package org.picketlink.idm.internal;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.SecurityConfigurationException;
import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityStoreConfiguration;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Grant;
import org.picketlink.idm.model.Group;
import org.picketlink.idm.model.GroupMembership;
import org.picketlink.idm.model.GroupRole;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Partition;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.Tier;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.query.internal.DefaultIdentityQuery;
import org.picketlink.idm.query.internal.DefaultRelationshipQuery;
import org.picketlink.idm.spi.IdentityStore;
import org.picketlink.idm.spi.IdentityStoreInvocationContext;
import org.picketlink.idm.spi.IdentityStoreInvocationContextFactory;
import org.picketlink.idm.spi.PartitionStore;
import org.picketlink.idm.spi.StoreFactory;

/* loaded from: input_file:org/picketlink/idm/internal/DefaultIdentityManager.class */
public class DefaultIdentityManager implements IdentityManager {
    private static final long serialVersionUID = -2835518073812662628L;
    private IdentityStoreInvocationContextFactory contextFactory;
    private Map<String, Map<IdentityStoreConfiguration.Feature, Set<IdentityStoreConfiguration>>> realmStores = new HashMap();
    private StoreFactory storeFactory = new DefaultStoreFactory();
    private ThreadLocal<Realm> currentRealm = new ThreadLocal<>();
    private ThreadLocal<Tier> currentTier = new ThreadLocal<>();

    public IdentityManager forRealm(final Realm realm) {
        final Tier tier = this.currentTier.get();
        return (IdentityManager) Proxy.newProxyInstance(getClass().getClassLoader(), new Class[]{IdentityManager.class}, new InvocationHandler() { // from class: org.picketlink.idm.internal.DefaultIdentityManager.1
            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                try {
                    try {
                        DefaultIdentityManager.this.currentRealm.set(realm);
                        DefaultIdentityManager.this.currentTier.set(tier);
                        Object invoke = method.invoke(this, objArr);
                        DefaultIdentityManager.this.currentRealm.remove();
                        DefaultIdentityManager.this.currentTier.remove();
                        return invoke;
                    } catch (Exception e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                } catch (Throwable th) {
                    DefaultIdentityManager.this.currentRealm.remove();
                    DefaultIdentityManager.this.currentTier.remove();
                    throw th;
                }
            }
        });
    }

    public IdentityManager forTier(final Tier tier) {
        final Realm realm = this.currentRealm.get();
        return (IdentityManager) Proxy.newProxyInstance(getClass().getClassLoader(), new Class[]{IdentityManager.class}, new InvocationHandler() { // from class: org.picketlink.idm.internal.DefaultIdentityManager.2
            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                try {
                    try {
                        DefaultIdentityManager.this.currentRealm.set(realm);
                        DefaultIdentityManager.this.currentTier.set(tier);
                        Object invoke = method.invoke(this, objArr);
                        DefaultIdentityManager.this.currentRealm.remove();
                        DefaultIdentityManager.this.currentTier.remove();
                        return invoke;
                    } catch (Exception e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                } catch (Throwable th) {
                    DefaultIdentityManager.this.currentRealm.remove();
                    DefaultIdentityManager.this.currentTier.remove();
                    throw th;
                }
            }
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v51, types: [java.util.Map] */
    public void bootstrap(IdentityConfiguration identityConfiguration, IdentityStoreInvocationContextFactory identityStoreInvocationContextFactory) {
        HashMap hashMap;
        if (identityConfiguration == null) {
            throw new IllegalArgumentException("identityConfig is null");
        }
        if (identityStoreInvocationContextFactory == null) {
            throw new IllegalArgumentException("contextFactory is null");
        }
        for (IdentityStoreConfiguration identityStoreConfiguration : identityConfiguration.getConfiguredStores()) {
            identityStoreConfiguration.init();
            if (IdentityStoreConfiguration.class.isInstance(identityStoreConfiguration)) {
                IdentityStoreConfiguration identityStoreConfiguration2 = identityStoreConfiguration;
                if (identityStoreConfiguration2.getFeatureSet() == null) {
                    throw new SecurityConfigurationException("A feature set has not been configured for IdentityStoreConfiguration: " + identityStoreConfiguration);
                }
                String realm = identityStoreConfiguration2.getRealm();
                if (realm == null || realm.isEmpty()) {
                    realm = "default";
                }
                if (this.realmStores.containsKey(realm)) {
                    hashMap = (Map) this.realmStores.get(realm);
                } else {
                    hashMap = new HashMap();
                    this.realmStores.put(realm, hashMap);
                }
                for (IdentityStoreConfiguration.Feature feature : IdentityStoreConfiguration.Feature.values()) {
                    if (identityStoreConfiguration2.getFeatureSet().supports(feature)) {
                        if (!hashMap.containsKey(feature)) {
                            hashMap.put(feature, new HashSet());
                        }
                        ((Set) hashMap.get(feature)).add(identityStoreConfiguration2);
                    }
                }
            }
        }
        this.contextFactory = identityStoreInvocationContextFactory;
    }

