package org.picketbox.core;

import java.security.Principal;
import org.picketbox.core.audit.AbstractAuditProvider;
import org.picketbox.core.audit.AuditProvider;
import org.picketbox.core.audit.event.AuditEventHandler;
import org.picketbox.core.authentication.AuthenticationMechanism;
import org.picketbox.core.authentication.AuthenticationProvider;
import org.picketbox.core.authentication.AuthenticationResult;
import org.picketbox.core.authentication.credential.TrustedUsernameCredential;
import org.picketbox.core.authentication.event.UserAuthenticatedEvent;
import org.picketbox.core.authentication.event.UserAuthenticationFailedEvent;
import org.picketbox.core.authentication.event.UserNotAuthenticatedEvent;
import org.picketbox.core.authentication.event.UserPreAuthenticationEvent;
import org.picketbox.core.authentication.impl.PicketBoxAuthenticationProvider;
import org.picketbox.core.authorization.AuthorizationManager;
import org.picketbox.core.authorization.Resource;
import org.picketbox.core.authorization.ent.EntitlementsManager;
import org.picketbox.core.config.PicketBoxConfiguration;
import org.picketbox.core.event.PicketBoxEventManager;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.exceptions.ConfigurationException;
import org.picketbox.core.identity.PicketBoxIdentityManager;
import org.picketbox.core.identity.UserContextPopulator;
import org.picketbox.core.identity.impl.DefaultUserContextPopulator;
import org.picketbox.core.logout.event.UserLoggedOutEvent;
import org.picketbox.core.session.DefaultSessionManager;
import org.picketbox.core.session.PicketBoxSession;
import org.picketbox.core.session.SessionManager;
import org.picketlink.idm.IdentityManager;

/* loaded from: input_file:org/picketbox/core/AbstractPicketBoxManager.class */
public abstract class AbstractPicketBoxManager extends AbstractPicketBoxLifeCycle implements PicketBoxManager {
    private AuthenticationProvider authenticationProvider;
    private AuthorizationManager authorizationManager;
    private SessionManager sessionManager;
    private UserContextPopulator userContextPopulator;
    private IdentityManager identityManager;
    private PicketBoxConfiguration configuration;
    private PicketBoxEventManager eventManager;
    private AuditProvider auditProvider;
    private EntitlementsManager entitlementsManager;

    public AbstractPicketBoxManager(PicketBoxConfiguration picketBoxConfiguration) {
        this.configuration = picketBoxConfiguration;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public UserContext authenticate(UserContext userContext) throws AuthenticationException {
        checkIfStarted();
        try {
            PicketBoxLogger.LOGGER.tracef("authenticating user [%s]", userContext);
            PicketBoxSession restoreSession = restoreSession(userContext);
            if (restoreSession != null) {
                Principal principal = restoreSession.getUserContext().getPrincipal(false);
                if (principal == null) {
                    throw new AuthenticationException("Principal not retrieved");
                }
                PicketBoxLogger.LOGGER.tracef("performing silent authentication and re-authenticating principal %s", principal.getName());
                userContext = new UserContext(new TrustedUsernameCredential(principal.getName()));
            }
            performAuthentication(userContext);
            if (userContext.isAuthenticated()) {
                performSuccessfulAuthentication(userContext, restoreSession);
                PicketBoxLogger.LOGGER.tracef("authenticated user is: [%s]", userContext);
            } else {
                PicketBoxLogger.LOGGER.tracef("user not authenticated: [%s]", userContext);
                performUnsuccessfulAuthentication(userContext);
            }
            return userContext;
        } catch (Exception e) {
            getEventManager().raiseEvent(new UserAuthenticationFailedEvent(userContext, e));
            throw PicketBoxMessages.MESSAGES.authenticationFailed(e);
        }
    }

    private PicketBoxSession restoreSession(UserContext userContext) {
        PicketBoxSession picketBoxSession = null;
        if (this.sessionManager != null) {
            PicketBoxLogger.LOGGER.trace("trying to restore previous created session.");
            picketBoxSession = this.sessionManager.restoreSession(userContext);
            if (picketBoxSession != null) {
                PicketBoxLogger.LOGGER.tracef("found session [%s]", picketBoxSession);
            } else {
                PicketBoxLogger.LOGGER.trace("session not associated with user.");
            }
        }
        return picketBoxSession;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public void logout(UserContext userContext) throws IllegalStateException {
        checkIfStarted();
        if (!userContext.isAuthenticated()) {
            throw PicketBoxMessages.MESSAGES.invalidUserSession();
        }
        PicketBoxLogger.LOGGER.tracef("logging out and invalidating user [%s]", userContext);
        userContext.invalidate();
        getEventManager().raiseEvent(new UserLoggedOutEvent(userContext));
    }

