package org.picketlink.idm.internal;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import org.picketlink.common.util.StringUtil;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.config.FeatureSet;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.spi.CredentialStorage;
import org.picketlink.idm.internal.util.IDMUtil;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Grant;
import org.picketlink.idm.model.Group;
import org.picketlink.idm.model.GroupMembership;
import org.picketlink.idm.model.GroupRole;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.query.internal.DefaultIdentityQuery;
import org.picketlink.idm.query.internal.DefaultRelationshipQuery;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityStore;
import org.picketlink.idm.spi.SecurityContext;
import org.picketlink.idm.spi.StoreFactory;

/* loaded from: input_file:org/picketlink/idm/internal/DefaultIdentityManager.class */
public class DefaultIdentityManager implements IdentityManager {
    private static final long serialVersionUID = -2835518073812662628L;
    private SecurityContext context;
    private StoreFactory storeFactory;

    public DefaultIdentityManager(SecurityContext securityContext, StoreFactory storeFactory) {
        this.context = securityContext;
        this.storeFactory = storeFactory;
        securityContext.setIdentityManager(this);
    }

    public void add(IdentityType identityType) {
        if (identityType == null) {
            throw IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (Agent.class.isInstance(identityType)) {
            checkCurrentPartitionForAgents();
            Agent agent = (Agent) identityType;
            if (StringUtil.isNullOrEmpty(agent.getLoginName())) {
                throw IDMMessages.MESSAGES.nullArgument("User loginName");
            }
            if (User.class.isInstance(agent)) {
                if (getUser(agent.getLoginName()) != null) {
                    throw IDMMessages.MESSAGES.identityTypeAlreadyExists(agent.getClass(), agent.getLoginName(), this.context.getPartition());
                }
            } else if (getAgent(agent.getLoginName()) != null) {
                throw IDMMessages.MESSAGES.identityTypeAlreadyExists(agent.getClass(), agent.getLoginName(), this.context.getPartition());
            }
        } else if (Group.class.isInstance(identityType)) {
            Group group = (Group) identityType;
            if (StringUtil.isNullOrEmpty(group.getName())) {
                throw IDMMessages.MESSAGES.nullArgument("Group name");
            }
            Group group2 = getGroup(group.getPath());
            if (group2 != null && group2.getPartition().equals(this.context.getPartition())) {
                throw IDMMessages.MESSAGES.identityTypeAlreadyExists(group.getClass(), group.getName(), this.context.getPartition());
            }
            if (group.getParentGroup() != null && lookupIdentityById(Group.class, group.getParentGroup().getId()) == null) {
                throw IDMMessages.MESSAGES.groupParentNotFoundWithId(group.getParentGroup().getId(), this.context.getPartition());
            }
        } else if (Role.class.isInstance(identityType)) {
            Role role = (Role) identityType;
            if (StringUtil.isNullOrEmpty(role.getName())) {
                throw IDMMessages.MESSAGES.nullArgument("Role name");
            }
            Role role2 = getRole(role.getName());
            if (role2 != null && role2.getPartition().equals(this.context.getPartition())) {
                throw IDMMessages.MESSAGES.identityTypeAlreadyExists(role.getClass(), role.getName(), this.context.getPartition());
            }
        }
        try {
            this.storeFactory.getStoreForFeature(this.context, IDMUtil.getFeatureGroup(identityType.getClass()), FeatureSet.FeatureOperation.create).add(this.context, identityType);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.identityTypeAddFailed(identityType, e);
        }
    }

    public void add(Relationship relationship) {
        try {
            this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.create, relationship.getClass()).add(this.context, relationship);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.relationshipAddFailed(relationship, e);
        }
    }

    public void update(IdentityType identityType) {
        checkIfIdentityTypeExists(identityType);
        if (Agent.class.isInstance(identityType)) {
            checkCurrentPartitionForAgents();
        }
        try {
            this.storeFactory.getStoreForFeature(this.context, IDMUtil.getFeatureGroup(identityType.getClass()), FeatureSet.FeatureOperation.update).update(this.context, identityType);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.identityTypeUpdateFailed(identityType, e);
        }
    }

