package org.picketlink.internal;

import java.io.Serializable;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.picketlink.Identity;
import org.picketlink.annotations.PicketLink;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.authentication.Authenticator;
import org.picketlink.authentication.LockedAccountException;
import org.picketlink.authentication.UnexpectedCredentialException;
import org.picketlink.authentication.UserAlreadyLoggedInException;
import org.picketlink.authentication.event.AlreadyLoggedInEvent;
import org.picketlink.authentication.event.LockedAccountEvent;
import org.picketlink.authentication.event.LoggedInEvent;
import org.picketlink.authentication.event.LoginFailedEvent;
import org.picketlink.authentication.event.PostAuthenticateEvent;
import org.picketlink.authentication.event.PostLoggedOutEvent;
import org.picketlink.authentication.event.PreAuthenticateEvent;
import org.picketlink.authentication.event.PreLoggedOutEvent;
import org.picketlink.authentication.internal.IdmAuthenticator;
import org.picketlink.authentication.levels.DifferentUserLoggedInExcpetion;
import org.picketlink.authentication.levels.Level;
import org.picketlink.authentication.levels.SecurityLevelManager;
import org.picketlink.common.properties.Property;
import org.picketlink.common.properties.query.AnnotatedPropertyCriteria;
import org.picketlink.common.properties.query.PropertyQueries;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.annotation.StereotypeProperty;
import org.picketlink.idm.permission.spi.PermissionResolver;
import org.picketlink.log.BaseLog;

/* loaded from: input_file:org/picketlink/internal/AbstractIdentity.class */
public abstract class AbstractIdentity implements Identity {
    private static final long serialVersionUID = 8655816330461907668L;

    @Inject
    private CDIEventBridge eventBridge;

    @Inject
    private DefaultLoginCredentials loginCredential;

    @Inject
    @PicketLink
    private Instance<Authenticator> authenticatorInstance;

    @Inject
    private Instance<IdmAuthenticator> idmAuthenticatorInstance;

    @Inject
    private transient PermissionResolver permissionResolver;

    @Inject
    private transient SecurityLevelManager securityLevelManager;
    private boolean authenticating;
    private Account account;
    private Level securityLevel;

    @Override // org.picketlink.Identity
    public boolean isLoggedIn() {
        return this.account != null;
    }

    @Override // org.picketlink.Identity
    public Account getAccount() {
        return this.account;
    }

    @Override // org.picketlink.Identity
    public Level getLevel() {
        if (this.securityLevel == null) {
            this.securityLevel = this.securityLevelManager.resolveSecurityLevel();
        }
        return this.securityLevel;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.Identity
    public Identity.AuthenticationResult login() {
        Account authenticate;
        try {
            try {
                if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
                    BaseLog.AUTHENTICATION_LOGGER.debugf("Performing authentication using credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId());
                }
                if (!isLoggedIn()) {
                    authenticate = authenticate();
                } else {
                    if (this.securityLevelManager.resolveSecurityLevel().compareTo(this.securityLevel) <= 0) {
                        throw new UserAlreadyLoggedInException("active agent: " + this.account.toString());
                    }
                    authenticate = authenticate();
                    if (authenticate != null) {
                        Object value = getDefaultLoginNameProperty(authenticate.getClass()).getValue(authenticate);
                        Object value2 = getDefaultLoginNameProperty(this.account.getClass()).getValue(this.account);
                        if (value2 == null || !value2.equals(value)) {
                            throw new DifferentUserLoggedInExcpetion("active agent: " + this.account.toString() + " but agent: " + authenticate.toString() + " is trying to log in");
                        }
                    }
                }
                if (authenticate == null) {
                    handleUnsuccesfulLoginAttempt(null);
                    Identity.AuthenticationResult authenticationResult = Identity.AuthenticationResult.FAILED;
                    if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
                        BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication is finished using credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId());
                    }
                    return authenticationResult;
                }
                if (!authenticate.isEnabled()) {
                    throw new LockedAccountException("Account [" + authenticate + "] is disabled.");
                }
                handleSuccessfulLoginAttempt(authenticate);
                Identity.AuthenticationResult authenticationResult2 = Identity.AuthenticationResult.SUCCESS;
                if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
                    BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication is finished using credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId());
                }
                return authenticationResult2;
            } catch (Throwable th) {
                handleUnsuccesfulLoginAttempt(th);
                if (AuthenticationException.class.isInstance(th)) {
                    throw ((AuthenticationException) th);
                }
                throw new AuthenticationException("Login failed with a unexpected error.", th);
            }
        } catch (Throwable th2) {
            if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
                BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication is finished using credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId());
            }
            throw th2;
        }
    }

