package org.uberfire.security.server.auth;

import ch.qos.logback.classic.spi.CallerData;
import ch.qos.logback.core.CoreConstants;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.drools.core.rule.TypeDeclaration;
import org.kie.commons.validation.Preconditions;
import org.uberfire.security.ResourceManager;
import org.uberfire.security.Role;
import org.uberfire.security.SecurityContext;
import org.uberfire.security.Subject;
import org.uberfire.security.auth.AuthenticatedStorageProvider;
import org.uberfire.security.auth.AuthenticationException;
import org.uberfire.security.auth.AuthenticationManager;
import org.uberfire.security.auth.AuthenticationProvider;
import org.uberfire.security.auth.AuthenticationResult;
import org.uberfire.security.auth.AuthenticationScheme;
import org.uberfire.security.auth.AuthenticationStatus;
import org.uberfire.security.auth.Credential;
import org.uberfire.security.auth.Principal;
import org.uberfire.security.auth.RoleProvider;
import org.uberfire.security.server.HttpSecurityContext;

/* loaded from: input_file:WEB-INF/lib/uberfire-security-server-0.2.0-SNAPSHOT.jar:org/uberfire/security/server/auth/HttpAuthenticationManager.class */
public class HttpAuthenticationManager implements AuthenticationManager {
    private final List<AuthenticationScheme> authSchemes;
    private final List<AuthenticationProvider> authProviders;
    private final List<RoleProvider> roleProviders;
    private final List<AuthenticatedStorageProvider> authStorageProviders;
    private final ResourceManager resourceManager;
    private final ConcurrentHashMap<String, String> requestCache = new ConcurrentHashMap<>();

    public HttpAuthenticationManager(List<AuthenticationScheme> list, List<AuthenticationProvider> list2, List<RoleProvider> list3, List<AuthenticatedStorageProvider> list4, ResourceManager resourceManager) {
        this.authSchemes = (List) Preconditions.checkNotEmpty("authScheme", list);
        this.authProviders = (List) Preconditions.checkNotEmpty("authProviders", list2);
        this.roleProviders = (List) Preconditions.checkNotEmpty("roleProviders", list3);
        this.authStorageProviders = (List) Preconditions.checkNotEmpty("authStorageProviders", list4);
        this.resourceManager = (ResourceManager) Preconditions.checkNotNull("resourceManager", resourceManager);
    }

    @Override // org.uberfire.security.auth.AuthenticationManager
    public Subject authenticate(SecurityContext securityContext) throws AuthenticationException {
        HttpSecurityContext httpSecurityContext = (HttpSecurityContext) Preconditions.checkInstanceOf(CoreConstants.CONTEXT_SCOPE_VALUE, securityContext, HttpSecurityContext.class);
        Principal principal = null;
        Iterator<AuthenticatedStorageProvider> it = this.authStorageProviders.iterator();
        while (it.hasNext()) {
            principal = it.next().load(httpSecurityContext);
            if (principal != null) {
                break;
            }
        }
        if (principal != null && (principal instanceof Subject)) {
            return (Subject) principal;
        }
        boolean z = principal != null;
        boolean requiresAuthentication = this.resourceManager.requiresAuthentication(httpSecurityContext.getResource());
        if (principal == null) {
            for (AuthenticationScheme authenticationScheme : this.authSchemes) {
                if (!authenticationScheme.isAuthenticationRequest(httpSecurityContext) && requiresAuthentication) {
                    this.requestCache.putIfAbsent(httpSecurityContext.getRequest().getSession().getId(), httpSecurityContext.getRequest().getRequestURI() + CallerData.NA + httpSecurityContext.getRequest().getQueryString());
                    authenticationScheme.challengeClient(httpSecurityContext);
                }
            }
            if (!requiresAuthentication) {
                return null;
            }
            Iterator<AuthenticationScheme> it2 = this.authSchemes.iterator();
            loop2: while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Credential buildCredential = it2.next().buildCredential(httpSecurityContext);
                if (buildCredential != null) {
                    Iterator<AuthenticationProvider> it3 = this.authProviders.iterator();
                    while (it3.hasNext()) {
                        AuthenticationResult authenticate = it3.next().authenticate(buildCredential);
                        if (authenticate.getStatus().equals(AuthenticationStatus.FAILED)) {
                            throw new AuthenticationException("Invalid credentials.");
                        }
                        if (authenticate.getStatus().equals(AuthenticationStatus.SUCCESS)) {
                            principal = authenticate.getPrincipal();
                            break loop2;
                        }
                    }
                }
            }
        }
        if (principal == null) {
            throw new AuthenticationException("Invalid credentials.");
        }
        final ArrayList arrayList = new ArrayList();
        if (z) {
            arrayList.add(new Role() { // from class: org.uberfire.security.server.auth.HttpAuthenticationManager.1
                @Override // org.uberfire.security.Role
                public String getName() {
                    return Role.ROLE_REMEMBER_ME;
                }
            });
        }
        Iterator<RoleProvider> it4 = this.roleProviders.iterator();
        while (it4.hasNext()) {
            arrayList.addAll(it4.next().loadRoles(principal));
        }
        final String name = principal.getName();
        Subject subject = new Subject() { // from class: org.uberfire.security.server.auth.HttpAuthenticationManager.2
            @Override // org.uberfire.security.Subject
            public List<Role> getRoles() {
                return arrayList;
            }

            @Override // org.uberfire.security.Subject
            public boolean hasRole(Role role) {
                Preconditions.checkNotNull(TypeDeclaration.Role.ID, role);
                Iterator it5 = arrayList.iterator();
                while (it5.hasNext()) {
                    if (((Role) it5.next()).getName().equals(role.getName())) {
                        return true;
                    }
                }
                return false;
            }

            @Override // org.uberfire.security.auth.Principal
            public String getName() {
                return name;
            }
        };
        Iterator<AuthenticatedStorageProvider> it5 = this.authStorageProviders.iterator();
        while (it5.hasNext()) {
            it5.next().store(httpSecurityContext, subject);
        }
        String remove = this.requestCache.remove(httpSecurityContext.getRequest().getSession().getId());
        if (remove != null && !remove.isEmpty() && !httpSecurityContext.getResponse().isCommitted()) {
            try {
                httpSecurityContext.getResponse().sendRedirect(remove);
            } catch (IOException e) {
                throw new RuntimeException("Unable to redirect.");
            }
        }
        return subject;
    }

    @Override // org.uberfire.security.auth.AuthenticationManager
    public void logout(SecurityContext securityContext) throws AuthenticationException {
        Iterator<AuthenticatedStorageProvider> it = this.authStorageProviders.iterator();
        while (it.hasNext()) {
            it.next().cleanup(securityContext);
        }
        ((HttpSecurityContext) Preconditions.checkInstanceOf(CoreConstants.CONTEXT_SCOPE_VALUE, securityContext, HttpSecurityContext.class)).getRequest().getSession().invalidate();
    }
}
