package org.picketlink.idm.token.internal;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.picketlink.common.properties.Property;
import org.picketlink.common.properties.query.AnnotatedPropertyCriteria;
import org.picketlink.common.properties.query.NamedPropertyCriteria;
import org.picketlink.common.properties.query.PropertyQueries;
import org.picketlink.common.reflection.Reflections;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.TokenStoreConfiguration;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;
import org.picketlink.idm.credential.handler.TokenCredentialHandler;
import org.picketlink.idm.credential.handler.annotations.CredentialHandlers;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Partition;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.model.annotation.IdentityStereotype;
import org.picketlink.idm.model.annotation.RelationshipStereotype;
import org.picketlink.idm.model.annotation.StereotypeProperty;
import org.picketlink.idm.model.basic.Realm;
import org.picketlink.idm.query.AttributeParameter;
import org.picketlink.idm.query.Condition;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.QueryParameter;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.query.RelationshipQueryParameter;
import org.picketlink.idm.query.internal.EqualCondition;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;
import org.picketlink.idm.spi.PartitionStore;

@CredentialHandlers({TokenCredentialHandler.class})
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-2.7.0.Final.jar:org/picketlink/idm/token/internal/TokenIdentityStore.class */
public class TokenIdentityStore extends AbstractIdentityStore<TokenStoreConfiguration> implements CredentialStore<TokenStoreConfiguration>, PartitionStore<TokenStoreConfiguration> {
    private List<Token.Consumer> tokenConsumers;