    public void update(Relationship relationship) {
        try {
            this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.update, relationship.getClass()).update(this.context, relationship);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.relationshipUpdateFailed(relationship, e);
        }
    }

    public void remove(IdentityType identityType) {
        checkIfIdentityTypeExists(identityType);
        if (Agent.class.isInstance(identityType)) {
            checkCurrentPartitionForAgents();
        }
        try {
            this.storeFactory.getStoreForFeature(this.context, IDMUtil.getFeatureGroup(identityType.getClass()), FeatureSet.FeatureOperation.delete).remove(this.context, identityType);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.identityTypeUpdateFailed(identityType, e);
        }
    }

    public void remove(Relationship relationship) {
        if (relationship == null) {
            IDMMessages.MESSAGES.nullArgument("Relationship");
        }
        try {
            this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.delete, relationship.getClass()).remove(this.context, relationship);
        } catch (Exception e) {
            throw IDMMessages.MESSAGES.relationshipRemoveFailed(relationship, e);
        }
    }

    public Agent getAgent(String str) {
        checkCurrentPartitionForAgents();
        return this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.agent, FeatureSet.FeatureOperation.read).getAgent(this.context, str);
    }

    public User getUser(String str) {
        checkCurrentPartitionForAgents();
        return this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.user, FeatureSet.FeatureOperation.read).getUser(this.context, str);
    }

    public Group getGroup(String str) {
        if (StringUtil.isNullOrEmpty(str)) {
            return null;
        }
        return this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.group, FeatureSet.FeatureOperation.read).getGroup(this.context, str);
    }

    public Group getGroup(String str, Group group) {
        if (StringUtil.isNullOrEmpty(str) || group == null) {
            return null;
        }
        if (str.startsWith("/")) {
            throw new IdentityManagementException("You should provide a group name and not a path");
        }
        if (lookupIdentityById(Group.class, group.getId()) == null) {
            throw IDMMessages.MESSAGES.groupParentNotFoundWithId(group.getId(), this.context.getPartition());
        }
        return this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.group, FeatureSet.FeatureOperation.read).getGroup(this.context, str, group);
    }

    public boolean isMember(IdentityType identityType, Group group) {
        Group lookupIdentityById;
        if (identityType == null) {
            IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (group == null) {
            IDMMessages.MESSAGES.nullArgument("Group");
        }
        boolean z = false;
        if (Agent.class.isInstance(identityType)) {
            z = getGroupMembership(identityType, group) != null;
        } else {
            if (!Group.class.isInstance(identityType)) {
                throw IDMMessages.MESSAGES.relationshipUnsupportedGroupMemberType(identityType);
            }
            Group group2 = (Group) identityType;
            if (group2.getId() != null && (lookupIdentityById = lookupIdentityById(Group.class, group2.getId())) != null) {
                z = lookupIdentityById.getPath().contains(group.getPath());
            }
        }
        return z;
    }

    public void addToGroup(Agent agent, Group group) {
        checkIfIdentityTypeExists(agent);
        checkIfIdentityTypeExists(group);
        if (getGroupMembership(agent, group) == null) {
            add((Relationship) new GroupMembership(agent, group));
        }
    }

    public void removeFromGroup(Agent agent, Group group) {
        checkIfIdentityTypeExists(agent);
        checkIfIdentityTypeExists(group);
        this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.delete, GroupMembership.class).remove(this.context, new GroupMembership(agent, group));
    }

    public Role getRole(String str) {
        return this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.role, FeatureSet.FeatureOperation.read).getRole(this.context, str);
    }

    public boolean hasGroupRole(IdentityType identityType, Role role, Group group) {
        if (identityType == null) {
            IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (role == null) {
            IDMMessages.MESSAGES.nullArgument("Role");
        }
        if (group == null) {
            IDMMessages.MESSAGES.nullArgument("Group");
        }
        return getGroupRole(identityType, role, group) != null;
    }

    public void grantGroupRole(IdentityType identityType, Role role, Group group) {
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        checkIfIdentityTypeExists(group);
        if (getGroupRole(identityType, role, group) == null) {
            add((Relationship) new GroupRole(identityType, group, role));
        }
    }

