package org.keycloak.adapters.undertow;

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.SessionManager;
import io.undertow.servlet.handlers.ServletRequestContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.logging.Logger;
import org.keycloak.adapters.config.RealmConfiguration;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.util.StreamUtil;

/* loaded from: input_file:org/keycloak/adapters/undertow/ServletAdminActionsHandler.class */
public class ServletAdminActionsHandler implements HttpHandler {
    private static final Logger log = Logger.getLogger(ServletAdminActionsHandler.class);
    protected HttpHandler next;
    protected UserSessionManagement userSessionManagement;
    protected RealmConfiguration realmConfig;

    /* loaded from: input_file:org/keycloak/adapters/undertow/ServletAdminActionsHandler$Wrapper.class */
    public static class Wrapper implements HandlerWrapper {
        protected RealmConfiguration realmConfig;
        protected UserSessionManagement userSessionManagement;

        public Wrapper(RealmConfiguration realmConfiguration, UserSessionManagement userSessionManagement) {
            this.realmConfig = realmConfiguration;
            this.userSessionManagement = userSessionManagement;
        }

        public HttpHandler wrap(HttpHandler httpHandler) {
            return new ServletAdminActionsHandler(this.realmConfig, this.userSessionManagement, httpHandler);
        }
    }

    protected ServletAdminActionsHandler(RealmConfiguration realmConfiguration, UserSessionManagement userSessionManagement, HttpHandler httpHandler) {
        this.next = httpHandler;
        this.userSessionManagement = userSessionManagement;
        this.realmConfig = realmConfiguration;
    }

    protected JWSInput verifyAdminRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String readString = StreamUtil.readString(httpServletRequest.getInputStream());
        if (readString == null) {
            log.warn("admin request failed, no token");
            httpServletResponse.sendError(403, "no token");
            return null;
        }
        JWSInput jWSInput = new JWSInput(readString);
        boolean z = false;
        try {
            z = RSAProvider.verify(jWSInput, this.realmConfig.getMetadata().getRealmKey());
        } catch (Exception e) {
        }
        if (z) {
            return jWSInput;
        }
        log.warn("admin request failed, unable to verify token");
        httpServletResponse.sendError(403, "verification failed");
        return null;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        log.debugv("adminActions {0}", httpServerExchange.getRequestURI());
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequestContext.getServletRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletRequestContext.getServletResponse();
        SessionManager sessionManager = servletRequestContext.getDeployment().getSessionManager();
        if (!httpServerExchange.getRequestURI().endsWith("k_logout")) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        JWSInput verifyAdminRequest = verifyAdminRequest(httpServletRequest, httpServletResponse);
        if (verifyAdminRequest == null) {
            return;
        }
        this.userSessionManagement.remoteLogout(verifyAdminRequest, sessionManager, httpServletResponse);
    }
}