    @Override // org.picketlink.idm.internal.AbstractIdentityStore, org.picketlink.idm.spi.IdentityStore
    public void setup(TokenStoreConfiguration tokenStoreConfiguration) {
        super.setup((TokenIdentityStore) tokenStoreConfiguration);
        this.tokenConsumers = tokenStoreConfiguration.getTokenConsumer();
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected void removeFromRelationships(IdentityContext identityContext, IdentityType identityType) {
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected void removeCredentials(IdentityContext identityContext, Account account) {
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected void updateAttributedType(IdentityContext identityContext, AttributedType attributedType) {
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected void removeAttributedType(IdentityContext identityContext, AttributedType attributedType) {
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public <V extends IdentityType> List<V> fetchQueryResults(IdentityContext identityContext, IdentityQuery<V> identityQuery) {
        ArrayList arrayList = new ArrayList();
        Class<V> identityType = identityQuery.getIdentityType();
        if (((IdentityStereotype) identityType.getAnnotation(IdentityStereotype.class)) == null) {
            throw new IdentityManagementException("Type [" + identityType + "] does not define a " + IdentityStereotype.class + ".");
        }
        Token currentToken = getCurrentToken(identityContext);
        IdentityType identityType2 = null;
        for (Condition condition : identityQuery.getConditions()) {
            QueryParameter parameter = condition.getParameter();
            String name = ((AttributeParameter) parameter).getName();
            if (!IdentityType.PARTITION.equals(parameter)) {
                if (!EqualCondition.class.isInstance(condition)) {
                    throw new IdentityManagementException("Unsupported query condition. Token store only understands equality condition.");
                }
                Object value = ((EqualCondition) condition).getValue();
                if (value == null) {
                    throw new IdentityManagementException("Query parameter [" + name + "] does not have any value.");
                }
                if (IdentityType.ID.equals(parameter)) {
                    identityType2 = getTokenConsumer(currentToken).extractIdentity(currentToken, identityType, StereotypeProperty.Property.IDENTITY_ID, value);
                } else {
                    Property firstResult = PropertyQueries.createQuery(identityType).addCriteria(new NamedPropertyCriteria(name)).getFirstResult();
                    if (firstResult == null) {
                        throw new IdentityManagementException("IdentityType [" + identityType + "] does not have a property with name [" + name + "].");
                    }
                    StereotypeProperty stereotypeProperty = (StereotypeProperty) firstResult.getAnnotatedElement().getAnnotation(StereotypeProperty.class);
                    if (stereotypeProperty == null) {
                        throw new IdentityManagementException("Query parameter [" + name + "] does not maps to a " + StereotypeProperty.Property.class + ".");
                    }
                    identityType2 = getTokenConsumer(currentToken).extractIdentity(currentToken, identityType, stereotypeProperty.value(), value);
                }
            }
        }
        if (identityType2 != null) {
            arrayList.add(identityType2);
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public <V extends Relationship> List<V> fetchQueryResults(IdentityContext identityContext, RelationshipQuery<V> relationshipQuery) {
        ArrayList arrayList = new ArrayList();
        Class<?> relationshipClass = relationshipQuery.getRelationshipClass();
        if (((RelationshipStereotype) relationshipClass.getAnnotation(RelationshipStereotype.class)) == null) {
            throw new IdentityManagementException("Type [" + relationshipClass + "] does not define a " + RelationshipStereotype.class + ".");
        }
        Relationship relationship = null;
        for (QueryParameter queryParameter : relationshipQuery.getParameters().keySet()) {
            String name = ((RelationshipQueryParameter) queryParameter).getName();
            Property firstResult = PropertyQueries.createQuery(relationshipClass).addCriteria(new NamedPropertyCriteria(name)).getFirstResult();
            if (firstResult == null) {
                throw new IdentityManagementException("Type [" + relationshipClass + "] does not have a property with name [" + name + "].");
            }
            StereotypeProperty stereotypeProperty = (StereotypeProperty) firstResult.getAnnotatedElement().getAnnotation(StereotypeProperty.class);
            if (stereotypeProperty == null) {
                throw new IdentityManagementException("Query parameter [" + name + "] does not maps to a " + StereotypeProperty.Property.class + " for type [" + relationshipClass + ".");
            }
            Object[] parameter = relationshipQuery.getParameter(queryParameter);
            if (parameter == null || parameter.length == 0) {
                throw new IdentityManagementException("Query parameter [" + name + "] does not have any value.");
            }
            if (parameter.length > 1) {
                throw new IdentityManagementException("Query parameter [" + name + "] value must be single-valued.");
            }
            Token currentToken = getCurrentToken(identityContext);
            if (currentToken != null) {
                IdentityType resolveIdentityTypeFromToken = resolveIdentityTypeFromToken(currentToken, parameter, stereotypeProperty);
                if (resolveIdentityTypeFromToken == null) {
                    return Collections.emptyList();
                }
                if (relationship == null) {
                    try {
                        relationship = (Relationship) Reflections.newInstance(relationshipClass);
                    } catch (Exception e) {
                        throw new IdentityManagementException("Could not create Relationship type [" + relationshipClass + "].");
                    }
                }
                resolveProperty(relationshipClass, stereotypeProperty.value()).setValue(relationship, resolveIdentityTypeFromToken);
            }
        }
        if (relationship != null) {
            arrayList.add(relationship);
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.picketlink.idm.spi.CredentialStore
    public void storeCredential(IdentityContext identityContext, Account account, CredentialStorage credentialStorage) {
    }

    @Override // org.picketlink.idm.spi.CredentialStore
    public <T extends CredentialStorage> T retrieveCurrentCredential(IdentityContext identityContext, Account account, Class<T> cls) {
        return null;
    }

    @Override // org.picketlink.idm.spi.CredentialStore
    public <T extends CredentialStorage> List<TokenStoreConfiguration> retrieveCredentials(IdentityContext identityContext, Account account, Class<TokenStoreConfiguration> cls) {
        return Collections.emptyList();
    }

    @Override // org.picketlink.idm.spi.CredentialStore
    public void removeCredential(IdentityContext identityContext, Account account, Class<? extends CredentialStorage> cls) {
    }

