package org.picketlink.internal;

import java.io.Serializable;
import java.lang.annotation.Annotation;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.deltaspike.core.util.ExceptionUtils;
import org.picketlink.Identity;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.authentication.Authenticator;
import org.picketlink.authentication.AuthenticatorSelector;
import org.picketlink.authentication.UnexpectedCredentialException;
import org.picketlink.authentication.event.AlreadyLoggedInEvent;
import org.picketlink.authentication.event.LoggedInEvent;
import org.picketlink.authentication.event.LoginFailedEvent;
import org.picketlink.authentication.event.PostAuthenticateEvent;
import org.picketlink.authentication.event.PostLoggedOutEvent;
import org.picketlink.authentication.event.PreAuthenticateEvent;
import org.picketlink.authentication.event.PreLoggedOutEvent;
import org.picketlink.credential.internal.DefaultLoginCredentials;
import org.picketlink.idm.model.User;

@SessionScoped
@Named("identity")
/* loaded from: input_file:org/picketlink/internal/DefaultIdentity.class */
public class DefaultIdentity implements Identity {
    private static final long serialVersionUID = 3696702275353144429L;

    @Inject
    private AuthenticatorSelector authenticatorSelector;

    @Inject
    private BeanManager beanManager;

    @Inject
    private DefaultLoginCredentials loginCredential;
    private boolean authenticating;
    private User user;

    public boolean isLoggedIn() {
        return this.user != null;
    }

    public User getUser() {
        return this.user;
    }

    public Identity.AuthenticationResult login() {
        try {
            if (isLoggedIn()) {
                if (isAuthenticationRequestWithDifferentUserId()) {
                    throw new UnexpectedCredentialException("active user: " + this.user.getId() + " provided credentials: " + this.loginCredential.getUserId());
                }
                this.beanManager.fireEvent(new AlreadyLoggedInEvent(), new Annotation[0]);
                throw new SecurityException("Already Logged In");
            }
            if (authenticate()) {
                this.beanManager.fireEvent(new LoggedInEvent(), new Annotation[0]);
                return Identity.AuthenticationResult.SUCCESS;
            }
            this.beanManager.fireEvent(new LoginFailedEvent((Throwable) null), new Annotation[0]);
            return Identity.AuthenticationResult.FAILED;
        } catch (Throwable th) {
            this.beanManager.fireEvent(new LoginFailedEvent(th), new Annotation[0]);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            ExceptionUtils.throwAsRuntimeException(th);
            throw new IllegalStateException(th);
        }
    }

    private boolean isAuthenticationRequestWithDifferentUserId() {
        return (!isLoggedIn() || this.loginCredential.getUserId() == null || this.loginCredential.getUserId().equals(this.user.getId())) ? false : true;
    }

    protected boolean authenticate() throws AuthenticationException {
        try {
            if (this.authenticating) {
                this.authenticating = false;
                throw new IllegalStateException("Authentication already in progress.");
            }
            try {
                this.authenticating = true;
                this.beanManager.fireEvent(new PreAuthenticateEvent(), new Annotation[0]);
                Authenticator selectedAuthenticator = this.authenticatorSelector.getSelectedAuthenticator();
                if (selectedAuthenticator == null) {
                    throw new AuthenticationException("No Authenticator has been configured.");
                }
                selectedAuthenticator.authenticate();
                if (selectedAuthenticator.getStatus() == null) {
                    throw new AuthenticationException("Authenticator must return a valid authentication status");
                }
                if (selectedAuthenticator.getStatus() != Authenticator.AuthenticationStatus.SUCCESS) {
                    this.authenticating = false;
                    return false;
                }
                postAuthenticate(selectedAuthenticator);
                this.user = selectedAuthenticator.getUser();
                this.authenticating = false;
                return true;
            } catch (Throwable th) {
                if (th instanceof AuthenticationException) {
                    throw th;
                }
                throw new AuthenticationException("Authentication failed.", th);
            }
        } catch (Throwable th2) {
            this.authenticating = false;
            throw th2;
        }
    }

    protected void postAuthenticate(Authenticator authenticator) {
        authenticator.postAuthenticate();
        if (authenticator.getStatus().equals(Authenticator.AuthenticationStatus.SUCCESS)) {
            this.beanManager.fireEvent(new PostAuthenticateEvent(), new Annotation[0]);
        }
    }

    public void logout() {
        logout(true);
    }

    protected void logout(boolean z) {
        if (isLoggedIn()) {
            this.beanManager.fireEvent(new PreLoggedOutEvent(this.user), new Annotation[0]);
            PostLoggedOutEvent postLoggedOutEvent = new PostLoggedOutEvent(this.user);
            unAuthenticate(z);
            this.beanManager.fireEvent(postLoggedOutEvent, new Annotation[0]);
        }
    }

    private void unAuthenticate(boolean z) {
        this.user = null;
        if (z) {
            this.loginCredential.invalidate();
        }
    }

    public boolean hasPermission(Object obj, String str) {
        return false;
    }

    public boolean hasPermission(Class<?> cls, Serializable serializable, String str) {
        return false;
    }
}
