package org.keycloak.adapters.saml.elytron;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.function.Consumer;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.cert.X509Certificate;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlDeploymentContext;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.LogoutError;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.UriUtils;
import org.wildfly.security.auth.callback.AnonymousAuthorizationCallback;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.SecurityIdentityCallback;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpServerCookie;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerResponse;
import org.wildfly.security.http.Scope;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/adapters/saml/elytron/ElytronHttpFacade.class */
public class ElytronHttpFacade implements HttpFacade {
    private static final boolean elyweb163Workaround;
    private static final Logger log = Logger.getLogger(ElytronHttpFacade.class);
    private final HttpServerRequest request;
    private final CallbackHandler callbackHandler;
    private final SamlDeploymentContext deploymentContext;
    private final SamlSessionStore sessionStore;
    private Consumer<HttpServerResponse> responseConsumer = httpServerResponse -> {
    };
    private SecurityIdentity securityIdentity;
    private boolean restored;
    private SamlSession samlSession;
    protected MultivaluedHashMap<String, String> queryParameters;

    private static Integer[] parseVersion(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split(Pattern.quote("."));
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < split.length; i++) {
            if (split[i].matches("[0-9]+")) {
                arrayList.add(Integer.valueOf(Integer.parseInt(split[i])));
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (Integer[]) arrayList.toArray(new Integer[0]);
    }

    private static boolean versionIsLessThan(Integer[] numArr, Integer[] numArr2) {
        if (numArr == null || numArr2 == null || numArr.length == 0 || numArr2.length == 0) {
            throw new IllegalArgumentException("Arrays cannot be null or empty");
        }
        for (int i = 0; i < numArr.length && i < numArr2.length; i++) {
            if (numArr[i].intValue() < numArr2[i].intValue()) {
                return true;
            }
            if (numArr[i].intValue() > numArr2[i].intValue()) {
                return false;
            }
        }
        return numArr.length < numArr2.length;
    }

    private static boolean versionIsGreaterOrEqualThan(Integer[] numArr, Integer[] numArr2) {
        return !versionIsLessThan(numArr, numArr2);
    }

    public ElytronHttpFacade(HttpServerRequest httpServerRequest, SessionIdMapper sessionIdMapper, SessionIdMapperUpdater sessionIdMapperUpdater, SamlDeploymentContext samlDeploymentContext, CallbackHandler callbackHandler) {
        this.request = httpServerRequest;
        this.deploymentContext = samlDeploymentContext;
        this.callbackHandler = callbackHandler;
        this.sessionStore = createTokenStore(sessionIdMapper, sessionIdMapperUpdater);
    }

    private SamlSessionStore createTokenStore(SessionIdMapper sessionIdMapper, SessionIdMapperUpdater sessionIdMapperUpdater) {
        return new ElytronSamlSessionStore(this, sessionIdMapper, sessionIdMapperUpdater, getDeployment());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationComplete(SamlSession samlSession) {
        this.samlSession = samlSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationComplete() {
        this.securityIdentity = SecurityIdentityUtil.authorize(this.callbackHandler, this.samlSession.getPrincipal());
        if (this.securityIdentity != null) {
            this.request.authenticationComplete(httpServerResponse -> {
                if (this.restored) {
                    return;
                }
                this.responseConsumer.accept(httpServerResponse);
            }, () -> {
                this.sessionStore.logout(true);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationCompleteAnonymous() {
        try {
            Callback anonymousAuthorizationCallback = new AnonymousAuthorizationCallback((String) null);
            this.callbackHandler.handle(new Callback[]{anonymousAuthorizationCallback});
            if (anonymousAuthorizationCallback.isAuthorized()) {
                this.callbackHandler.handle(new Callback[]{AuthenticationCompleteCallback.SUCCEEDED, new SecurityIdentityCallback()});
                this.request.authenticationComplete(httpServerResponse -> {
                    httpServerResponse.forward(getRequest().getRelativePath());
                });
            } else {
                this.request.noAuthenticationInProgress(httpServerResponse2 -> {
                    httpServerResponse2.forward(getRequest().getRelativePath());
                });
            }
        } catch (Exception e) {
            throw new RuntimeException("Unexpected error processing callbacks during logout.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationFailed() {
        this.request.authenticationFailed("Authentication Failed", httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void noAuthenticationInProgress(AuthChallenge authChallenge) {
        if (authChallenge != null) {
            authChallenge.challenge(this);
        }
        this.request.noAuthenticationInProgress(httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticationInProgress() {
        this.request.authenticationInProgress(httpServerResponse -> {
            this.responseConsumer.accept(httpServerResponse);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpScope getScope(Scope scope) {
        return this.request.getScope(scope);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpScope getScope(Scope scope, String str) {
        return this.request.getScope(scope, str);
    }

