package org.jboss.seam.security.external.oauth;

import com.google.common.collect.Iterables;
import java.io.IOException;
import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.BeanManager;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import org.jboss.seam.security.AuthenticationException;
import org.jboss.seam.security.Authenticator;
import org.jboss.seam.security.BaseAuthenticator;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.events.DeferredAuthenticationEvent;
import org.jboss.seam.security.external.oauth.api.OAuthAuthenticator;
import org.jboss.seam.security.management.picketlink.IdentitySessionProducer;
import org.jboss.seam.social.MultiServicesManager;
import org.jboss.seam.social.SeamSocialExtension;
import org.jboss.seam.social.SocialNetworkServicesHub;
import org.jboss.seam.social.oauth.OAuthService;
import org.jboss.seam.social.oauth.OAuthSession;
import org.jboss.solder.core.Requires;
import org.jboss.solder.logging.Logger;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.IdentitySession;
import org.picketlink.idm.api.Role;
import org.picketlink.idm.api.RoleType;
import org.picketlink.idm.api.User;
import org.picketlink.idm.common.exception.FeatureNotSupportedException;
import org.picketlink.idm.common.exception.IdentityException;

@Requires({"org.jboss.seam.social.oauth.OAuthService"})
@SessionScoped
@Named("oauthAuthenticator")
/* loaded from: input_file:org/jboss/seam/security/external/oauth/OAuthAuthenticatorImpl.class */
public class OAuthAuthenticatorImpl extends BaseAuthenticator implements OAuthAuthenticator, Authenticator, Serializable {
    private static final long serialVersionUID = 3431696230531662201L;

    @Inject
    @Any
    private Instance<OAuthService> serviceInstances;
    private String serviceName = null;
    private boolean identityManaged = true;

    @Inject
    Instance<Identity> identity;

    @Inject
    MultiServicesManager multiServicesManager;

    @Inject
    Instance<IdentitySession> identitySession;

    @Inject
    Instance<IdentitySessionProducer> identitySessionProducer;

    @Inject
    Logger log;

    @Inject
    SeamSocialExtension extension;

    @Inject
    BeanManager beanManager;

    public boolean isIdentityManaged() {
        return this.identityManaged;
    }

    public void setIdentityManaged(boolean z) {
        this.identityManaged = z;
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public String getServiceName() {
        return this.serviceName;
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public List<String> getListOfServices() {
        return this.multiServicesManager.getListOfServices();
    }

    private OAuthService getUnambiguousService() {
        if (this.extension.getSocialRelated().size() != 1) {
            throw new IllegalStateException("Service name not set and there is no unambiguous OAuthService available");
        }
        return (OAuthService) this.serviceInstances.select(new Annotation[]{(Annotation) SeamSocialExtension.getServicesToQualifier().inverse().get((String) Iterables.getOnlyElement(this.extension.getSocialRelated()))}).get();
    }

    private OAuthService getCurrentService() {
        return this.serviceName == null ? getUnambiguousService() : this.multiServicesManager.getCurrentService();
    }

    public void authenticate() {
        String initNewSession;
        if (this.serviceName == null) {
            this.log.debug("Service name null, authenticating with unamgiguous oauthService");
            initNewSession = getUnambiguousService().getAuthorizationUrl();
        } else {
            this.log.debug("authenticating service \"" + this.serviceName + "\"");
            initNewSession = this.multiServicesManager.initNewSession(this.serviceName);
        }
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect(initNewSession);
            setStatus(Authenticator.AuthenticationStatus.DEFERRED);
        } catch (IOException e) {
            this.log.error("Failed to redirect ", e);
            setStatus(Authenticator.AuthenticationStatus.FAILURE);
        }
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public String getVerifierParamName() {
        return getCurrentHub().getVerifierParamName();
    }

    private SocialNetworkServicesHub getCurrentHub() {
        return this.multiServicesManager.getCurrentServiceHub();
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public String getVerifier() {
        return getCurrentService().getVerifier();
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public void setVerifier(String str) {
        getCurrentService().setVerifier(str);
    }

    @Override // org.jboss.seam.security.external.oauth.api.OAuthAuthenticator
    public void connect() {
        OAuthService unambiguousService;
        OAuthSession session;
        if (this.serviceName != null) {
            MultiServicesManager multiServicesManager = this.multiServicesManager;
            multiServicesManager.connectCurrentService();
            unambiguousService = multiServicesManager.getCurrentService();
            session = multiServicesManager.getCurrentSession();
        } else {
            unambiguousService = getUnambiguousService();
            session = unambiguousService.getSession();
            unambiguousService.initAccessToken();
        }
        OAuthUser oAuthUser = new OAuthUser(unambiguousService.getType(), session.getUserProfile());
        if (isIdentityManaged()) {
            setStatus(Authenticator.AuthenticationStatus.FAILURE);
            if (((IdentitySessionProducer) this.identitySessionProducer.get()).isConfigured()) {
                validateManagedUser(oAuthUser);
            }
        }
        setUser(oAuthUser);
        setStatus(Authenticator.AuthenticationStatus.SUCCESS);
        this.beanManager.fireEvent(new DeferredAuthenticationEvent(true), new Annotation[0]);
    }

    protected void validateManagedUser(OAuthUser oAuthUser) {
        IdentitySession identitySession = (IdentitySession) this.identitySession.get();
        try {
            if (identitySession.getPersistenceManager().findUser(oAuthUser.getId()) == null) {
                User createUser = identitySession.getPersistenceManager().createUser(oAuthUser.getId());
                try {
                    Iterator it = identitySession.getRoleManager().findUserRoleTypes(createUser).iterator();
                    while (it.hasNext()) {
                        for (Role role : identitySession.getRoleManager().findRoles(createUser, (RoleType) it.next())) {
                            ((Identity) this.identity.get()).addRole(role.getRoleType().getName(), role.getGroup().getName(), role.getGroup().getGroupType());
                        }
                    }
                    for (Group group : identitySession.getRelationshipManager().findAssociatedGroups(createUser)) {
                        ((Identity) this.identity.get()).addGroup(group.getName(), group.getGroupType());
                    }
                } catch (IdentityException e) {
                    throw new AuthenticationException("Error loading user's roles and groups", e);
                } catch (FeatureNotSupportedException e2) {
                    throw new AuthenticationException("Error loading user's roles and groups", e2);
                }
            }
        } catch (IdentityException e3) {
            throw new AuthenticationException("Error locating User record for OAuth user", e3);
        }
    }
}
