package org.jboss.aerogear.security.picketlink.authz;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import org.jboss.aerogear.security.auth.LoggedUser;
import org.jboss.aerogear.security.auth.Secret;
import org.jboss.aerogear.security.authz.IdentityManagement;
import org.jboss.aerogear.security.exception.AeroGearSecurityException;
import org.jboss.aerogear.security.exception.HttpStatus;
import org.jboss.aerogear.security.otp.api.Base32;
import org.jboss.aerogear.security.picketlink.auth.CredentialMatcher;
import org.picketlink.Identity;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;

@ApplicationScoped
/* loaded from: input_file:org/jboss/aerogear/security/picketlink/authz/IdentityManagementImpl.class */
public class IdentityManagementImpl implements IdentityManagement<User> {
    private static final String IDM_SECRET_ATTRIBUTE = "serial";

    @Inject
    private CredentialMatcher credentialMatcher;

    @Inject
    private GrantConfiguration grantConfiguration;

    @Inject
    private IdentityManager identityManager;

    @Inject
    private DefaultLoginCredentials credentials;

    @Inject
    private Identity identity;

    public IdentityManagement.GrantMethods grant(String... strArr) {
        return this.grantConfiguration.m1roles(strArr);
    }

    public IdentityManagement.GrantMethods revoke(String... strArr) {
        return this.grantConfiguration.m0revoke(strArr);
    }

    /* renamed from: findByUsername, reason: merged with bridge method [inline-methods] */
    public User m3findByUsername(String str) throws RuntimeException {
        User user = this.identityManager.getUser(str);
        if (user == null) {
            throw new AeroGearSecurityException(HttpStatus.CREDENTIAL_NOT_FOUND);
        }
        return user;
    }

    public void remove(String str) {
        if (isLoggedIn(str)) {
            throw new AeroGearSecurityException(HttpStatus.ALREADY_LOGGED_IN);
        }
        this.identityManager.remove(this.identityManager.getUser(str));
    }

    public void reset(User user, String str, String str2) {
        this.credentialMatcher.validate(user, str);
        if (!this.credentialMatcher.hasExpired() && !this.credentialMatcher.isValid()) {
            throw new AeroGearSecurityException(HttpStatus.PASSWORD_RESET_FAILED);
        }
        this.identityManager.updateCredential(user, new Password(str2));
    }

    public void create(User user, String str) {
        this.identityManager.add(user);
        this.identityManager.updateCredential(user, new Password(str));
    }

    @Produces
    @Secret
    public String getSecret() {
        User agent = this.identity.getAgent();
        Attribute attribute = agent.getAttribute(IDM_SECRET_ATTRIBUTE);
        if (attribute == null) {
            attribute = new Attribute(IDM_SECRET_ATTRIBUTE, Base32.random());
            agent.setAttribute(attribute);
            this.identityManager.update(agent);
        }
        return (String) attribute.getValue();
    }

    @Produces
    @LoggedUser
    public String getLogin() {
        String str = null;
        if (this.identity.isLoggedIn()) {
            str = this.identity.getAgent().getLoginName();
        }
        return str;
    }

    public boolean hasRoles(Set<String> set) {
        if (!this.identity.isLoggedIn()) {
            return false;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            Role role = this.identityManager.getRole(it.next());
            if (role != null && this.identityManager.hasRole(this.identity.getAgent(), role)) {
                return true;
            }
        }
        return false;
    }

    /* renamed from: findById, reason: merged with bridge method [inline-methods] */
    public User m2findById(long j) throws RuntimeException {
        IdentityQuery createIdentityQuery = this.identityManager.createIdentityQuery(User.class);
        createIdentityQuery.setParameter(User.ID, new Object[]{Long.valueOf(j)});
        return (User) createIdentityQuery.getResultList().get(0);
    }

    public List<User> findAllByRole(String str) {
        Role role = this.identityManager.getRole(str);
        IdentityQuery createIdentityQuery = this.identityManager.createIdentityQuery(User.class);
        createIdentityQuery.setParameter(User.HAS_ROLE, new Object[]{role});
        return createIdentityQuery.getResultList();
    }

    private boolean isLoggedIn(String str) {
        return this.identity.isLoggedIn() && this.identity.getAgent().getLoginName().equals(str);
    }
}
