package org.keycloak.adapters.undertow;

import ar.com.fernandospr.wns.model.types.WnsCachePolicyType;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.ConfidentialPortManager;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.util.Headers;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.NodesRegistrationManagement;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.enums.TokenStore;

/* loaded from: input_file:WEB-INF/lib/keycloak-undertow-adapter-1.7.0.Final.jar:org/keycloak/adapters/undertow/ServletKeycloakAuthMech.class */
public class ServletKeycloakAuthMech extends AbstractUndertowKeycloakAuthMech {
    private static final Logger log = Logger.getLogger(ServletKeycloakAuthMech.class);
    protected NodesRegistrationManagement nodesRegistrationManagement;
    protected ConfidentialPortManager portManager;

    public ServletKeycloakAuthMech(AdapterDeploymentContext adapterDeploymentContext, UndertowUserSessionManagement undertowUserSessionManagement, NodesRegistrationManagement nodesRegistrationManagement, ConfidentialPortManager confidentialPortManager, String str) {
        super(adapterDeploymentContext, undertowUserSessionManagement, str);
        this.nodesRegistrationManagement = nodesRegistrationManagement;
        this.portManager = confidentialPortManager;
    }

    @Override // org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech
    protected Integer servePage(HttpServerExchange httpServerExchange, String str) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletRequest servletRequest = servletRequestContext.getServletRequest();
        ServletResponse servletResponse = servletRequestContext.getServletResponse();
        RequestDispatcher requestDispatcher = servletRequest.getRequestDispatcher(str);
        httpServerExchange.getResponseHeaders().add(Headers.CACHE_CONTROL, "no-cache, no-store, must-revalidate");
        httpServerExchange.getResponseHeaders().add(Headers.PRAGMA, WnsCachePolicyType.NOCACHE);
        httpServerExchange.getResponseHeaders().add(Headers.EXPIRES, "0");
        try {
            requestDispatcher.forward(servletRequest, servletResponse);
            return null;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (ServletException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        UndertowHttpFacade createFacade = createFacade(httpServerExchange);
        KeycloakDeployment resolveDeployment = this.deploymentContext.resolveDeployment(createFacade);
        if (!resolveDeployment.isConfigured()) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
        this.nodesRegistrationManagement.tryRegister(resolveDeployment);
        return keycloakAuthenticate(httpServerExchange, securityContext, createRequestAuthenticator(resolveDeployment, httpServerExchange, securityContext, createFacade));
    }

    protected RequestAuthenticator createRequestAuthenticator(KeycloakDeployment keycloakDeployment, HttpServerExchange httpServerExchange, SecurityContext securityContext, UndertowHttpFacade undertowHttpFacade) {
        return new ServletRequestAuthenticator(undertowHttpFacade, keycloakDeployment, getConfidentilPort(httpServerExchange), securityContext, httpServerExchange, getTokenStore(httpServerExchange, undertowHttpFacade, keycloakDeployment, securityContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getConfidentilPort(HttpServerExchange httpServerExchange) {
        int i = 8443;
        if (httpServerExchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
            i = httpServerExchange.getHostPort();
        } else if (this.portManager != null) {
            i = this.portManager.getConfidentialPort(httpServerExchange);
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech
    public AdapterTokenStore getTokenStore(HttpServerExchange httpServerExchange, HttpFacade httpFacade, KeycloakDeployment keycloakDeployment, SecurityContext securityContext) {
        return keycloakDeployment.getTokenStore() == TokenStore.SESSION ? new ServletSessionTokenStore(httpServerExchange, keycloakDeployment, this.sessionManagement, securityContext) : new UndertowCookieTokenStore(httpFacade, keycloakDeployment, securityContext);
    }

    @Override // org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech
    public UndertowHttpFacade createFacade(HttpServerExchange httpServerExchange) {
        return new OIDCServletUndertowHttpFacade(httpServerExchange);
    }
}