    public void revokeGroupRole(IdentityType identityType, Role role, Group group) {
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        checkIfIdentityTypeExists(group);
        this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.delete, GroupRole.class).remove(this.context, new GroupRole(identityType, group, role));
    }

    public boolean hasRole(IdentityType identityType, Role role) {
        if (identityType == null) {
            throw IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (role == null) {
            throw IDMMessages.MESSAGES.nullArgument("Role");
        }
        if (Role.class.isInstance(identityType)) {
            throw IDMMessages.MESSAGES.relationshipUnsupportedGrantAssigneeType(identityType);
        }
        return getGrant(identityType, role) != null;
    }

    public void grantRole(IdentityType identityType, Role role) {
        if (Role.class.isInstance(identityType)) {
            throw IDMMessages.MESSAGES.relationshipUnsupportedGrantAssigneeType(identityType);
        }
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        if (getGrant(identityType, role) == null) {
            add((Relationship) new Grant(identityType, role));
        }
    }

    public void revokeRole(IdentityType identityType, Role role) {
        if (Role.class.isInstance(identityType)) {
            throw IDMMessages.MESSAGES.relationshipUnsupportedGrantAssigneeType(identityType);
        }
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.delete, Grant.class).remove(this.context, new Grant(identityType, role));
    }

    public void validateCredentials(Credentials credentials) {
        checkCurrentPartitionForCredential();
        this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.credential, FeatureSet.FeatureOperation.validate).validateCredentials(this.context, credentials);
    }

    public void updateCredential(Agent agent, Object obj) {
        updateCredential(agent, obj, new Date(), null);
    }

    public void updateCredential(Agent agent, Object obj, Date date, Date date2) {
        checkCurrentPartitionForCredential();
        this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.credential, FeatureSet.FeatureOperation.update).updateCredential(this.context, agent, obj, date, date2);
    }

    public <T extends IdentityType> IdentityQuery<T> createIdentityQuery(Class<T> cls) {
        return new DefaultIdentityQuery(this.context, cls, this.storeFactory.getStoreForFeature(this.context, IDMUtil.getFeatureGroup(cls), FeatureSet.FeatureOperation.read));
    }

    public <T extends Relationship> RelationshipQuery<T> createRelationshipQuery(Class<T> cls) {
        return new DefaultRelationshipQuery(this.context, cls, this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureOperation.read, cls));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [org.picketlink.idm.model.IdentityType] */
    public <T extends IdentityType> T lookupIdentityById(Class<T> cls, String str) {
        if (cls == null) {
            throw IDMMessages.MESSAGES.nullArgument("IdentityType class");
        }
        if (str == null) {
            throw IDMMessages.MESSAGES.nullArgument("Identifier for [" + cls + "]");
        }
        List emptyList = Collections.emptyList();
        ArrayList<Class<T>> arrayList = new ArrayList();
        if (IdentityType.class.equals(cls)) {
            arrayList.add(User.class);
            arrayList.add(Agent.class);
            arrayList.add(Group.class);
            arrayList.add(Role.class);
        } else {
            arrayList.add(cls);
        }
        for (Class<T> cls2 : arrayList) {
            IdentityQuery<T> createIdentityQuery = createIdentityQuery(cls2);
            createIdentityQuery.setParameter(IdentityType.ID, new Object[]{str});
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(this.context.getPartition().getId());
            if (Role.class.isAssignableFrom(cls2) || Group.class.isAssignableFrom(cls2)) {
                IdentityStore storeForFeature = Role.class.isAssignableFrom(cls2) ? this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.role, FeatureSet.FeatureOperation.read) : this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.group, FeatureSet.FeatureOperation.read);
                if (Realm.class.isInstance(this.context.getPartition())) {
                    arrayList2.addAll(storeForFeature.getConfig().getTiers());
                }
            }
            createIdentityQuery.setParameter(IdentityType.PARTITION, arrayList2.toArray());
            emptyList = createIdentityQuery.getResultList();
            if (!emptyList.isEmpty()) {
                break;
            }
        }
        T t = null;
        if (!emptyList.isEmpty()) {
            if (emptyList.size() > 1) {
                throw IDMMessages.MESSAGES.identityTypeAmbiguosFoundWithId(str);
            }
            t = (IdentityType) emptyList.get(0);
        }
        return t;
    }

