
    }

    public Certificate[] getCertificateChain() {
        return this.request.getPeerCertificates();
    }

    public OidcSecurityContext getSecurityContext() {
        if (this.account == null) {
            return null;
        }
        return this.account.getOidcSecurityContext();
    }

    public boolean restoreRequest() {
        this.restored = this.request.resumeRequest();
        return this.restored;
    }

    public void suspendRequest() {
        this.responseConsumer = this.responseConsumer.andThen(httpServerResponse -> {
            this.request.suspendRequest();
        });
    }

    public boolean isAuthorized() {
        return this.securityIdentity != null;
    }
}
