package org.picketlink.idm.credential;

import java.util.List;
import java.util.Set;
import org.picketlink.common.properties.Property;
import org.picketlink.common.properties.query.AnnotatedPropertyCriteria;
import org.picketlink.common.properties.query.PropertyQueries;
import org.picketlink.common.reflection.Reflections;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.annotation.StereotypeProperty;

/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api-2.5.4.SP1-redhat-1.jar:org/picketlink/idm/credential/AbstractTokenConsumer.class */
public abstract class AbstractTokenConsumer<T extends Token> implements Token.Consumer<T> {
    @Override // org.picketlink.idm.credential.Token.Consumer
    public <I extends IdentityType> I extractIdentity(T t, Class<I> cls, StereotypeProperty.Property property, Object obj) {
        if (t == null || t.getToken() == null) {
            throw IDMMessages.MESSAGES.nullArgument("Token");
        }
        if (cls == null) {
            throw IDMMessages.MESSAGES.nullArgument("IdentityType");
        }
        if (property == null) {
            throw IDMMessages.MESSAGES.nullArgument("Identifier value");
        }
        if (obj == null) {
            throw IDMMessages.MESSAGES.nullArgument("Identifier value");
        }
        return (I) extractIdentityTypeFromToken(t, cls, property, obj);
    }

    protected abstract String extractSubject(T t);

    protected abstract Set<String> extractRoles(T t);

    protected abstract Set<String> extractGroups(T t);

    private <I extends IdentityType> I extractIdentityTypeFromToken(T t, Class<I> cls, StereotypeProperty.Property property, Object obj) {
        if (!hasIdentityType(t, property, obj)) {
            return null;
        }
        try {
            I i = (I) Reflections.newInstance(cls);
            resolveProperty(cls, property).setValue(i, obj);
            if (Account.class.isAssignableFrom(cls)) {
                resolveProperty(cls, StereotypeProperty.Property.IDENTITY_USER_NAME).setValue(i, extractSubject(t));
            }
            return i;
        } catch (Exception e) {
            throw new IdentityManagementException("Could not extract IdentityType [" + cls + "] from Token [" + t + "].", e);
        }
    }

    private Property resolveProperty(Class<? extends IdentityType> cls, StereotypeProperty.Property property) {
        List<Property> resultList = PropertyQueries.createQuery(cls).addCriteria(new AnnotatedPropertyCriteria(StereotypeProperty.class)).getResultList();
        if (resultList.isEmpty()) {
            throw new IdentityManagementException("IdentityType [" + cls + "] does not have any property mapped with " + StereotypeProperty.class + ".");
        }
        for (Property property2 : resultList) {
            if (property.equals(((StereotypeProperty) property2.getAnnotatedElement().getAnnotation(StereotypeProperty.class)).value())) {
                return property2;
            }
        }
        throw new IdentityManagementException("Could not resolve property in type [" + cls + " for StereotypeProperty [" + property + ".");
    }

    private boolean hasIdentityType(T t, StereotypeProperty.Property property, Object obj) {
        String extractSubject;
        if (StereotypeProperty.Property.IDENTITY_ROLE_NAME.equals(property) && extractRoles(t).contains(obj)) {
            return true;
        }
        if (StereotypeProperty.Property.IDENTITY_GROUP_NAME.equals(property) && extractGroups(t).contains(obj)) {
            return true;
        }
        return (StereotypeProperty.Property.IDENTITY_USER_NAME.equals(property) || StereotypeProperty.Property.IDENTITY_ID.equals(property)) && (extractSubject = extractSubject(t)) != null && obj.equals(extractSubject);
    }
}