    public void setIdentityStoreFactory(StoreFactory storeFactory) {
        this.storeFactory = storeFactory;
    }

    public void add(IdentityType identityType) {
        IdentityStoreConfiguration.Feature feature;
        if (identityType == null) {
            throw new IdentityManagementException("You can not add a null IdentityType instance.");
        }
        IdentityStoreInvocationContext createContext = createContext();
        Partition currentPartition = getCurrentPartition(createContext);
        if (Agent.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.createAgent;
            Agent agent = (Agent) identityType;
            if (agent.getLoginName() == null) {
                throw new IdentityManagementException("No login name was provided.");
            }
            if (User.class.isInstance(agent)) {
                feature = IdentityStoreConfiguration.Feature.createUser;
                if (getUser(agent.getLoginName()) != null) {
                    throw new IdentityManagementException("User already exists with the given login name [" + agent.getLoginName() + "] for the given Partition [" + currentPartition.getName() + "]");
                }
            } else if (getAgent(agent.getLoginName()) != null) {
                throw new IdentityManagementException("Agent already exists with the given login name [" + agent.getLoginName() + "] for the given Realm [" + currentPartition.getName() + "]");
            }
        } else if (Group.class.isInstance(identityType)) {
            Group group = (Group) identityType;
            if (group.getName() == null) {
                throw new IdentityManagementException("No name was provided.");
            }
            if (getGroup(group.getPath()) != null) {
                throw new IdentityManagementException("Group already exists with the given name [" + group.getName() + "] for the given Partition [" + currentPartition.getName() + "]");
            }
            if (group.getParentGroup() != null && lookupIdentityById(Group.class, group.getParentGroup().getId()) == null) {
                throw new IdentityManagementException("No parent group found with the given id [" + group.getParentGroup().getId() + "] for the given Partition [" + currentPartition.getName() + "].");
            }
            feature = IdentityStoreConfiguration.Feature.createGroup;
        } else if (Role.class.isInstance(identityType)) {
            Role role = (Role) identityType;
            if (role.getName() == null) {
                throw new IdentityManagementException("No name was provided.");
            }
            if (getRole(role.getName()) != null) {
                throw new IdentityManagementException("Role already exists with the given name [" + role.getName() + "] for the given Partition [" + currentPartition.getName() + "]");
            }
            feature = IdentityStoreConfiguration.Feature.createRole;
        } else {
            if (!Relationship.class.isInstance(identityType)) {
                throw new IllegalArgumentException("Unsupported IdentityType:" + identityType.getClass().getName());
            }
            feature = IdentityStoreConfiguration.Feature.createRelationship;
        }
        getContextualStoreForFeature(createContext, feature).add(identityType);
    }

    public void add(Relationship relationship) {
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.createRelationship).add(relationship);
    }

    public void update(IdentityType identityType) {
        IdentityStoreConfiguration.Feature feature;
        checkIfIdentityTypeExists(identityType);
        if (User.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.updateUser;
        } else if (Agent.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.updateAgent;
        } else if (Group.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.updateGroup;
        } else {
            if (!Role.class.isInstance(identityType)) {
                throw new IllegalArgumentException("Unsupported IdentityType");
            }
            feature = IdentityStoreConfiguration.Feature.updateRole;
        }
        getContextualStoreForFeature(createContext(), feature).update(identityType);
    }

    public void update(Relationship relationship) {
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.updateRelationship).update(relationship);
    }

