package org.wildfly.security.http;

import java.util.ArrayList;
import java.util.List;
import java.util.function.Supplier;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.server.SecurityIdentity;

/* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator.class */
public class HttpAuthenticator {
    private final Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
    private final HttpExchangeSpi httpExchangeSpi;
    private final boolean required;
    private final boolean ignoreOptionalFailures;
    private volatile boolean authenticated;

    /* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator$AuthenticationExchange.class */
    private class AuthenticationExchange implements HttpServerRequest, HttpServerResponse {
        private volatile HttpServerAuthenticationMechanism currentMechanism;
        private volatile boolean authenticationAttempted;
        private volatile int responseCode;
        private volatile boolean responseCodeAllowed;
        private volatile List<HttpServerMechanismsResponder> responders;
        private volatile HttpServerMechanismsResponder successResponder;

        private AuthenticationExchange() {
            this.authenticationAttempted = false;
            this.responseCode = -1;
            this.responseCodeAllowed = false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean authenticate() throws HttpAuthenticationException {
            List<HttpServerAuthenticationMechanism> list = (List) HttpAuthenticator.this.mechanismSupplier.get();
            this.responders = new ArrayList(list.size());
            try {
                for (HttpServerAuthenticationMechanism httpServerAuthenticationMechanism : list) {
                    this.currentMechanism = httpServerAuthenticationMechanism;
                    httpServerAuthenticationMechanism.evaluateRequest(this);
                    if (HttpAuthenticator.this.isAuthenticated()) {
                        if (this.successResponder != null) {
                            this.successResponder.sendResponse(this);
                        }
                        return true;
                    }
                }
                this.currentMechanism = null;
                if (!HttpAuthenticator.this.required && (!this.authenticationAttempted || HttpAuthenticator.this.ignoreOptionalFailures)) {
                    list.forEach(httpServerAuthenticationMechanism2 -> {
                        httpServerAuthenticationMechanism2.dispose();
                    });
                    return true;
                }
                this.responseCodeAllowed = true;
                if (this.responders.size() > 0) {
                    this.responders.forEach(httpServerMechanismsResponder -> {
                        httpServerMechanismsResponder.sendResponse(this);
                    });
                    if (this.responseCode > 0) {
                        HttpAuthenticator.this.httpExchangeSpi.setResponseCode(this.responseCode);
                    } else {
                        HttpAuthenticator.this.httpExchangeSpi.setResponseCode(HttpConstants.OK);
                    }
                } else {
                    HttpAuthenticator.this.httpExchangeSpi.setResponseCode(HttpConstants.FORBIDDEN);
                }
                list.forEach(httpServerAuthenticationMechanism22 -> {
                    httpServerAuthenticationMechanism22.dispose();
                });
                return false;
            } finally {
                list.forEach(httpServerAuthenticationMechanism222 -> {
                    httpServerAuthenticationMechanism222.dispose();
                });
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public List<String> getRequestHeaderValues(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestHeaderValues(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public String getFirstRequestHeaderValue(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getFirstRequestHeaderValue(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void noAuthenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationComplete(SecurityIdentity securityIdentity, HttpServerMechanismsResponder httpServerMechanismsResponder) {
            HttpAuthenticator.this.authenticated = true;
            HttpAuthenticator.this.httpExchangeSpi.authenticationComplete(securityIdentity, this.currentMechanism.getMechanismName());
            this.successResponder = httpServerMechanismsResponder;
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationFailed(String str, HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            HttpAuthenticator.this.httpExchangeSpi.authenticationFailed(str, this.currentMechanism.getMechanismName());
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void badRequest(HttpAuthenticationException httpAuthenticationException, HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            HttpAuthenticator.this.httpExchangeSpi.badRequest(httpAuthenticationException, this.currentMechanism.getMechanismName());
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public void addResponseHeader(String str, String str2) {
            HttpAuthenticator.this.httpExchangeSpi.addResponseHeader(str, str2);
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public void setResponseCode(int i) {
            if (!this.responseCodeAllowed) {
                throw ElytronMessages.log.responseCodeNotNow();
            }
            if (this.responseCode < 0 || i != 200) {
                this.responseCode = i;
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/HttpAuthenticator$Builder.class */
    public static class Builder {
        private Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
        private HttpExchangeSpi httpExchangeSpi;
        private boolean required;
        private boolean ignoreOptionalFailures;

        Builder() {
        }

        public Builder setMechanismSupplier(Supplier<List<HttpServerAuthenticationMechanism>> supplier) {
            this.mechanismSupplier = supplier;
            return this;
        }

        public Builder setHttpExchangeSpi(HttpExchangeSpi httpExchangeSpi) {
            this.httpExchangeSpi = httpExchangeSpi;
            return this;
        }

        public Builder setRequired(boolean z) {
            this.required = z;
            return this;
        }

        public Builder setIgnoreOptionalFailures(boolean z) {
            this.ignoreOptionalFailures = z;
            return this;
        }

        public HttpAuthenticator build() {
            return new HttpAuthenticator(this.mechanismSupplier, this.httpExchangeSpi, this.required, this.ignoreOptionalFailures);
        }
    }

    private HttpAuthenticator(Supplier<List<HttpServerAuthenticationMechanism>> supplier, HttpExchangeSpi httpExchangeSpi, boolean z, boolean z2) {
        this.authenticated = false;
        this.mechanismSupplier = supplier;
        this.httpExchangeSpi = httpExchangeSpi;
        this.required = z;
        this.ignoreOptionalFailures = z2;
    }

    public boolean authenticate() throws HttpAuthenticationException {
        return new AuthenticationExchange().authenticate();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthenticated() {
        return this.authenticated;
    }

    public static Builder builder() {
        return new Builder();
    }
}
