package org.wildfly.security.http;

import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.URI;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.SSLSession;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.server.SecurityIdentity;

/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.1.6.Final/wildfly-elytron-1.1.6.Final.jar:org/wildfly/security/http/HttpAuthenticator.class */
public class HttpAuthenticator {
    private final Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
    private final HttpExchangeSpi httpExchangeSpi;
    private final boolean required;
    private final boolean ignoreOptionalFailures;
    private final Consumer<Runnable> logoutHandlerConsumer;
    private volatile boolean authenticated;

    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.1.6.Final/wildfly-elytron-1.1.6.Final.jar:org/wildfly/security/http/HttpAuthenticator$AuthenticationExchange.class */
    private class AuthenticationExchange implements HttpServerRequest, HttpServerResponse {
        private volatile HttpServerAuthenticationMechanism currentMechanism;
        private volatile boolean authenticationAttempted;
        private volatile int statusCode;
        private volatile boolean statusCodeAllowed;
        private volatile List<HttpServerMechanismsResponder> responders;
        private volatile HttpServerMechanismsResponder successResponder;

        private AuthenticationExchange() {
            this.authenticationAttempted = false;
            this.statusCode = -1;
            this.statusCodeAllowed = false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean authenticate() throws HttpAuthenticationException {
            List<HttpServerAuthenticationMechanism> list = (List) HttpAuthenticator.this.mechanismSupplier.get();
            if (HttpAuthenticator.this.required && list.size() == 0) {
                throw ElytronMessages.log.httpAuthenticationNoMechanisms();
            }
            this.responders = new ArrayList(list.size());
            boolean z = false;
            try {
                for (HttpServerAuthenticationMechanism httpServerAuthenticationMechanism : list) {
                    this.currentMechanism = httpServerAuthenticationMechanism;
                    try {
                        httpServerAuthenticationMechanism.evaluateRequest(this);
                    } catch (HttpAuthenticationException e) {
                        z = true;
                        ElytronMessages.log.trace("Request evaluation for mechanism '%s' failed.", httpServerAuthenticationMechanism.getMechanismName(), e);
                    }
                    if (HttpAuthenticator.this.isAuthenticated()) {
                        if (this.successResponder != null) {
                            this.statusCodeAllowed = true;
                            this.successResponder.sendResponse(this);
                            if (this.statusCode > 0) {
                                HttpAuthenticator.this.httpExchangeSpi.setStatusCode(this.statusCode);
                                list.forEach(httpServerAuthenticationMechanism2 -> {
                                    httpServerAuthenticationMechanism2.dispose();
                                });
                                return false;
                            }
                        }
                        return true;
                    }
                }
                this.currentMechanism = null;
                if (!HttpAuthenticator.this.required && (!this.authenticationAttempted || HttpAuthenticator.this.ignoreOptionalFailures)) {
                    list.forEach(httpServerAuthenticationMechanism22 -> {
                        httpServerAuthenticationMechanism22.dispose();
                    });
                    return true;
                }
                this.statusCodeAllowed = true;
                if (this.responders.size() > 0) {
                    boolean z2 = false;
                    boolean z3 = false;
                    Iterator<HttpServerMechanismsResponder> it = this.responders.iterator();
                    while (it.hasNext()) {
                        try {
                            it.next().sendResponse(this);
                            z2 = true;
                            if (!z3 && this.statusCode > 0 && this.statusCode != 200) {
                                HttpAuthenticator.this.httpExchangeSpi.setStatusCode(this.statusCode);
                                z3 = true;
                            }
                        } catch (HttpAuthenticationException e2) {
                            ElytronMessages.log.trace("HTTP authentication mechanism unable to send challenge.", e2);
                        }
                    }
                    if (!z2) {
                        throw ElytronMessages.log.httpAuthenticationNoSuccessfulResponder();
                    }
                    if (!z3) {
                        HttpAuthenticator.this.httpExchangeSpi.setStatusCode(200);
                    }
                } else {
                    if (z) {
                        throw ElytronMessages.log.httpAuthenticationFailedEvaluatingRequest();
                    }
                    HttpAuthenticator.this.httpExchangeSpi.setStatusCode(403);
                }
                list.forEach(httpServerAuthenticationMechanism222 -> {
                    httpServerAuthenticationMechanism222.dispose();
                });
                return false;
            } finally {
                list.forEach(httpServerAuthenticationMechanism2222 -> {
                    httpServerAuthenticationMechanism2222.dispose();
                });
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public List<String> getRequestHeaderValues(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestHeaderValues(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public String getFirstRequestHeaderValue(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getFirstRequestHeaderValue(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public SSLSession getSSLSession() {
            return HttpAuthenticator.this.httpExchangeSpi.getSSLSession();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public Certificate[] getPeerCertificates() {
            return HttpAuthenticator.this.httpExchangeSpi.getPeerCertificates(HttpAuthenticator.this.required);
        }

        @Override // org.wildfly.security.http.HttpServerScopes
        public HttpScope getScope(Scope scope) {
            return HttpAuthenticator.this.httpExchangeSpi.getScope(scope);
        }

        @Override // org.wildfly.security.http.HttpServerScopes
        public Collection<String> getScopeIds(Scope scope) {
            return HttpAuthenticator.this.httpExchangeSpi.getScopeIds(scope);
        }