    protected void handleSuccessfulLoginAttempt(Account account) {
        BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication was successful for credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId());
        this.account = account;
        this.securityLevel = this.securityLevelManager.resolveSecurityLevel();
        this.eventBridge.fireEvent(new LoggedInEvent());
    }

    protected void handleUnsuccesfulLoginAttempt(Throwable th) {
        if (th != null && !UnexpectedCredentialException.class.isInstance(th)) {
            if (UserAlreadyLoggedInException.class.isInstance(th)) {
                this.eventBridge.fireEvent(new AlreadyLoggedInEvent());
            } else if (LockedAccountException.class.isInstance(th)) {
                this.eventBridge.fireEvent(new LockedAccountEvent());
            }
        }
        if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
            BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication failed for credentials [%s]. User id is [%s].", this.loginCredential.getCredential(), this.loginCredential.getUserId(), th);
        }
        this.eventBridge.fireEvent(new LoginFailedEvent(th));
    }

    protected Account authenticate() throws AuthenticationException {
        Account account = null;
        try {
            if (this.authenticating) {
                this.authenticating = false;
                throw new IllegalStateException("Authentication already in progress.");
            }
            try {
                this.authenticating = true;
                this.eventBridge.fireEvent(new PreAuthenticateEvent());
                Authenticator authenticator = getAuthenticator();
                if (BaseLog.AUTHENTICATION_LOGGER.isDebugEnabled()) {
                    BaseLog.AUTHENTICATION_LOGGER.debugf("Authentication is going to be performed by authenticator [%s]", authenticator);
                }
                authenticator.authenticate();
                if (authenticator.getStatus() == null) {
                    throw new AuthenticationException("Authenticator must return a valid authentication status");
                }
                if (authenticator.getStatus() == Authenticator.AuthenticationStatus.SUCCESS) {
                    account = authenticator.getAccount();
                    postAuthenticate(authenticator);
                }
                return account;
            } catch (AuthenticationException e) {
                throw e;
            } catch (Throwable th) {
                throw new AuthenticationException("Authentication failed.", th);
            }
        } finally {
            this.authenticating = false;
        }
    }

    private Authenticator getAuthenticator() throws AuthenticationException {
        Authenticator authenticator = this.authenticatorInstance.isUnsatisfied() ? (Authenticator) this.idmAuthenticatorInstance.get() : (Authenticator) this.authenticatorInstance.get();
        if (authenticator == null) {
            throw new AuthenticationException("No Authenticator has been configured.");
        }
        return authenticator;
    }

    protected void postAuthenticate(Authenticator authenticator) {
        authenticator.postAuthenticate();
        if (authenticator.getStatus().equals(Authenticator.AuthenticationStatus.SUCCESS)) {
            this.eventBridge.fireEvent(new PostAuthenticateEvent());
        }
    }

    @Override // org.picketlink.Identity
    public void logout() {
        logout(true);
    }

    protected void logout(boolean z) {
        if (isLoggedIn()) {
            this.eventBridge.fireEvent(new PreLoggedOutEvent(this.account));
            PostLoggedOutEvent postLoggedOutEvent = new PostLoggedOutEvent(this.account);
            unAuthenticate(z);
            this.eventBridge.fireEvent(postLoggedOutEvent);
        }
    }

    private void unAuthenticate(boolean z) {
        this.account = null;
        this.securityLevel = this.securityLevelManager.resolveSecurityLevel();
        if (z) {
            this.loginCredential.invalidate();
        }
    }

    @Override // org.picketlink.Identity
    public boolean hasPermission(Object obj, String str) {
        return isLoggedIn() && this.permissionResolver.resolvePermission(this.account, obj, str);
    }

    @Override // org.picketlink.Identity
    public boolean hasPermission(Class<?> cls, Serializable serializable, String str) {
        return isLoggedIn() && this.permissionResolver.resolvePermission(this.account, cls, serializable, str);
    }

    protected Property getDefaultLoginNameProperty(Class<? extends Account> cls) {
        for (Property property : PropertyQueries.createQuery(cls).addCriteria(new AnnotatedPropertyCriteria(StereotypeProperty.class)).getResultList()) {
            if (StereotypeProperty.Property.IDENTITY_USER_NAME.equals(((StereotypeProperty) property.getAnnotatedElement().getAnnotation(StereotypeProperty.class)).value())) {
                return property;
            }
        }
        throw IDMMessages.MESSAGES.credentialUnknownUserNameProperty(cls);
    }
}
