package org.picketlink.internal;

import java.io.Serializable;
import java.lang.annotation.Annotation;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import org.picketlink.Identity;
import org.picketlink.annotations.PicketLink;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.authentication.Authenticator;
import org.picketlink.authentication.LockedAccountException;
import org.picketlink.authentication.UnexpectedCredentialException;
import org.picketlink.authentication.UserAlreadyLoggedInException;
import org.picketlink.authentication.event.AlreadyLoggedInEvent;
import org.picketlink.authentication.event.LockedAccountEvent;
import org.picketlink.authentication.event.LoggedInEvent;
import org.picketlink.authentication.event.LoginFailedEvent;
import org.picketlink.authentication.event.PostAuthenticateEvent;
import org.picketlink.authentication.event.PostLoggedOutEvent;
import org.picketlink.authentication.event.PreAuthenticateEvent;
import org.picketlink.authentication.event.PreLoggedOutEvent;
import org.picketlink.authentication.internal.IdmAuthenticator;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.permission.spi.PermissionResolver;

/* loaded from: input_file:org/picketlink/internal/AbstractIdentity.class */
public abstract class AbstractIdentity implements Identity {
    private static final long serialVersionUID = 8655816330461907668L;

    @Inject
    private BeanManager beanManager;

    @Inject
    private DefaultLoginCredentials loginCredential;

    @Inject
    @PicketLink
    private Instance<Authenticator> authenticatorInstance;

    @Inject
    private Instance<IdmAuthenticator> idmAuthenticatorInstance;

    @Inject
    private transient PermissionResolver permissionResolver;
    private boolean authenticating;
    private Account account;

    public boolean isLoggedIn() {
        return this.account != null;
    }

    public Account getAccount() {
        return this.account;
    }

    public Identity.AuthenticationResult login() {
        try {
            if (isLoggedIn()) {
                throw new UserAlreadyLoggedInException("active agent: " + this.account.toString());
            }
            Account authenticate = authenticate();
            if (authenticate == null) {
                handleUnsuccesfulLoginAttempt(null);
                return Identity.AuthenticationResult.FAILED;
            }
            if (!authenticate.isEnabled()) {
                throw new LockedAccountException("Account [" + authenticate + "] is disabled.");
            }
            handleSuccessfulLoginAttempt(authenticate);
            return Identity.AuthenticationResult.SUCCESS;
        } catch (Throwable th) {
            handleUnsuccesfulLoginAttempt(th);
            if (AuthenticationException.class.isInstance(th)) {
                throw th;
            }
            throw new AuthenticationException("Login failed with a unexpected error.", th);
        }
    }

    protected void handleSuccessfulLoginAttempt(Account account) {
        this.account = account;
        this.beanManager.fireEvent(new LoggedInEvent(), new Annotation[0]);
    }

    protected void handleUnsuccesfulLoginAttempt(Throwable th) {
        if (th != null && !UnexpectedCredentialException.class.isInstance(th)) {
            if (UserAlreadyLoggedInException.class.isInstance(th)) {
                this.beanManager.fireEvent(new AlreadyLoggedInEvent(), new Annotation[0]);
            } else if (LockedAccountException.class.isInstance(th)) {
                this.beanManager.fireEvent(new LockedAccountEvent(), new Annotation[0]);
            }
        }
        this.beanManager.fireEvent(new LoginFailedEvent(th), new Annotation[0]);
    }

    protected Account authenticate() throws AuthenticationException {
        Account account = null;
        try {
            if (this.authenticating) {
                this.authenticating = false;
                throw new IllegalStateException("Authentication already in progress.");
            }
            try {
                this.authenticating = true;
                this.beanManager.fireEvent(new PreAuthenticateEvent(), new Annotation[0]);
                Authenticator authenticator = this.authenticatorInstance.isUnsatisfied() ? (Authenticator) this.idmAuthenticatorInstance.get() : (Authenticator) this.authenticatorInstance.get();
                if (authenticator == null) {
                    throw new AuthenticationException("No Authenticator has been configured.");
                }
                authenticator.authenticate();
                if (authenticator.getStatus() == null) {
                    throw new AuthenticationException("Authenticator must return a valid authentication status");
                }
                if (authenticator.getStatus() == Authenticator.AuthenticationStatus.SUCCESS) {
                    account = authenticator.getAccount();
                    postAuthenticate(authenticator);
                }
                return account;
            } catch (AuthenticationException e) {
                throw e;
            } catch (Throwable th) {
                throw new AuthenticationException("Authentication failed.", th);
            }
        } finally {
            this.authenticating = false;
        }
    }

    protected void postAuthenticate(Authenticator authenticator) {
        authenticator.postAuthenticate();
        if (authenticator.getStatus().equals(Authenticator.AuthenticationStatus.SUCCESS)) {
            this.beanManager.fireEvent(new PostAuthenticateEvent(), new Annotation[0]);
        }
    }

    public void logout() {
        logout(true);
    }

    protected void logout(boolean z) {
        if (isLoggedIn()) {
            this.beanManager.fireEvent(new PreLoggedOutEvent(this.account), new Annotation[0]);
            PostLoggedOutEvent postLoggedOutEvent = new PostLoggedOutEvent(this.account);
            unAuthenticate(z);
            this.beanManager.fireEvent(postLoggedOutEvent, new Annotation[0]);
        }
    }

    private void unAuthenticate(boolean z) {
        this.account = null;
        if (z) {
            this.loginCredential.invalidate();
        }
    }

    public boolean hasPermission(Object obj, String str) {
        return this.permissionResolver.resolvePermission(this.account, obj, str);
    }

    public boolean hasPermission(Class<?> cls, Serializable serializable, String str) {
        return this.permissionResolver.resolvePermission(this.account, cls, serializable, str);
    }
}