    public void remove(IdentityType identityType) {
        IdentityStoreConfiguration.Feature feature;
        checkIfIdentityTypeExists(identityType);
        IdentityStoreInvocationContext createContext = createContext();
        if (User.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.deleteUser;
        } else if (Agent.class.isInstance(identityType)) {
            feature = IdentityStoreConfiguration.Feature.deleteAgent;
        } else if (Group.class.isInstance(identityType)) {
            if (createContext.getRealm() != null && createContext.getTier() != null) {
                throw new IllegalStateException("Ambiguous context state - Group may only be managed in either the scope of a Realm or a Tier, however both have been set.");
            }
            feature = IdentityStoreConfiguration.Feature.deleteGroup;
        } else {
            if (!Role.class.isInstance(identityType)) {
                throw new IllegalArgumentException("Unsupported IdentityType");
            }
            if (createContext.getRealm() != null && createContext.getTier() != null) {
                throw new IllegalStateException("Ambiguous context state - Role may only be managed in either the scope of a Realm or a Tier, however both have been set.");
            }
            feature = IdentityStoreConfiguration.Feature.deleteRole;
        }
        getContextualStoreForFeature(createContext, feature).remove(identityType);
    }

    public void remove(Relationship relationship) {
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.deleteRelationship).remove(relationship);
    }

    public Agent getAgent(String str) {
        return getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readAgent).getAgent(str);
    }

    public User getUser(String str) {
        return getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readUser).getUser(str);
    }

    public Group getGroup(String str) {
        if (str == null) {
            return null;
        }
        return getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readGroup).getGroup(str);
    }

    public Group getGroup(String str, Group group) {
        if (str == null || group == null) {
            return null;
        }
        if (lookupIdentityById(Group.class, group.getId()) == null) {
            throw new IdentityManagementException("No parent group found with the given id [" + group.getId() + "]");
        }
        IdentityStoreInvocationContext createContext = createContext();
        if (createContext.getRealm() == null || createContext.getTier() == null) {
            return getContextualStoreForFeature(createContext, IdentityStoreConfiguration.Feature.readGroup).getGroup(str, group);
        }
        throw new IllegalStateException("Ambiguous context state - Group may only be managed in either the scope of a Realm or a Tier, however both have been set.");
    }

    public boolean isMember(IdentityType identityType, Group group) {
        checkNotNull(identityType);
        checkNotNull(group);
        return getGroupMembership(identityType, group) != null;
    }

    public void addToGroup(Agent agent, Group group) {
        checkIfIdentityTypeExists(agent);
        checkIfIdentityTypeExists(group);
        if (getGroupMembership(agent, group) == null) {
            add((Relationship) new GroupMembership(agent, group));
        }
    }

    public void removeFromGroup(Agent agent, Group group) {
        checkIfIdentityTypeExists(agent);
        checkIfIdentityTypeExists(group);
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.deleteRelationship).remove(new GroupMembership(agent, group));
    }

    public Role getRole(String str) {
        return getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readRole).getRole(str);
    }

    public boolean hasGroupRole(IdentityType identityType, Role role, Group group) {
        checkNotNull(identityType);
        checkNotNull(role);
        checkNotNull(group);
        return getGroupRole(identityType, role, group) != null;
    }

    public void grantGroupRole(IdentityType identityType, Role role, Group group) {
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        checkIfIdentityTypeExists(group);
        if (getGroupRole(identityType, role, group) == null) {
            add((Relationship) new GroupRole(identityType, group, role));
        }
    }

    public void revokeGroupRole(IdentityType identityType, Role role, Group group) {
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        checkIfIdentityTypeExists(group);
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.deleteRelationship).remove(new GroupRole(identityType, group, role));
    }

    public boolean hasRole(IdentityType identityType, Role role) {
        checkNotNull(identityType);
        checkNotNull(role);
        return getGrant(identityType, role) != null;
    }

    public void grantRole(IdentityType identityType, Role role) {
        if (!Agent.class.isInstance(identityType) && !Group.class.isInstance(identityType)) {
            throw new IdentityManagementException("Only Agent and Group types are supported for this relationship type.");
        }
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        if (getGrant(identityType, role) == null) {
            add((Relationship) new Grant(identityType, role));
        }
    }

    public void revokeRole(IdentityType identityType, Role role) {
        checkIfIdentityTypeExists(identityType);
        checkIfIdentityTypeExists(role);
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.deleteRelationship).remove(new Grant(identityType, role));
    }

    public void validateCredentials(Credentials credentials) {
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.manageCredentials).validateCredentials(credentials);
    }

