package org.keycloak.adapters.undertow;

import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.Session;
import io.undertow.util.Sessions;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.HttpFacade;
import org.keycloak.adapters.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;

/* loaded from: input_file:WEB-INF/lib/keycloak-undertow-adapter-1.0.5.Final.jar:org/keycloak/adapters/undertow/UndertowRequestAuthenticator.class */
public abstract class UndertowRequestAuthenticator extends RequestAuthenticator {
    protected SecurityContext securityContext;
    protected HttpServerExchange exchange;
    protected UndertowUserSessionManagement userSessionManagement;

    public UndertowRequestAuthenticator(HttpFacade httpFacade, KeycloakDeployment keycloakDeployment, int i, SecurityContext securityContext, HttpServerExchange httpServerExchange, UndertowUserSessionManagement undertowUserSessionManagement) {
        super(httpFacade, keycloakDeployment, i);
        this.securityContext = securityContext;
        this.exchange = httpServerExchange;
        this.userSessionManagement = undertowUserSessionManagement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void propagateKeycloakContext(KeycloakUndertowAccount keycloakUndertowAccount) {
        this.exchange.putAttachment(UndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY, keycloakUndertowAccount.getKeycloakSecurityContext());
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
        return new OAuthRequestAuthenticator(this.facade, this.deployment, this.sslRedirectPort) { // from class: org.keycloak.adapters.undertow.UndertowRequestAuthenticator.1
            @Override // org.keycloak.adapters.OAuthRequestAuthenticator
            protected void saveRequest() {
            }
        };
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeOAuthAuthentication(KeycloakPrincipal keycloakPrincipal, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        KeycloakUndertowAccount createAccount = createAccount(keycloakPrincipal, refreshableKeycloakSecurityContext);
        this.securityContext.authenticationComplete(createAccount, "KEYCLOAK", false);
        propagateKeycloakContext(createAccount);
        login(createAccount);
    }

    protected void login(KeycloakAccount keycloakAccount) {
        Session orCreateSession = Sessions.getOrCreateSession(this.exchange);
        orCreateSession.setAttribute(KeycloakUndertowAccount.class.getName(), keycloakAccount);
        this.userSessionManagement.login(orCreateSession.getSessionManager(), orCreateSession.getId(), keycloakAccount.getPrincipal().getName(), keycloakAccount.getKeycloakSecurityContext().getToken().getSessionState());
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected void completeBearerAuthentication(KeycloakPrincipal keycloakPrincipal, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        KeycloakUndertowAccount createAccount = createAccount(keycloakPrincipal, refreshableKeycloakSecurityContext);
        this.securityContext.authenticationComplete(createAccount, "KEYCLOAK", false);
        propagateKeycloakContext(createAccount);
    }

    @Override // org.keycloak.adapters.RequestAuthenticator
    protected boolean isCached() {
        Session session = Sessions.getSession(this.exchange);
        if (session == null) {
            log.info("session was null, returning null");
            return false;
        }
        KeycloakUndertowAccount keycloakUndertowAccount = (KeycloakUndertowAccount) session.getAttribute(KeycloakUndertowAccount.class.getName());
        if (keycloakUndertowAccount == null) {
            log.info("Account was not in session, returning null");
            return false;
        }
        keycloakUndertowAccount.setDeployment(this.deployment);
        if (!keycloakUndertowAccount.isActive()) {
            log.info("Account was not active, returning false");
            session.removeAttribute(KeycloakUndertowAccount.class.getName());
            return false;
        }
        log.info("Cached account found");
        this.securityContext.authenticationComplete(keycloakUndertowAccount, "KEYCLOAK", false);
        propagateKeycloakContext(keycloakUndertowAccount);
        return true;
    }

    protected abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal keycloakPrincipal, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext);
}