    @Override // org.picketbox.core.PicketBoxManager
    public boolean authorize(UserContext userContext, Resource resource) {
        checkIfStarted();
        if (!userContext.isAuthenticated()) {
            throw PicketBoxMessages.MESSAGES.userNotAuthenticated();
        }
        try {
            if (this.authorizationManager == null) {
                return true;
            }
            PicketBoxLogger.LOGGER.tracef("Authorizing user to resource. Resource [$s] and User [%s]", resource, userContext);
            return this.authorizationManager.authorize(resource, userContext);
        } catch (Exception e) {
            throw PicketBoxMessages.MESSAGES.authorizationFailed(e);
        }
    }

    protected boolean doPreAuthentication(UserContext userContext) {
        return true;
    }

    private void performAuthentication(UserContext userContext) throws AuthenticationException {
        UserCredential credential = userContext.getCredential();
        if (credential == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullCredential();
        }
        AuthenticationResult authenticationResult = null;
        if (doPreAuthentication(userContext)) {
            PicketBoxLogger.LOGGER.tracef("performing authentication for credential [%s]", credential);
            getEventManager().raiseEvent(new UserPreAuthenticationEvent(userContext));
            boolean z = false;
            for (String str : this.authenticationProvider.getSupportedMechanisms()) {
                AuthenticationMechanism mechanism = this.authenticationProvider.getMechanism(str);
                if (mechanism.supports(credential)) {
                    PicketBoxLogger.LOGGER.tracef("using authentication mechanism [%s]", mechanism);
                    try {
                        authenticationResult = mechanism.authenticate(credential);
                        z = true;
                        if (authenticationResult == null) {
                            PicketBoxLogger.LOGGER.warnf("mechanism [%s] returned a null AuthenticationResult. Unexpected behavior may occur.", mechanism);
                        }
                    } catch (AuthenticationException e) {
                        throw PicketBoxMessages.MESSAGES.authenticationFailed(e);
                    }
                }
            }
            if (!z) {
                throw PicketBoxMessages.MESSAGES.unsupportedCredentialType(credential);
            }
        } else {
            PicketBoxLogger.LOGGER.tracef("doPreAuthentication method returned false. authentication will not me performed for user [%s]", userContext);
        }
        if (authenticationResult == null) {
            authenticationResult = new AuthenticationResult();
        }
        userContext.setAuthenticationResult(authenticationResult);
    }

    protected UserContext performSuccessfulAuthentication(UserContext userContext, PicketBoxSession picketBoxSession) {
        PicketBoxLogger.LOGGER.trace("user is authenticated. configuring security context.");
        if (picketBoxSession == null) {
            picketBoxSession = createSession(userContext);
        }
        userContext.setSession(picketBoxSession);
        userContext.setCredential(null);
        PicketBoxLogger.LOGGER.tracef("populating user context with populator [%s]", this.userContextPopulator);
        UserContext identity = this.userContextPopulator.getIdentity(userContext);
        getEventManager().raiseEvent(new UserAuthenticatedEvent(userContext));
        return identity;
    }

    protected void performUnsuccessfulAuthentication(UserContext userContext) {
        getEventManager().raiseEvent(new UserNotAuthenticatedEvent(userContext));
    }

    private PicketBoxSession createSession(UserContext userContext) throws IllegalArgumentException {
        if (!userContext.isAuthenticated()) {
            throw PicketBoxMessages.MESSAGES.userNotAuthenticated();
        }
        if (this.sessionManager == null) {
            PicketBoxLogger.LOGGER.tracef("no session created. sessions are NOT enabled.", new Object[0]);
            return null;
        }
        PicketBoxSession create = this.sessionManager.create(userContext);
        PicketBoxLogger.LOGGER.tracef("created session [%s]", create);
        return create;
    }