        @Override // org.wildfly.security.http.HttpServerScopes
        public HttpScope getScope(Scope scope, String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getScope(scope, str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void noAuthenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationInProgress(HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationComplete(HttpServerMechanismsResponder httpServerMechanismsResponder) {
            HttpAuthenticator.this.authenticated = true;
            HttpAuthenticator.this.httpExchangeSpi.authenticationComplete((SecurityIdentity) this.currentMechanism.getNegotiationProperty(HttpConstants.SECURITY_IDENTITY, SecurityIdentity.class), this.currentMechanism.getMechanismName());
            this.successResponder = httpServerMechanismsResponder;
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationComplete(HttpServerMechanismsResponder httpServerMechanismsResponder, Runnable runnable) {
            authenticationComplete(httpServerMechanismsResponder);
            if (HttpAuthenticator.this.logoutHandlerConsumer != null) {
                HttpAuthenticator.this.logoutHandlerConsumer.accept(runnable);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void authenticationFailed(String str, HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            HttpAuthenticator.this.httpExchangeSpi.authenticationFailed(str, this.currentMechanism.getMechanismName());
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public void badRequest(HttpAuthenticationException httpAuthenticationException, HttpServerMechanismsResponder httpServerMechanismsResponder) {
            this.authenticationAttempted = true;
            HttpAuthenticator.this.httpExchangeSpi.badRequest(httpAuthenticationException, this.currentMechanism.getMechanismName());
            if (httpServerMechanismsResponder != null) {
                this.responders.add(httpServerMechanismsResponder);
            }
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public String getRequestMethod() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestMethod();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public URI getRequestURI() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestURI();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public String getRequestPath() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestPath();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public Map<String, List<String>> getParameters() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestParameters();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public Set<String> getParameterNames() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestParameterNames();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public List<String> getParameterValues(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestParameterValues(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public String getFirstParameterValue(String str) {
            return HttpAuthenticator.this.httpExchangeSpi.getFirstRequestParameterValue(str);
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public List<HttpServerCookie> getCookies() {
            return HttpAuthenticator.this.httpExchangeSpi.getCookies();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public InputStream getInputStream() {
            return HttpAuthenticator.this.httpExchangeSpi.getRequestInputStream();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public InetSocketAddress getSourceAddress() {
            return HttpAuthenticator.this.httpExchangeSpi.getSourceAddress();
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public void addResponseHeader(String str, String str2) {
            HttpAuthenticator.this.httpExchangeSpi.addResponseHeader(str, str2);
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public void setStatusCode(int i) {
            if (!this.statusCodeAllowed) {
                throw ElytronMessages.log.statusCodeNotNow();
            }
            if (this.statusCode < 0 || i != 200) {
                this.statusCode = i;
            }
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public OutputStream getOutputStream() {
            return HttpAuthenticator.this.httpExchangeSpi.getResponseOutputStream();
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public void setResponseCookie(HttpServerCookie httpServerCookie) {
            HttpAuthenticator.this.httpExchangeSpi.setResponseCookie(httpServerCookie);
        }

        @Override // org.wildfly.security.http.HttpServerResponse
        public boolean forward(String str) {
            int forward = HttpAuthenticator.this.httpExchangeSpi.forward(str);
            if (forward <= 0) {
                return false;
            }
            setStatusCode(forward);
            return true;
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public boolean suspendRequest() {
            return HttpAuthenticator.this.httpExchangeSpi.suspendRequest();
        }

        @Override // org.wildfly.security.http.HttpServerRequest
        public boolean resumeRequest() {
            return HttpAuthenticator.this.httpExchangeSpi.resumeRequest();
        }
    }

    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.1.6.Final/wildfly-elytron-1.1.6.Final.jar:org/wildfly/security/http/HttpAuthenticator$Builder.class */
    public static class Builder {
        private Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier;
        private HttpExchangeSpi httpExchangeSpi;
        private boolean required;
        private boolean ignoreOptionalFailures;
        private Consumer<Runnable> logoutHandlerConsumer;

        Builder() {
        }

        public Builder setMechanismSupplier(Supplier<List<HttpServerAuthenticationMechanism>> supplier) {
            this.mechanismSupplier = supplier;
            return this;
        }

        public Builder setHttpExchangeSpi(HttpExchangeSpi httpExchangeSpi) {
            this.httpExchangeSpi = httpExchangeSpi;
            return this;
        }

        public Builder setRequired(boolean z) {
            this.required = z;
            return this;
        }

        public Builder setIgnoreOptionalFailures(boolean z) {
            this.ignoreOptionalFailures = z;
            return this;
        }

        public Builder registerLogoutHandler(Consumer<Runnable> consumer) {
            this.logoutHandlerConsumer = (Consumer) Assert.checkNotNullParam("logoutHandlerConsumer", consumer);
            return this;
        }

        public HttpAuthenticator build() {
            return new HttpAuthenticator(this.mechanismSupplier, this.httpExchangeSpi, this.required, this.ignoreOptionalFailures, this.logoutHandlerConsumer);
        }
    }

    private HttpAuthenticator(Supplier<List<HttpServerAuthenticationMechanism>> supplier, HttpExchangeSpi httpExchangeSpi, boolean z, boolean z2, Consumer<Runnable> consumer) {
        this.authenticated = false;
        this.mechanismSupplier = supplier;
        this.httpExchangeSpi = httpExchangeSpi;
        this.required = z;
        this.ignoreOptionalFailures = z2;
        this.logoutHandlerConsumer = consumer;
    }

    public boolean authenticate() throws HttpAuthenticationException {
        return new AuthenticationExchange().authenticate();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthenticated() {
        return this.authenticated;
    }

    public static Builder builder() {
        return new Builder();
    }
}
