package org.keycloak.adapters.undertow;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.NotificationReceiver;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.api.SecurityNotification;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.Session;
import io.undertow.util.AttachmentKey;
import io.undertow.util.Sessions;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.AuthOutcome;
import org.keycloak.adapters.RequestAuthenticator;

/* loaded from: input_file:org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.class */
public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanism {
    public static final AttachmentKey<AuthChallenge> KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class);
    protected AdapterDeploymentContext deploymentContext;

    public UndertowKeycloakAuthMech(AdapterDeploymentContext adapterDeploymentContext) {
        this.deploymentContext = adapterDeploymentContext;
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        AuthChallenge authChallenge = (AuthChallenge) httpServerExchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
        return (authChallenge == null || !authChallenge.challenge(new UndertowHttpFacade(httpServerExchange))) ? new AuthenticationMechanism.ChallengeResult(false) : new AuthenticationMechanism.ChallengeResult(true, Integer.valueOf(httpServerExchange.getResponseCode()));
    }

    protected void registerNotifications(SecurityContext securityContext) {
        securityContext.registerNotificationReceiver(new NotificationReceiver() { // from class: org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.1
            public void handleNotification(SecurityNotification securityNotification) {
                Session session;
                KeycloakUndertowAccount keycloakUndertowAccount;
                if (securityNotification.getEventType() != SecurityNotification.EventType.LOGGED_OUT || (session = Sessions.getSession(securityNotification.getExchange())) == null || (keycloakUndertowAccount = (KeycloakUndertowAccount) session.getAttribute(KeycloakUndertowAccount.class.getName())) == null) {
                    return;
                }
                session.removeAttribute(KeycloakUndertowAccount.class.getName());
                if (keycloakUndertowAccount.m2getKeycloakSecurityContext() != null) {
                    keycloakUndertowAccount.m2getKeycloakSecurityContext().logout(UndertowKeycloakAuthMech.this.deploymentContext.getDeployment());
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationMechanism.AuthenticationMechanismOutcome keycloakAuthenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext, RequestAuthenticator requestAuthenticator) {
        AuthOutcome authenticate = requestAuthenticator.authenticate();
        if (authenticate == AuthOutcome.AUTHENTICATED) {
            registerNotifications(securityContext);
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        AuthChallenge challenge = requestAuthenticator.getChallenge();
        if (challenge != null) {
            httpServerExchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge);
        }
        return authenticate == AuthOutcome.FAILED ? AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED : AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }
}
