package org.keycloak.adapters.undertow;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.NotificationReceiver;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.api.SecurityNotification;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.AttachmentKey;
import io.undertow.util.Headers;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.enums.TokenStore;

/* loaded from: input_file:WEB-INF/lib/keycloak-undertow-adapter-3.4.2.Final.jar:org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.class */
public abstract class AbstractUndertowKeycloakAuthMech implements AuthenticationMechanism {
    public static final AttachmentKey<AuthChallenge> KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class);
    protected AdapterDeploymentContext deploymentContext;
    protected UndertowUserSessionManagement sessionManagement;
    protected String errorPage;

    public AbstractUndertowKeycloakAuthMech(AdapterDeploymentContext adapterDeploymentContext, UndertowUserSessionManagement undertowUserSessionManagement, String str) {
        this.deploymentContext = adapterDeploymentContext;
        this.sessionManagement = undertowUserSessionManagement;
        this.errorPage = str;
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        AuthChallenge authChallenge = (AuthChallenge) httpServerExchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
        return (authChallenge == null || !authChallenge.challenge(createFacade(httpServerExchange))) ? new AuthenticationMechanism.ChallengeResult(false) : new AuthenticationMechanism.ChallengeResult(true, Integer.valueOf(httpServerExchange.getResponseCode()));
    }

    public UndertowHttpFacade createFacade(HttpServerExchange httpServerExchange) {
        return new OIDCUndertowHttpFacade(httpServerExchange);
    }

    protected Integer servePage(HttpServerExchange httpServerExchange, String str) {
        sendRedirect(httpServerExchange, str);
        return 307;
    }

    static void sendRedirect(HttpServerExchange httpServerExchange, String str) {
        httpServerExchange.getResponseHeaders().put(Headers.LOCATION, httpServerExchange.getRequestScheme() + "://" + httpServerExchange.getHostAndPort() + str);
    }

    protected void registerNotifications(final SecurityContext securityContext) {
        securityContext.registerNotificationReceiver(new NotificationReceiver() { // from class: org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.1
            public void handleNotification(SecurityNotification securityNotification) {
                if (securityNotification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) {
                    return;
                }
                HttpServerExchange exchange = securityNotification.getExchange();
                UndertowHttpFacade createFacade = AbstractUndertowKeycloakAuthMech.this.createFacade(exchange);
                KeycloakDeployment resolveDeployment = AbstractUndertowKeycloakAuthMech.this.deploymentContext.resolveDeployment(createFacade);
                KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
                if (!resolveDeployment.isBearerOnly() && keycloakSecurityContext != null && (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext)) {
                    ((RefreshableKeycloakSecurityContext) keycloakSecurityContext).logout(resolveDeployment);
                }
                AbstractUndertowKeycloakAuthMech.this.getTokenStore(exchange, createFacade, resolveDeployment, securityContext).logout();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationMechanism.AuthenticationMechanismOutcome keycloakAuthenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext, RequestAuthenticator requestAuthenticator) {
        AuthOutcome authenticate = requestAuthenticator.authenticate();
        if (authenticate == AuthOutcome.AUTHENTICATED) {
            registerNotifications(securityContext);
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        AuthChallenge challenge = requestAuthenticator.getChallenge();
        if (challenge != null) {
            httpServerExchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge);
        }
        return authenticate == AuthOutcome.FAILED ? AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED : AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AdapterTokenStore getTokenStore(HttpServerExchange httpServerExchange, HttpFacade httpFacade, KeycloakDeployment keycloakDeployment, SecurityContext securityContext) {
        return keycloakDeployment.getTokenStore() == TokenStore.SESSION ? new UndertowSessionTokenStore(httpServerExchange, keycloakDeployment, this.sessionManagement, securityContext) : new UndertowCookieTokenStore(httpFacade, keycloakDeployment, securityContext);
    }
}