    public void updateCredential(Agent agent, Object obj) {
        updateCredential(agent, obj, new Date(), null);
    }

    public void updateCredential(Agent agent, Object obj, Date date, Date date2) {
        getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.manageCredentials).updateCredential(agent, obj, date, date2);
    }

    public <T extends IdentityType> IdentityQuery<T> createIdentityQuery(Class<T> cls) {
        return new DefaultIdentityQuery(cls, getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readUser));
    }

    public <T extends Relationship> RelationshipQuery<T> createRelationshipQuery(Class<T> cls) {
        return new DefaultRelationshipQuery(cls, getContextualStoreForFeature(createContext(), IdentityStoreConfiguration.Feature.readRelationship));
    }

    public void createRealm(Realm realm) {
        checkCreateNullPartition(realm);
        checkCreateNullPartitionName(realm);
        getContextualPartitionStore().createPartition(realm);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [org.picketlink.idm.model.IdentityType] */
    public <T extends IdentityType> T lookupIdentityById(Class<T> cls, String str) {
        if (cls == null) {
            throw new IdentityManagementException("You must provide the IdentityType class.");
        }
        if (str == null) {
            throw new IdentityManagementException("Could not lookup with a null identifier.");
        }
        IdentityQuery<T> createIdentityQuery = createIdentityQuery(cls);
        createIdentityQuery.setParameter(IdentityType.ID, new Object[]{str});
        List resultList = createIdentityQuery.getResultList();
        T t = null;
        if (!resultList.isEmpty()) {
            if (resultList.size() > 1) {
                throw new IdentityManagementException("Ambiguous IdentityType for identifier [" + str + "].");
            }
            t = (IdentityType) resultList.get(0);
        }
        return t;
    }

    public void removeRealm(Realm realm) {
        if (realm == null) {
            throw new IdentityManagementException("You must provide a non-nul Realm instance.");
        }
        if (getRealm(realm.getName()) == null) {
            throw new IdentityManagementException("No Realm with the given name [" + realm.getName() + "] was found.");
        }
        getContextualPartitionStore().removePartition(realm);
    }

    public Realm getRealm(String str) {
        return getContextualPartitionStore().getRealm(str);
    }

    public void createTier(Tier tier) {
        checkCreateNullPartition(tier);
        checkCreateNullPartitionName(tier);
        getContextualPartitionStore().createPartition(tier);
    }

    public void removeTier(Tier tier) {
        if (tier == null) {
            throw new IdentityManagementException("You must provide a non-nul Tier instance.");
        }
        if (getTier(tier.getName()) == null) {
            throw new IdentityManagementException("No Tier with the given name [" + tier.getName() + "] was found.");
        }
        getContextualPartitionStore().removePartition(tier);
    }

    public Tier getTier(String str) {
        return getContextualPartitionStore().getTier(str);
    }

    public void loadAttribute(IdentityType identityType, String str) {
    }

    private GroupRole getGroupRole(IdentityType identityType, Role role, Group group) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(GroupRole.class);
        createRelationshipQuery.setParameter(GroupRole.ASSIGNEE, new Object[]{identityType});
        createRelationshipQuery.setParameter(GroupRole.ROLE, new Object[]{role});
        createRelationshipQuery.setParameter(GroupRole.GROUP, new Object[]{group});
        List resultList = createRelationshipQuery.getResultList();
        GroupRole groupRole = null;
        if (!resultList.isEmpty()) {
            groupRole = (GroupRole) resultList.get(0);
        }
        return groupRole;
    }

    private GroupMembership getGroupMembership(IdentityType identityType, Group group) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(GroupMembership.class);
        createRelationshipQuery.setParameter(GroupMembership.MEMBER, new Object[]{identityType});
        createRelationshipQuery.setParameter(GroupMembership.GROUP, new Object[]{group});
        List resultList = createRelationshipQuery.getResultList();
        GroupMembership groupMembership = null;
        if (!resultList.isEmpty()) {
            groupMembership = (GroupMembership) resultList.get(0);
        }
        return groupMembership;
    }

    private void checkCreateNullPartitionName(Partition partition) {
        if (partition.getName() == null) {
            throw new IdentityManagementException("Realm name must not be null");
        }
    }

    private void checkCreateNullPartition(Partition partition) {
        if (partition == null) {
            throw new IdentityManagementException("Partition must not be null.");
        }
    }