    Collection<String> getScopeIds(Scope scope) {
        return this.request.getScopeIds(scope);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlDeployment getDeployment() {
        return this.deploymentContext.resolveDeployment(this);
    }

    public HttpFacade.Request getRequest() {
        return new HttpFacade.Request() { // from class: org.keycloak.adapters.saml.elytron.ElytronHttpFacade.1
            private InputStream inputStream;

            public String getMethod() {
                return ElytronHttpFacade.this.request.getRequestMethod();
            }

            public String getURI() {
                return ElytronHttpFacade.elyweb163Workaround ? URLDecoder.decode(ElytronHttpFacade.this.request.getRequestURI().toString(), StandardCharsets.UTF_8) : ElytronHttpFacade.this.request.getRequestURI().toString();
            }

            public String getRelativePath() {
                return ElytronHttpFacade.this.request.getRequestPath();
            }

            public boolean isSecure() {
                return ElytronHttpFacade.this.request.getRequestURI().getScheme().equals("https");
            }

            public String getFirstParam(String str) {
                return ElytronHttpFacade.this.request.getFirstParameterValue(str);
            }

            public String getQueryParamValue(String str) {
                if (!ElytronHttpFacade.elyweb163Workaround) {
                    if (ElytronHttpFacade.this.queryParameters == null) {
                        ElytronHttpFacade.this.queryParameters = UriUtils.decodeQueryString(ElytronHttpFacade.this.request.getRequestURI().getRawQuery());
                    }
                    return (String) ElytronHttpFacade.this.queryParameters.getFirst(str);
                }
                String query = ElytronHttpFacade.this.request.getRequestURI().getQuery();
                if (query == null) {
                    return null;
                }
                for (String str2 : query.split("&")) {
                    String[] split = str2.split("=", 2);
                    if (split[0].equals(str)) {
                        return URLDecoder.decode(split[1], StandardCharsets.UTF_8);
                    }
                }
                return null;
            }

            public HttpFacade.Cookie getCookie(String str) {
                List<HttpServerCookie> cookies = ElytronHttpFacade.this.request.getCookies();
                if (cookies == null) {
                    return null;
                }
                for (HttpServerCookie httpServerCookie : cookies) {
                    if (httpServerCookie.getName().equals(str)) {
                        return new HttpFacade.Cookie(httpServerCookie.getName(), httpServerCookie.getValue(), httpServerCookie.getVersion(), httpServerCookie.getDomain(), httpServerCookie.getPath());
                    }
                }
                return null;
            }

            public String getHeader(String str) {
                return ElytronHttpFacade.this.request.getFirstRequestHeaderValue(str);
            }

            public List<String> getHeaders(String str) {
                return ElytronHttpFacade.this.request.getRequestHeaderValues(str);
            }

            public InputStream getInputStream() {
                return getInputStream(false);
            }

            public InputStream getInputStream(boolean z) {
                if (this.inputStream != null) {
                    return this.inputStream;
                }
                if (!z) {
                    return ElytronHttpFacade.this.request.getInputStream();
                }
                BufferedInputStream bufferedInputStream = new BufferedInputStream(ElytronHttpFacade.this.request.getInputStream());
                this.inputStream = bufferedInputStream;
                return bufferedInputStream;
            }

            public String getRemoteAddr() {
                InetSocketAddress sourceAddress = ElytronHttpFacade.this.request.getSourceAddress();
                if (sourceAddress == null) {
                    return "";
                }
                InetAddress address = sourceAddress.getAddress();
                return address == null ? sourceAddress.getHostString() : address.getHostAddress();
            }

            public void setError(AuthenticationError authenticationError) {
                ElytronHttpFacade.this.request.getScope(Scope.EXCHANGE).setAttachment(AuthenticationError.class.getName(), authenticationError);
            }

            public void setError(LogoutError logoutError) {
                ElytronHttpFacade.this.request.getScope(Scope.EXCHANGE).setAttachment(LogoutError.class.getName(), logoutError);
            }
        };
    }

