package org.wildfly.extension.undertow.security.jaspi.modules;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.wildfly.extension.undertow.logging.UndertowLogger;
import org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-undertow/11.0.0.Final/wildfly-undertow-11.0.0.Final.jar:org/wildfly/extension/undertow/security/jaspi/modules/HTTPSchemeServerAuthModule.class */
public class HTTPSchemeServerAuthModule implements ServerAuthModule {
    private final String securityDomain;
    private AuthenticationMechanism authenticationMechanism;

    public HTTPSchemeServerAuthModule(String str) {
        this.securityDomain = str;
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SUCCESS;
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServerExchange httpServerExchange = (HttpServerExchange) messageInfo.getMap().get(JASPICAuthenticationMechanism.HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY);
        SecurityContext securityContext = (SecurityContext) messageInfo.getMap().get(JASPICAuthenticationMechanism.SECURITY_CONTEXT_ATTACHMENT_KEY);
        List<AuthenticationMechanism> authenticationMechanisms = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getDeployment().getAuthenticationMechanisms();
        try {
            boolean z = false;
            Iterator<AuthenticationMechanism> it = authenticationMechanisms.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthenticationMechanism.AuthenticationMechanismOutcome authenticate = it.next().authenticate(httpServerExchange, securityContext);
                if (authenticate == AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED) {
                    z = true;
                    break;
                }
                if (authenticate == AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED) {
                    break;
                }
            }
            if (z) {
                return AuthStatus.SUCCESS;
            }
            String str = (String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory");
            if (str != null && str.toLowerCase().equals("false")) {
                return AuthStatus.SUCCESS;
            }
            Iterator<AuthenticationMechanism> it2 = authenticationMechanisms.iterator();
            while (it2.hasNext()) {
                AuthenticationMechanism.ChallengeResult sendChallenge = it2.next().sendChallenge(httpServerExchange, securityContext);
                if (sendChallenge.getDesiredResponseCode() != null) {
                    httpServerExchange.setResponseCode(sendChallenge.getDesiredResponseCode().intValue());
                }
                if (httpServerExchange.isResponseComplete()) {
                    break;
                }
            }
            return AuthStatus.SEND_CONTINUE;
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.debug(e);
            throw new AuthException("Could not validateRequest using mechanisms [" + authenticationMechanisms + ".");
        }
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public Class[] getSupportedMessageTypes() {
        return new Class[]{ServletRequest.class, ServletResponse.class, HttpServletRequest.class, HttpServletResponse.class};
    }

    @Override // javax.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }
}