    public void loadAttribute(IdentityType identityType, String str) {
    }

    private GroupRole getGroupRole(IdentityType identityType, Role role, Group group) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(GroupRole.class);
        createRelationshipQuery.setParameter(GroupRole.ASSIGNEE, new Object[]{identityType});
        createRelationshipQuery.setParameter(GroupRole.ROLE, new Object[]{lookupIdentityById(role.getClass(), role.getId())});
        createRelationshipQuery.setParameter(GroupRole.GROUP, new Object[]{lookupIdentityById(group.getClass(), group.getId())});
        List resultList = createRelationshipQuery.getResultList();
        GroupRole groupRole = null;
        if (!resultList.isEmpty()) {
            groupRole = (GroupRole) resultList.get(0);
        }
        return groupRole;
    }

    private GroupMembership getGroupMembership(IdentityType identityType, Group group) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(GroupMembership.class);
        createRelationshipQuery.setParameter(GroupMembership.MEMBER, new Object[]{identityType});
        createRelationshipQuery.setParameter(GroupMembership.GROUP, new Object[]{lookupIdentityById(group.getClass(), group.getId())});
        List resultList = createRelationshipQuery.getResultList();
        GroupMembership groupMembership = null;
        if (!resultList.isEmpty()) {
            groupMembership = (GroupMembership) resultList.get(0);
        }
        return groupMembership;
    }

    private void checkIfIdentityTypeExists(IdentityType identityType) throws IdentityManagementException {
        if (identityType == null) {
            throw IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (lookupIdentityById(identityType.getClass(), identityType.getId()) == null) {
            throw IDMMessages.MESSAGES.attributedTypeNotFoundWithId(identityType.getClass(), identityType.getId(), this.context.getPartition());
        }
    }

    private Grant getGrant(IdentityType identityType, Role role) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(Grant.class);
        createRelationshipQuery.setParameter(Grant.ASSIGNEE, new Object[]{identityType});
        createRelationshipQuery.setParameter(Grant.ROLE, new Object[]{lookupIdentityById(role.getClass(), role.getId())});
        List resultList = createRelationshipQuery.getResultList();
        Grant grant = null;
        if (!resultList.isEmpty()) {
            grant = (Grant) resultList.get(0);
        }
        return grant;
    }

    private void checkCurrentPartitionForAgents() throws IdentityManagementException {
        if (!Realm.class.isInstance(this.context.getPartition())) {
            throw IDMMessages.MESSAGES.partitionInvalidTypeForAgents(this.context.getPartition().getClass());
        }
    }

    private void checkCurrentPartitionForCredential() throws IdentityManagementException {
        if (!Realm.class.isInstance(this.context.getPartition())) {
            throw IDMMessages.MESSAGES.partitionInvalidTypeForCredential(this.context.getPartition().getClass());
        }
    }

    public <T extends CredentialStorage> T retrieveCurrentCredential(Agent agent, Class<T> cls) {
        checkCurrentPartitionForCredential();
        CredentialStore storeForFeature = this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.credential, FeatureSet.FeatureOperation.read);
        if (CredentialStore.class.isInstance(storeForFeature)) {
            return (T) storeForFeature.retrieveCurrentCredential(this.context, agent, cls);
        }
        throw IDMMessages.MESSAGES.credentialInvalidCredentialStoreType(storeForFeature.getClass());
    }

    public <T extends CredentialStorage> List<T> retrieveCredentials(Agent agent, Class<T> cls) {
        checkCurrentPartitionForCredential();
        CredentialStore storeForFeature = this.storeFactory.getStoreForFeature(this.context, FeatureSet.FeatureGroup.credential, FeatureSet.FeatureOperation.read);
        if (CredentialStore.class.isInstance(storeForFeature)) {
            return storeForFeature.retrieveCredentials(this.context, agent, cls);
        }
        throw IDMMessages.MESSAGES.credentialInvalidCredentialStoreType(storeForFeature.getClass());
    }
}
