package dev.dsf.common.auth;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import java.security.cert.X509Certificate;
import java.util.Objects;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.WrappedAuthConfiguration;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.security.openid.OpenIdAuthenticator;
import org.eclipse.jetty.security.openid.OpenIdLoginService;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Request;

/* loaded from: input_file:dev/dsf/common/auth/DelegatingAuthenticator.class */
public class DelegatingAuthenticator extends LoginAuthenticator implements Authenticator {
    private final StatusPortAuthenticator statusPortAuthenticator;
    private final ClientCertificateAuthenticator clientCertificateAuthenticator;
    private final OpenIdAuthenticator openIdAuthenticator;
    private final OpenIdLoginService openIdLoginService;
    private final BackChannelLogoutAuthenticator backChannelLogoutAuthenticator;

    public DelegatingAuthenticator(StatusPortAuthenticator statusPortAuthenticator, ClientCertificateAuthenticator clientCertificateAuthenticator, OpenIdAuthenticator openIdAuthenticator, OpenIdLoginService openIdLoginService, BackChannelLogoutAuthenticator backChannelLogoutAuthenticator) {
        Objects.requireNonNull(statusPortAuthenticator, "statusPortAuthenticator");
        this.statusPortAuthenticator = statusPortAuthenticator;
        Objects.requireNonNull(clientCertificateAuthenticator, "clientCertificateAuthenticator");
        this.clientCertificateAuthenticator = clientCertificateAuthenticator;
        this.openIdAuthenticator = openIdAuthenticator;
        this.openIdLoginService = openIdLoginService;
        this.backChannelLogoutAuthenticator = backChannelLogoutAuthenticator;
    }

    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        this.clientCertificateAuthenticator.setConfiguration(authConfiguration);
        if (this.openIdAuthenticator != null) {
            this.openIdAuthenticator.setConfiguration(new WrappedAuthConfiguration(authConfiguration) { // from class: dev.dsf.common.auth.DelegatingAuthenticator.1
                public LoginService getLoginService() {
                    return DelegatingAuthenticator.this.openIdLoginService;
                }
            });
        }
    }

    public String getAuthMethod() {
        return "DELEGATING_AUTHENTICATOR";
    }

    private boolean requestHasCertificate(ServletRequest servletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) servletRequest.getAttribute("jakarta.servlet.request.X509Certificate");
        return x509CertificateArr != null && x509CertificateArr.length > 0;
    }

    public void prepareRequest(ServletRequest servletRequest) {
        if (this.statusPortAuthenticator.isStatusPortRequest(servletRequest)) {
            this.statusPortAuthenticator.prepareRequest(servletRequest);
            return;
        }
        if (this.backChannelLogoutAuthenticator != null && this.backChannelLogoutAuthenticator.isSsoLogout(servletRequest)) {
            this.backChannelLogoutAuthenticator.prepareRequest(servletRequest);
        } else if (requestHasCertificate(servletRequest)) {
            this.clientCertificateAuthenticator.prepareRequest(servletRequest);
        } else if (this.openIdAuthenticator != null) {
            this.openIdAuthenticator.prepareRequest(servletRequest);
        }
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        return this.statusPortAuthenticator.isStatusPortRequest(servletRequest) ? this.statusPortAuthenticator.validateRequest(servletRequest, servletResponse, z) : (this.backChannelLogoutAuthenticator == null || !this.backChannelLogoutAuthenticator.isSsoLogout(servletRequest)) ? requestHasCertificate(servletRequest) ? this.clientCertificateAuthenticator.validateRequest(servletRequest, servletResponse, z) : this.openIdAuthenticator != null ? this.openIdAuthenticator.validateRequest(servletRequest, servletResponse, z) : Authentication.UNAUTHENTICATED : this.backChannelLogoutAuthenticator.validateRequest(servletRequest, servletResponse, z);
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        if (this.statusPortAuthenticator.isStatusPortRequest(servletRequest)) {
            return this.statusPortAuthenticator.secureResponse(servletRequest, servletResponse, z, user);
        }
        if (this.backChannelLogoutAuthenticator != null && this.backChannelLogoutAuthenticator.isSsoLogout(servletRequest)) {
            return this.backChannelLogoutAuthenticator.secureResponse(servletRequest, servletResponse, z, user);
        }
        if (requestHasCertificate(servletRequest)) {
            return this.clientCertificateAuthenticator.secureResponse(servletRequest, servletResponse, z, user);
        }
        if (this.openIdAuthenticator != null) {
            return this.openIdAuthenticator.secureResponse(servletRequest, servletResponse, z, user);
        }
        return false;
    }

    public void logout(ServletRequest servletRequest) {
        Request baseRequest = Request.getBaseRequest(servletRequest);
        if (this.openIdAuthenticator.getAuthMethod().equals(baseRequest.getAuthType())) {
            this.openIdAuthenticator.logout(servletRequest);
        } else if (this.clientCertificateAuthenticator.getAuthMethod().equals(baseRequest.getAuthType())) {
            this.clientCertificateAuthenticator.logout(servletRequest);
        } else {
            super.logout(servletRequest);
        }
    }
}