    private IdentityType resolveIdentityTypeFromToken(Token token, Object[] objArr, StereotypeProperty stereotypeProperty) {
        try {
            IdentityType identityType = (IdentityType) objArr[0];
            if (identityType == null) {
                throw new IdentityManagementException("Query parameter value can not be null.");
            }
            if (StereotypeProperty.Property.RELATIONSHIP_GRANT_ROLE.equals(stereotypeProperty.value())) {
                return extractIdentityTypeFromToken(token, identityType, StereotypeProperty.Property.IDENTITY_ROLE_NAME);
            }
            if (StereotypeProperty.Property.RELATIONSHIP_GRANT_ASSIGNEE.equals(stereotypeProperty.value()) || StereotypeProperty.Property.RELATIONSHIP_GROUP_MEMBERSHIP_MEMBER.equals(stereotypeProperty.value())) {
                return extractIdentityTypeFromToken(token, identityType, StereotypeProperty.Property.IDENTITY_USER_NAME);
            }
            if (StereotypeProperty.Property.RELATIONSHIP_GROUP_MEMBERSHIP_GROUP.equals(stereotypeProperty.value())) {
                return extractIdentityTypeFromToken(token, identityType, StereotypeProperty.Property.IDENTITY_GROUP_NAME);
            }
            throw new IdentityManagementException("Could not resolve any IdentityType [" + identityType + "] from Token [" + token + ".");
        } catch (ClassCastException e) {
            throw new IdentityManagementException("Query parameter value is not an IdentityType instance.", e);
        }
    }

    private IdentityType extractIdentityTypeFromToken(Token token, IdentityType identityType, StereotypeProperty.Property property) {
        Property resolveProperty = resolveProperty(identityType.getClass(), property);
        Object value = resolveProperty.getValue(identityType);
        if (value == null) {
            throw new IdentityManagementException("The IdentityType [" + identityType + "] does not have a value for property [" + resolveProperty.getName() + "].");
        }
        return getTokenConsumer(token).extractIdentity(token, identityType.getClass(), property, value);
    }

    private Token.Consumer getTokenConsumer(Token token) {
        for (Token.Consumer consumer : this.tokenConsumers) {
            if (consumer.getTokenType().isAssignableFrom(token.getClass())) {
                return consumer;
            }
        }
        throw IDMMessages.MESSAGES.credentialNoConsumerForToken(token);
    }

    private Token getCurrentToken(IdentityContext identityContext) {
        return getAuthenticatedAccountCredentials(identityContext).getToken();
    }

    private TokenCredential getAuthenticatedAccountCredentials(IdentityContext identityContext) {
        try {
            TokenCredential tokenCredential = (TokenCredential) identityContext.getParameter(IdentityContext.CREDENTIALS);
            if (tokenCredential == null) {
                throw new IdentityManagementException("No TokenCredential found in the invocation context. Make sure you have a ContextInitializer which sets it.");
            }
            return tokenCredential;
        } catch (ClassCastException e) {
            throw new IdentityManagementException("ContextParameter [CREDENTIALS does not reference a TokenCredential type instance.");
        }
    }

    private Property resolveProperty(Class<?> cls, StereotypeProperty.Property property) throws IdentityManagementException {
        List<Property> resultList = PropertyQueries.createQuery(cls).addCriteria(new AnnotatedPropertyCriteria(StereotypeProperty.class)).getResultList();
        if (resultList.isEmpty()) {
            throw new IdentityManagementException("IdentityType [" + cls + "] does not have any property mapped with " + StereotypeProperty.class + ".");
        }
        for (Property property2 : resultList) {
            if (property.equals(((StereotypeProperty) property2.getAnnotatedElement().getAnnotation(StereotypeProperty.class)).value())) {
                return property2;
            }
        }
        throw new IdentityManagementException("Could not resolve property in type [" + cls + " for StereotypeProperty [" + property + ".");
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public String getConfigurationName(IdentityContext identityContext, Partition partition) {
        return null;
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public <P extends Partition> P get(IdentityContext identityContext, Class<P> cls, String str) {
        return new Realm(Realm.DEFAULT_REALM);
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public <P extends Partition> List<P> get(IdentityContext identityContext, Class<P> cls) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(get(identityContext, Realm.class, Realm.DEFAULT_REALM));
        return arrayList;
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public <P extends Partition> P lookupById(IdentityContext identityContext, Class<P> cls, String str) {
        return null;
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public void add(IdentityContext identityContext, Partition partition, String str) {
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public void update(IdentityContext identityContext, Partition partition) {
    }

    @Override // org.picketlink.idm.spi.PartitionStore
    public void remove(IdentityContext identityContext, Partition partition) {
    }
}