    public HttpFacade.Response getResponse() {
        return new HttpFacade.Response() { // from class: org.keycloak.adapters.saml.elytron.ElytronHttpFacade.2
            public void setStatus(int i) {
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    httpServerResponse.setStatusCode(i);
                });
            }

            public void addHeader(String str, String str2) {
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    httpServerResponse.addResponseHeader(str, str2);
                });
            }

            public void setHeader(String str, String str2) {
                addHeader(str, str2);
            }

            public void resetCookie(String str, String str2) {
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    setCookie(str, "", str2, null, 0, false, false, httpServerResponse);
                });
            }

            public void setCookie(String str, String str2, String str3, String str4, int i, boolean z, boolean z2) {
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    setCookie(str, str2, str3, str4, i, z, z2, httpServerResponse);
                });
            }

            private void setCookie(final String str, final String str2, final String str3, final String str4, final int i, final boolean z, final boolean z2, HttpServerResponse httpServerResponse) {
                httpServerResponse.setResponseCookie(new HttpServerCookie() { // from class: org.keycloak.adapters.saml.elytron.ElytronHttpFacade.2.1
                    public String getName() {
                        return str;
                    }

                    public String getValue() {
                        return str2;
                    }

                    public String getDomain() {
                        return str4;
                    }

                    public int getMaxAge() {
                        return i;
                    }

                    public String getPath() {
                        return str3;
                    }

                    public boolean isSecure() {
                        return z;
                    }

                    public int getVersion() {
                        return 0;
                    }

                    public boolean isHttpOnly() {
                        return z2;
                    }
                });
            }

            public OutputStream getOutputStream() {
                final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(new Consumer<HttpServerResponse>() { // from class: org.keycloak.adapters.saml.elytron.ElytronHttpFacade.2.2
                    @Override // java.util.function.Consumer
                    public void accept(HttpServerResponse httpServerResponse) {
                        try {
                            httpServerResponse.getOutputStream().write(byteArrayOutputStream.toByteArray());
                        } catch (IOException e) {
                            throw new RuntimeException("Failed to write to response output stream", e);
                        }
                    }
                });
                return byteArrayOutputStream;
            }

            public void sendError(int i) {
                setStatus(i);
            }

            public void sendError(int i, String str) {
                ElytronHttpFacade.this.responseConsumer = ElytronHttpFacade.this.responseConsumer.andThen(httpServerResponse -> {
                    httpServerResponse.setStatusCode(i);
                    httpServerResponse.addResponseHeader("Content-Type", "text/html");
                    try {
                        httpServerResponse.getOutputStream().write(str.getBytes());
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                });
            }

            public void end() {
            }
        };
    }

    public X509Certificate[] getCertificateChain() {
        return new X509Certificate[0];
    }

    public boolean restoreRequest() {
        this.restored = this.request.resumeRequest();
        return this.restored;
    }

    public void suspendRequest() {
        this.responseConsumer = this.responseConsumer.andThen(httpServerResponse -> {
            this.request.suspendRequest();
        });
    }

    public boolean isAuthorized() {
        return this.securityIdentity != null;
    }

    public URI getURI() {
        return this.request.getRequestURI();
    }

    public SamlSessionStore getSessionStore() {
        return this.sessionStore;
    }

    static {
        boolean z = false;
        String property = System.getProperty("org.keycloak.adapters.elytronweb.ELYWEB-163.workaround");
        if (property != null) {
            z = Boolean.parseBoolean(property);
            log.tracef("Forcing workaround for issue ELYWEB-163 in elytron-web %b", Boolean.valueOf(z));
        } else {
            try {
                String implementationVersion = ElytronHttpFacade.class.getClassLoader().loadClass("org.wildfly.elytron.web.undertow.server.ElytronHttpExchange").getPackage().getImplementationVersion();
                Integer[] parseVersion = parseVersion(implementationVersion);
                z = parseVersion != null && (versionIsLessThan(parseVersion, new Integer[]{1, 9, 2}) || (versionIsLessThan(parseVersion, new Integer[]{1, 10, 1}) && versionIsGreaterOrEqualThan(parseVersion, new Integer[]{1, 10, 0})));
                log.tracef("Version detected for elytron-web %s workaround for ELYWEB-163 %b", implementationVersion, Boolean.valueOf(z));
            } catch (Exception e) {
                log.tracef(e, "Cannot detect version of elytron-web workaround for ELYWEB-163 %b", Boolean.valueOf(z));
            }
        }
        elyweb163Workaround = z;
    }
}
