package org.wildfly.security.http.external;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.mechanism._private.MechanismUtil;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/http/external/ExternalAuthenticationMechanism.class */
public class ExternalAuthenticationMechanism implements HttpServerAuthenticationMechanism {
    private final CallbackHandler callbackHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExternalAuthenticationMechanism(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public String getMechanismName() {
        return "EXTERNAL";
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        String remoteUser = httpServerRequest.getRemoteUser();
        if (remoteUser == null) {
            httpServerRequest.noAuthenticationInProgress();
        } else if (authorize(remoteUser)) {
            succeed(httpServerRequest);
        } else {
            fail(httpServerRequest);
        }
    }

    private boolean authorize(String str) throws HttpAuthenticationException {
        Callback authorizeCallback = new AuthorizeCallback(str, str);
        try {
            MechanismUtil.handleCallbacks(ElytronMessages.httpExternal, this.callbackHandler, authorizeCallback);
            return authorizeCallback.isAuthorized();
        } catch (UnsupportedCallbackException e) {
            throw ElytronMessages.httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException();
        } catch (AuthenticationMechanismException e2) {
            throw e2.toHttpAuthenticationException();
        }
    }

    private void succeed(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        try {
            MechanismUtil.handleCallbacks(ElytronMessages.httpExternal, this.callbackHandler, AuthenticationCompleteCallback.SUCCEEDED);
            httpServerRequest.authenticationComplete();
        } catch (UnsupportedCallbackException e) {
            throw ElytronMessages.httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException();
        } catch (AuthenticationMechanismException e2) {
            throw e2.toHttpAuthenticationException();
        }
    }

    private void fail(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        try {
            MechanismUtil.handleCallbacks(ElytronMessages.httpExternal, this.callbackHandler, AuthenticationCompleteCallback.FAILED);
            httpServerRequest.authenticationFailed(ElytronMessages.httpExternal.authenticationFailed(), httpServerResponse -> {
                httpServerResponse.setStatusCode(403);
            });
        } catch (UnsupportedCallbackException e) {
            throw ElytronMessages.httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException();
        } catch (AuthenticationMechanismException e2) {
            throw e2.toHttpAuthenticationException();
        }
    }
}