    @Override // org.picketbox.core.AbstractPicketBoxLifeCycle
    protected void doStart() {
        if (this.configuration == null) {
            throw new ConfigurationException("No configuration provided. Manager could not be started.");
        }
        this.eventManager = this.configuration.getEventManager().getEventManager();
        this.authenticationProvider = new PicketBoxAuthenticationProvider(this);
        if (!this.configuration.getAuthorization().getManagers().isEmpty()) {
            this.authorizationManager = this.configuration.getAuthorization().getManagers().get(0);
        }
        this.identityManager = new PicketBoxIdentityManager(this);
        this.userContextPopulator = this.configuration.getIdentityManager().getUserPopulator();
        if (this.userContextPopulator == null) {
            this.userContextPopulator = new DefaultUserContextPopulator(this.identityManager);
        }
        this.sessionManager = this.configuration.getSessionManager().getManager();
        if (this.sessionManager == null && this.configuration.getSessionManager().getStore() != null) {
            this.sessionManager = new DefaultSessionManager(this);
        }
        if (this.sessionManager != null) {
            this.sessionManager.start();
        }
        if (this.configuration.getAuditConfig() != null && this.configuration.getAuditConfig().getProvider() != null) {
            this.auditProvider = this.configuration.getAuditConfig().getProvider();
            if (this.auditProvider instanceof AbstractAuditProvider) {
                ((AbstractAuditProvider) this.auditProvider).setPicketBoxManager(this);
            }
            this.eventManager.addHandler(new AuditEventHandler(this.auditProvider));
        }
        doConfigure();
        logConfiguration();
        PicketBoxLogger.LOGGER.startingPicketBox();
        if (this.authorizationManager != null) {
            this.authorizationManager.start();
        }
        this.eventManager.raiseEvent(new InitializedEvent(this));
    }

    protected void doConfigure() {
    }

    @Override // org.picketbox.core.AbstractPicketBoxLifeCycle
    protected void doStop() {
        if (this.authorizationManager != null) {
            this.authorizationManager.stop();
        }
        if (this.sessionManager != null) {
            this.sessionManager.stop();
        }
    }

    @Override // org.picketbox.core.PicketBoxManager
    public PicketBoxEventManager getEventManager() {
        return this.eventManager;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public IdentityManager getIdentityManager() {
        return this.identityManager;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public PicketBoxConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public SessionManager getSessionManager() {
        return this.sessionManager;
    }

    @Override // org.picketbox.core.PicketBoxManager
    public AuditProvider getAuditProvider() {
        return this.auditProvider;
    }

    protected void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    private void logConfiguration() {
        PicketBoxLogger.LOGGER.debugInstanceUsage("Event Manager", this.eventManager);
        PicketBoxLogger.LOGGER.debugInstanceUsage("Authentication Provider", this.authenticationProvider);
        if (PicketBoxLogger.LOGGER.isDebugEnabled()) {
            for (String str : this.authenticationProvider.getSupportedMechanisms()) {
                PicketBoxLogger.LOGGER.trace(" Authentication Mechanism: " + str);
            }
        }
        PicketBoxLogger.LOGGER.debugInstanceUsage("Authorization Manager", this.authorizationManager);
        PicketBoxLogger.LOGGER.debugInstanceUsage("Identity Manager", this.identityManager);
        PicketBoxLogger.LOGGER.debugInstanceUsage(" Identity Store", this.configuration.getIdentityManager().getIdentityManagerConfiguration());
        PicketBoxLogger.LOGGER.debugInstanceUsage("User Context Populator", this.userContextPopulator);
        if (this.sessionManager != null) {
            PicketBoxLogger.LOGGER.debugInstanceUsage("Session Manager", this.sessionManager);
            PicketBoxLogger.LOGGER.debugInstanceUsage(" Session Store", this.configuration.getSessionManager().getStore());
        } else {
            PicketBoxLogger.LOGGER.trace("Session Management is DISABLED.");
        }
        if (this.auditProvider != null) {
            PicketBoxLogger.LOGGER.debugInstanceUsage("Audit Provider", this.auditProvider);
        } else {
            PicketBoxLogger.LOGGER.trace("Auditing is DISABLED.");
        }
    }
}
