package org.jboss.errai.persistence.server.security;

import com.google.inject.Inject;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.hibernate.Session;
import org.jboss.errai.bus.client.api.Message;
import org.jboss.errai.bus.client.api.ResourceProvider;
import org.jboss.errai.bus.client.api.base.MessageBuilder;
import org.jboss.errai.bus.client.api.builder.MessageReplySendable;
import org.jboss.errai.bus.client.framework.MessageBus;
import org.jboss.errai.bus.client.protocols.SecurityCommands;
import org.jboss.errai.bus.client.protocols.SecurityParts;
import org.jboss.errai.bus.client.security.CredentialTypes;
import org.jboss.errai.bus.server.ErraiBootstrapFailure;
import org.jboss.errai.bus.server.api.QueueSession;
import org.jboss.errai.bus.server.security.auth.AuthSubject;
import org.jboss.errai.bus.server.security.auth.AuthenticationAdapter;
import org.jboss.errai.bus.server.security.auth.AuthenticationFailedException;
import org.jboss.errai.bus.server.security.auth.SimpleRole;
import org.jboss.errai.bus.server.service.ErraiServiceConfigurator;
import org.jboss.errai.bus.server.util.ConfigUtil;
import org.jboss.errai.bus.server.util.ConfigVisitor;
import org.jboss.errai.persistence.server.security.annotations.AuthPasswordField;
import org.jboss.errai.persistence.server.security.annotations.AuthRolesField;
import org.jboss.errai.persistence.server.security.annotations.AuthUserEntity;
import org.jboss.errai.persistence.server.security.annotations.AuthUsernameField;
import org.mvel2.MVEL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jboss/errai/persistence/server/security/HibernateAuthenticationAdapter.class */
public class HibernateAuthenticationAdapter implements AuthenticationAdapter {
    private ErraiServiceConfigurator configurator;
    private MessageBus bus;
    private Class userEntity;
    private String userField;
    private String passworldField;
    private String rolesField;
    private String challengeQueryString;
    private Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    public HibernateAuthenticationAdapter(ErraiServiceConfigurator erraiServiceConfigurator, MessageBus messageBus) {
        this.log.info("initializing.");
        this.configurator = erraiServiceConfigurator;
        this.bus = messageBus;
        try {
            ConfigUtil.visitAllTargets(erraiServiceConfigurator.getConfigurationRoots(), new ConfigVisitor() { // from class: org.jboss.errai.persistence.server.security.HibernateAuthenticationAdapter.1
                public void visit(Class<?> cls) {
                    if (cls.isAnnotationPresent(AuthUserEntity.class)) {
                        if (HibernateAuthenticationAdapter.this.userEntity != null) {
                            throw new ErraiBootstrapFailure("More than one @AuthUserEntity defined in classpath (" + HibernateAuthenticationAdapter.this.userEntity.getName() + " and " + cls.getName() + " cannot co-exist)");
                        }
                        HibernateAuthenticationAdapter.this.userEntity = cls;
                        for (Field field : cls.getDeclaredFields()) {
                            if (field.isAnnotationPresent(AuthUsernameField.class)) {
                                if (field.getType() != String.class) {
                                    throw new ErraiBootstrapFailure("@AuthUsernameField must annotated a String field");
                                }
                                HibernateAuthenticationAdapter.this.userField = field.getName();
                            } else if (field.isAnnotationPresent(AuthPasswordField.class)) {
                                if (field.getType() != String.class) {
                                    System.out.println("Stopping B");
                                    throw new ErraiBootstrapFailure("@AuthPasswordField must annotated a String field");
                                }
                                HibernateAuthenticationAdapter.this.passworldField = field.getName();
                            } else if (field.isAnnotationPresent(AuthRolesField.class)) {
                                HibernateAuthenticationAdapter.this.rolesField = field.getName();
                            }
                        }
                    }
                }
            });
            if (this.userEntity == null) {
                throw new RuntimeException("You have not specified a @AuthUserEntity for the hibernate security extension.");
            }
            if (this.userField == null) {
                throw new RuntimeException("You must specify a @AuthUsernameField in the '" + this.userEntity.getName() + "' entity.");
            }
            if (this.passworldField == null) {
                throw new RuntimeException("You must specify a @AuthPasswordField in the '" + this.userEntity.getName() + "' entity.");
            }
            if (this.rolesField == null) {
                throw new RuntimeException("You must specify a @AuthRolesField in the '" + this.userEntity.getName() + "' entity.");
            }
            this.log.info("configured authentication entity: " + this.userEntity.getName());
            this.challengeQueryString = "from " + this.userEntity.getSimpleName() + " a where a." + this.userField + "=:name and  a." + this.passworldField + "=:password";
            this.log.info("challenge query string: " + this.challengeQueryString);
        } catch (Throwable th) {
            throw new ErraiBootstrapFailure("error configuring " + getClass().getSimpleName(), th);
        }
    }

    public void challenge(Message message) {
        Session session = (Session) ((ResourceProvider) message.getResource(ResourceProvider.class, "SessionProvider")).get();
        String str = (String) message.get(String.class, SecurityParts.Name);
        Object uniqueResult = session.createQuery(this.challengeQueryString).setString("name", str).setString("password", (String) message.get(String.class, SecurityParts.Password)).uniqueResult();
        if (uniqueResult == null) {
            ((MessageReplySendable) MessageBuilder.createConversation(message).subjectProvided().command(SecurityCommands.FailedAuth).with(SecurityParts.Name, str).noErrorHandling()).sendNowWith(this.bus);
            throw new AuthenticationFailedException();
        }
        AuthSubject authSubject = new AuthSubject(str, str, (Collection) MVEL.getProperty(this.rolesField, uniqueResult));
        addAuthenticationToken(message, authSubject);
        ((MessageReplySendable) MessageBuilder.createConversation(message).subjectProvided().command(SecurityCommands.SuccessfulAuth).with(SecurityParts.Roles, authSubject.toRolesString()).with(SecurityParts.Name, str).noErrorHandling()).sendNowWith(this.bus);
    }

    private void addAuthenticationToken(Message message, AuthSubject authSubject) {
        ((QueueSession) message.getResource(QueueSession.class, "Session")).setAttribute("ErraiAuthData", authSubject);
    }

    public boolean isAuthenticated(Message message) {
        return message.hasResource("Session") && ((QueueSession) message.getResource(QueueSession.class, "Session")).hasAttribute("ErraiAuthData");
    }

    public boolean endSession(Message message) {
        if (!isAuthenticated(message)) {
            return false;
        }
        getAuthDescriptor(message).remove(new SimpleRole(CredentialTypes.Authenticated.name()));
        ((QueueSession) message.getResource(QueueSession.class, "Session")).removeAttribute("ErraiAuthData");
        return true;
    }

    private Set getAuthDescriptor(Message message) {
        Set set = (Set) message.get(Set.class, SecurityParts.Credentials);
        if (set == null) {
            SecurityParts securityParts = SecurityParts.Credentials;
            HashSet hashSet = new HashSet();
            set = hashSet;
            message.set(securityParts, hashSet);
        }
        return set;
    }
}
