package org.jboss.seam.security.external.openid;

import java.io.Serializable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.AuthenticationException;
import org.jboss.seam.security.Authenticator;
import org.jboss.seam.security.BaseAuthenticator;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.external.openid.api.OpenIdPrincipal;
import org.jboss.seam.security.external.openid.api.OpenIdRelyingPartyApi;
import org.jboss.seam.security.external.openid.providers.OpenIdProvider;
import org.jboss.solder.logging.Logger;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.IdentitySession;
import org.picketlink.idm.api.Role;
import org.picketlink.idm.api.RoleManager;
import org.picketlink.idm.api.RoleType;
import org.picketlink.idm.api.User;
import org.picketlink.idm.common.exception.FeatureNotSupportedException;
import org.picketlink.idm.common.exception.IdentityException;

@SessionScoped
@Named("openIdAuthenticator")
/* loaded from: input_file:WEB-INF/lib/seam-security-external-3.1.0.Beta3.jar:org/jboss/seam/security/external/openid/OpenIdAuthenticator.class */
public class OpenIdAuthenticator extends BaseAuthenticator implements Authenticator, Serializable {
    private static final long serialVersionUID = 4669651866032932651L;

    @Inject
    Instance<OpenIdRelyingPartyApi> openIdApiInstance;

    @Inject
    List<OpenIdProvider> providers;

    @Inject
    Logger log;

    @Inject
    HttpServletResponse response;

    @Inject
    Instance<IdentitySession> identitySession;

    @Inject
    Identity identity;
    private boolean identityManaged = true;
    private String providerCode;

    public boolean isIdentityManaged() {
        return this.identityManaged;
    }

    public void setIdentityManaged(boolean z) {
        this.identityManaged = z;
    }

    public String getProviderCode() {
        return this.providerCode;
    }

    public void setProviderCode(String str) {
        this.providerCode = str;
    }

    protected OpenIdProvider getSelectedProvider() {
        if (this.providerCode == null) {
            return null;
        }
        for (OpenIdProvider openIdProvider : this.providers) {
            if (this.providerCode.equals(openIdProvider.getCode())) {
                return openIdProvider;
            }
        }
        return null;
    }

    @Override // org.jboss.seam.security.Authenticator
    public void authenticate() {
        OpenIdProvider selectedProvider = getSelectedProvider();
        if (selectedProvider == null) {
            throw new IllegalStateException("No OpenID provider has been selected");
        }
        OpenIdRelyingPartyApi openIdRelyingPartyApi = (OpenIdRelyingPartyApi) this.openIdApiInstance.get();
        LinkedList linkedList = new LinkedList();
        selectedProvider.requestAttributes(openIdRelyingPartyApi, linkedList);
        openIdRelyingPartyApi.login(selectedProvider.getUrl(), linkedList, getResponse());
        setStatus(Authenticator.AuthenticationStatus.DEFERRED);
    }

    protected HttpServletResponse getResponse() {
        return this.response;
    }

    public List<OpenIdProvider> getProviders() {
        return this.providers;
    }

    public void success(OpenIdPrincipal openIdPrincipal) {
        OpenIdUser openIdUser = new OpenIdUser(openIdPrincipal);
        if (isIdentityManaged()) {
            setStatus(Authenticator.AuthenticationStatus.FAILURE);
            validateManagedUser(openIdPrincipal);
        }
        setUser(openIdUser);
        setStatus(Authenticator.AuthenticationStatus.SUCCESS);
    }

    protected void validateManagedUser(OpenIdPrincipal openIdPrincipal) {
        IdentitySession identitySession = (IdentitySession) this.identitySession.get();
        try {
            if (identitySession.getPersistenceManager().findUser(openIdPrincipal.getIdentifier()) == null) {
                User createUser = identitySession.getPersistenceManager().createUser(openIdPrincipal.getIdentifier());
                for (String str : openIdPrincipal.getAttributeValues().keySet()) {
                    identitySession.getAttributesManager().addAttribute(createUser, str, openIdPrincipal.getAttribute(str));
                }
                try {
                    Iterator<RoleType> it = identitySession.getRoleManager().findUserRoleTypes(createUser).iterator();
                    while (it.hasNext()) {
                        for (Role role : identitySession.getRoleManager().findRoles((RoleManager) createUser, it.next())) {
                            this.identity.addRole(role.getRoleType().getName(), role.getGroup().getName(), role.getGroup().getGroupType());
                        }
                    }
                    for (Group group : identitySession.getRelationshipManager().findAssociatedGroups(createUser)) {
                        this.identity.addGroup(group.getName(), group.getGroupType());
                    }
                } catch (FeatureNotSupportedException e) {
                    throw new AuthenticationException("Error loading user's roles and groups", e);
                } catch (IdentityException e2) {
                    throw new AuthenticationException("Error loading user's roles and groups", e2);
                }
            }
        } catch (IdentityException e3) {
            throw new AuthenticationException("Error locating User record for OpenID user", e3);
        }
    }
}