    private PartitionStore getContextualPartitionStore() {
        PartitionStore contextualStoreForFeature = getContextualStoreForFeature(createPartitionContext(), IdentityStoreConfiguration.Feature.managePartitions);
        if (PartitionStore.class.isInstance(contextualStoreForFeature)) {
            return contextualStoreForFeature;
        }
        throw new IdentityManagementException("No PartitionStore configured.");
    }

    private IdentityStore<?> getContextualStoreForFeature(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityStoreConfiguration.Feature feature) {
        return getContextualStoreForFeature(identityStoreInvocationContext, feature, null);
    }

    private IdentityStore<?> getContextualStoreForFeature(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityStoreConfiguration.Feature feature, Class<? extends Relationship> cls) {
        Set<IdentityStoreConfiguration> set;
        String name = identityStoreInvocationContext.getRealm() != null ? identityStoreInvocationContext.getRealm().getName() : "default";
        if (!this.realmStores.containsKey(name)) {
            if (this.realmStores.isEmpty()) {
                throw new SecurityException("No identity stores have been configured.");
            }
            throw new SecurityException("The specified realm '" + name + "' has not been configured.");
        }
        Map<IdentityStoreConfiguration.Feature, Set<IdentityStoreConfiguration>> map = this.realmStores.get(name);
        if (map.containsKey(feature)) {
            set = map.get(feature);
        } else {
            if (!map.containsKey(IdentityStoreConfiguration.Feature.all)) {
                throw new SecurityConfigurationException("No identity store configuration found for requested feature [" + feature + "]");
            }
            set = map.get(IdentityStoreConfiguration.Feature.all);
        }
        if (set.size() > 1) {
            throw new SecurityConfigurationException("Ambiguous security configuration - multiple identity stores have been configured for feature [" + feature + "]");
        }
        IdentityStoreConfiguration next = set.iterator().next();
        if (next == null) {
            throw new SecurityConfigurationException("No identity store configuration found for requested feature [" + feature + "]");
        }
        if (cls != null && !next.getFeatureSet().supportsRelationship(cls)) {
            throw new SecurityConfigurationException("No identity store configuration found for requested feature [" + feature + "] with relationship type [" + cls.getName() + "]");
        }
        IdentityStore<?> createIdentityStore = this.storeFactory.createIdentityStore(next, identityStoreInvocationContext);
        this.contextFactory.initContextForStore(identityStoreInvocationContext, createIdentityStore);
        createIdentityStore.setup(next, identityStoreInvocationContext);
        return createIdentityStore;
    }

    private IdentityStoreInvocationContext createContext() {
        IdentityStoreInvocationContext createContext = this.contextFactory.createContext();
        createContext.setRealm(this.currentRealm.get());
        createContext.setTier(this.currentTier.get());
        return createContext;
    }

    private IdentityStoreInvocationContext createPartitionContext() {
        return this.contextFactory.createContext();
    }

    private void checkIfIdentityTypeExists(IdentityType identityType) {
        checkNotNull(identityType);
        if (lookupIdentityById(identityType.getClass(), identityType.getId()) == null) {
            throw new IdentityManagementException("No IdentityType [" + identityType.getClass().getName() + "] found with the given id [" + identityType + "]");
        }
    }

    private void checkNotNull(IdentityType identityType) {
        if (identityType == null) {
            throw new IdentityManagementException("You must provide a non-null IdentityType.");
        }
    }

    private Partition getCurrentPartition(IdentityStoreInvocationContext identityStoreInvocationContext) {
        Realm realm = identityStoreInvocationContext.getRealm();
        if (realm == null) {
            realm = new Realm("default");
        }
        Realm realm2 = realm;
        if (identityStoreInvocationContext.getTier() != null) {
            realm2 = identityStoreInvocationContext.getTier();
        }
        return realm2;
    }

    private Grant getGrant(IdentityType identityType, Role role) {
        RelationshipQuery createRelationshipQuery = createRelationshipQuery(Grant.class);
        createRelationshipQuery.setParameter(Grant.ASSIGNEE, new Object[]{identityType});
        createRelationshipQuery.setParameter(Grant.ROLE, new Object[]{role});
        List resultList = createRelationshipQuery.getResultList();
        Grant grant = null;
        if (!resultList.isEmpty()) {
            grant = (Grant) resultList.get(0);
        }
        return grant;
    }
}
