package org.wildfly.security.http;

import java.util.List;
import java.util.function.Supplier;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.server.SecurityIdentity;

/* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator.class */
public class HttpAuthenticator {
    private final Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
    private final HttpExchangeSpi httpExchangeSpi;
    private final boolean required;
    private final boolean ignoreOptionalFailures;
    private volatile boolean authenticated;

    /* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator$AuthenticationExchange.class */
    private class AuthenticationExchange extends HttpServerExchange {
        private volatile HttpServerAuthenticationMechanism currentMechanism;
        private volatile int responseCode;
        private volatile boolean responseCodeAllowed;

        AuthenticationExchange() {
            super(HttpAuthenticator.this.httpExchangeSpi);
            this.responseCode = -1;
            this.responseCodeAllowed = false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean authenticate() throws HttpAuthenticationException {
            List<HttpServerAuthenticationMechanism> list = (List) HttpAuthenticator.this.mechanismSupplier.get();
            try {
                boolean z = false;
                for (HttpServerAuthenticationMechanism httpServerAuthenticationMechanism : list) {
                    this.currentMechanism = httpServerAuthenticationMechanism;
                    z |= httpServerAuthenticationMechanism.evaluateRequest(this);
                    if (HttpAuthenticator.this.isAuthenticated()) {
                        return true;
                    }
                }
                this.currentMechanism = null;
                if (HttpAuthenticator.this.required || (z && !HttpAuthenticator.this.ignoreOptionalFailures)) {
                    this.responseCodeAllowed = true;
                    boolean z2 = false;
                    for (HttpServerAuthenticationMechanism httpServerAuthenticationMechanism2 : list) {
                        this.currentMechanism = httpServerAuthenticationMechanism2;
                        z2 |= httpServerAuthenticationMechanism2.prepareResponse(this);
                    }
                    this.currentMechanism = null;
                    if (!z2 && (HttpAuthenticator.this.required || (z && !HttpAuthenticator.this.ignoreOptionalFailures))) {
                        HttpAuthenticator.this.httpExchangeSpi.setResponseCode(HttpConstants.FORBIDDEN);
                        list.forEach(httpServerAuthenticationMechanism3 -> {
                            httpServerAuthenticationMechanism3.dispose();
                        });
                        return false;
                    }
                    if (z2) {
                        HttpAuthenticator.this.httpExchangeSpi.setResponseCode(this.responseCode);
                        list.forEach(httpServerAuthenticationMechanism32 -> {
                            httpServerAuthenticationMechanism32.dispose();
                        });
                        return false;
                    }
                }
                list.forEach(httpServerAuthenticationMechanism322 -> {
                    httpServerAuthenticationMechanism322.dispose();
                });
                return true;
            } finally {
                list.forEach(httpServerAuthenticationMechanism3222 -> {
                    httpServerAuthenticationMechanism3222.dispose();
                });
            }
        }

        @Override // org.wildfly.security.http.HttpServerExchange
        public void setResponseCode(int i) {
            if (!this.responseCodeAllowed) {
                throw ElytronMessages.log.responseCodeNotNow();
            }
            if (this.responseCode < 0 || i != 200) {
                this.responseCode = i;
            }
        }

        @Override // org.wildfly.security.http.HttpServerExchange
        public void authenticationComplete(SecurityIdentity securityIdentity) {
            HttpAuthenticator.this.authenticated = true;
            HttpAuthenticator.this.httpExchangeSpi.authenticationComplete(securityIdentity, this.currentMechanism.getMechanismName());
        }

        @Override // org.wildfly.security.http.HttpServerExchange
        public void authenticationFailed(String str) {
            HttpAuthenticator.this.httpExchangeSpi.authenticationFailed(str, this.currentMechanism.getMechanismName());
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator$Builder.class */
    public static class Builder {
        private Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
        private HttpExchangeSpi httpExchangeSpi;
        private boolean required;
        private boolean ignoreOptionalFailures;

        private Builder() {
        }

        public Builder setMechanismSupplier(Supplier<List<HttpServerAuthenticationMechanism>> supplier) {
            this.mechanismSupplier = supplier;
            return this;
        }

        public Builder setHttpExchangeSpi(HttpExchangeSpi httpExchangeSpi) {
            this.httpExchangeSpi = httpExchangeSpi;
            return this;
        }

        public Builder setRequired(boolean z) {
            this.required = z;
            return this;
        }

        public Builder setIgnoreOptionalFailures(boolean z) {
            this.ignoreOptionalFailures = z;
            return this;
        }

        public HttpAuthenticator build() {
            return new HttpAuthenticator(this.mechanismSupplier, this.httpExchangeSpi, this.required, this.ignoreOptionalFailures);
        }
    }

    private HttpAuthenticator(Supplier<List<HttpServerAuthenticationMechanism>> supplier, HttpExchangeSpi httpExchangeSpi, boolean z, boolean z2) {
        this.authenticated = false;
        this.mechanismSupplier = supplier;
        this.httpExchangeSpi = httpExchangeSpi;
        this.required = z;
        this.ignoreOptionalFailures = z2;
    }

    public boolean authenticate() throws HttpAuthenticationException {
        return new AuthenticationExchange().authenticate();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthenticated() {
        return this.authenticated;
    }

    public static Builder builder() {
        return new Builder();
    }
}
