package org.picketbox.core;

import org.picketbox.core.authentication.AuthenticationMechanism;
import org.picketbox.core.authentication.AuthenticationProvider;
import org.picketbox.core.authentication.AuthenticationResult;
import org.picketbox.core.authentication.AuthenticationStatus;
import org.picketbox.core.authentication.impl.PicketBoxAuthenticationProvider;
import org.picketbox.core.authorization.AuthorizationManager;
import org.picketbox.core.authorization.EntitlementsManager;
import org.picketbox.core.authorization.Resource;
import org.picketbox.core.config.PicketBoxConfiguration;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.identity.IdentityManager;
import org.picketbox.core.session.DefaultSessionManager;
import org.picketbox.core.session.PicketBoxSession;
import org.picketbox.core.session.SessionManager;

/* loaded from: input_file:org/picketbox/core/AbstractPicketBoxManager.class */
public abstract class AbstractPicketBoxManager extends AbstractPicketBoxLifeCycle implements PicketBoxManager {
    protected AuthenticationProvider authenticationProvider;
    protected AuthorizationManager authorizationManager;
    protected SessionManager sessionManager;
    protected EntitlementsManager entitlementsManager;
    protected IdentityManager identityManager;
    protected PicketBoxConfiguration configuration;

    public AbstractPicketBoxManager(PicketBoxConfiguration picketBoxConfiguration) {
        this.configuration = picketBoxConfiguration;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public void logout(PicketBoxSubject picketBoxSubject) throws IllegalStateException {
        if (!picketBoxSubject.isAuthenticated()) {
            throw PicketBoxMessages.MESSAGES.invalidUserSession();
        }
        if (this.sessionManager != null) {
            this.sessionManager.remove(picketBoxSubject.getSession());
        }
        picketBoxSubject.setAuthenticated(false);
    }

    @Override // org.picketbox.core.PicketBoxManager
    public PicketBoxSubject authenticate(PicketBoxSubject picketBoxSubject) throws AuthenticationException {
        checkIfStarted();
        PicketBoxSession picketBoxSession = null;
        if (this.sessionManager != null) {
            if (picketBoxSubject.getSession() != null && picketBoxSubject.getSession().getId() != null) {
                picketBoxSession = this.sessionManager.retrieve(picketBoxSubject.getSession().getId());
            }
            if (picketBoxSubject.isAuthenticated()) {
                if (picketBoxSession == null || !picketBoxSession.isValid()) {
                    throw new IllegalArgumentException("User is authenticated, but no associated session was found or it was invalid. Session: " + picketBoxSession);
                }
                return picketBoxSubject;
            }
        }
        if (picketBoxSession != null) {
            picketBoxSubject = picketBoxSession.getSubject();
            picketBoxSubject.setSession(picketBoxSession);
        } else {
            Credential credential = picketBoxSubject.getCredential();
            if (credential == null) {
                throw PicketBoxMessages.MESSAGES.failedToValidateCredentials();
            }
            if (doPreAuthentication(picketBoxSubject)) {
                AuthenticationResult authenticationResult = null;
                for (String str : this.authenticationProvider.getSupportedMechanisms()) {
                    AuthenticationMechanism mechanism = this.authenticationProvider.getMechanism(str);
                    if (mechanism.supports(credential)) {
                        try {
                            authenticationResult = mechanism.authenticate(credential);
                        } catch (AuthenticationException e) {
                            throw PicketBoxMessages.MESSAGES.authenticationFailed(e);
                        }
                    }
                }
                if (authenticationResult == null) {
                    throw PicketBoxMessages.MESSAGES.failedToValidateCredentials();
                }
                picketBoxSubject.setAuthenticated(authenticationResult.getStatus().equals(AuthenticationStatus.SUCCESS));
                if (picketBoxSubject.isAuthenticated()) {
                    picketBoxSubject.setUser(authenticationResult.getPrincipal());
                    this.identityManager.getIdentity(picketBoxSubject);
                    picketBoxSubject.setCredential(null);
                    createSession(picketBoxSubject);
                }
            }
        }
        return picketBoxSubject;
    }

    protected boolean doPreAuthentication(PicketBoxSubject picketBoxSubject) {
        return true;
    }

    private void createSession(PicketBoxSubject picketBoxSubject) throws IllegalArgumentException {
        if (!picketBoxSubject.isAuthenticated()) {
            throw new IllegalArgumentException("Subject is not authenticated. Session can not be created.");
        }
        if (this.sessionManager == null) {
            return;
        }
        picketBoxSubject.setSession(this.sessionManager.create(picketBoxSubject));
    }

    @Override // org.picketbox.core.PicketBoxManager
    public boolean authorize(PicketBoxSubject picketBoxSubject, Resource resource) {
        try {
            checkIfStarted();
            if (this.authorizationManager == null || picketBoxSubject == null || !picketBoxSubject.isAuthenticated()) {
                return true;
            }
            return this.authorizationManager.authorize(resource, picketBoxSubject);
        } catch (Exception e) {
            throw PicketBoxMessages.MESSAGES.authorizationFailed(e);
        }
    }

    @Override // org.picketbox.core.AbstractPicketBoxLifeCycle
    protected void doStart() {
        if (this.configuration != null) {
            this.authenticationProvider = new PicketBoxAuthenticationProvider(this.configuration);
            if (!this.configuration.getAuthorization().getManagers().isEmpty()) {
                this.authorizationManager = this.configuration.getAuthorization().getManagers().get(0);
            }
            this.identityManager = this.configuration.getIdentityManager().getManagers().get(0);
            this.sessionManager = this.configuration.getSessionManager().getManager();
            if (this.sessionManager == null && this.configuration.getSessionManager().getStore() != null) {
                this.sessionManager = new DefaultSessionManager(this.configuration);
            }
            if (this.sessionManager != null) {
                this.sessionManager.start();
            }
            doConfigure();
        }
        if (this.authorizationManager != null) {
            PicketBoxLogger.LOGGER.debug("Using Authorization Manager : " + this.authorizationManager.getClass().getName());
        }
        if (this.identityManager != null) {
            PicketBoxLogger.LOGGER.debug("Using Identity Manager : " + this.identityManager.getClass().getName());
        }
        PicketBoxLogger.LOGGER.startingPicketBox();
        if (this.authorizationManager != null) {
            this.authorizationManager.start();
        }
    }

    protected void doConfigure() {
    }

    @Override // org.picketbox.core.AbstractPicketBoxLifeCycle
    protected void doStop() {
        if (this.authorizationManager != null) {
            this.authorizationManager.stop();
        }
        if (this.sessionManager != null) {
            this.sessionManager.stop();
        }
    }
}
