package org.pac4j.core.engine;

import java.util.Collections;
import java.util.List;
import java.util.Optional;
import org.pac4j.core.authorization.checker.AuthorizationChecker;
import org.pac4j.core.authorization.checker.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.finder.ClientFinder;
import org.pac4j.core.client.finder.DefaultSecurityClientFinder;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler;
import org.pac4j.core.engine.savedrequest.SavedRequestHandler;
import org.pac4j.core.exception.http.ForbiddenAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.http.ajax.AjaxRequestResolver;
import org.pac4j.core.matching.checker.DefaultMatchingChecker;
import org.pac4j.core.matching.checker.MatchingChecker;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.HttpActionHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-5.4.6.jar:org/pac4j/core/engine/DefaultSecurityLogic.class */
public class DefaultSecurityLogic extends AbstractExceptionAwareLogic implements SecurityLogic {
    public static final DefaultSecurityLogic INSTANCE = new DefaultSecurityLogic();
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultSecurityLogic.class);
    private ClientFinder clientFinder = new DefaultSecurityClientFinder();
    private AuthorizationChecker authorizationChecker = new DefaultAuthorizationChecker();
    private MatchingChecker matchingChecker = new DefaultMatchingChecker();
    private SavedRequestHandler savedRequestHandler = new DefaultSavedRequestHandler();
    private boolean loadProfilesFromSession = true;

    @Override // org.pac4j.core.engine.SecurityLogic
    public Object perform(WebContext webContext, SessionStore sessionStore, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, String str, String str2, String str3, Object... objArr) {
        HttpAction unauthorized;
        LOGGER.debug("=== SECURITY ===");
        try {
            CommonHelper.assertNotNull("context", webContext);
            CommonHelper.assertNotNull("config", config);
            CommonHelper.assertNotNull("httpActionAdapter", httpActionAdapter);
            CommonHelper.assertNotNull("clientFinder", this.clientFinder);
            CommonHelper.assertNotNull("authorizationChecker", this.authorizationChecker);
            CommonHelper.assertNotNull("matchingChecker", this.matchingChecker);
            Clients clients = config.getClients();
            CommonHelper.assertNotNull("configClients", clients);
            LOGGER.debug("url: {}", webContext.getFullRequestURL());
            LOGGER.debug("clients: {} | matchers: {}", str, str3);
            List<Client> find = this.clientFinder.find(clients, webContext, str);
            LOGGER.debug("currentClients: {}", find);
            if (!this.matchingChecker.matches(webContext, sessionStore, str3, config.getMatchers(), find)) {
                LOGGER.debug("no matching for this request -> grant access");
                return securityGrantedAccessAdapter.adapt(webContext, sessionStore, Collections.emptyList(), objArr);
            }
            ProfileManager profileManager = getProfileManager(webContext, sessionStore);
            profileManager.setConfig(config);
            List<UserProfile> loadProfiles = this.loadProfilesFromSession ? loadProfiles(profileManager, webContext, sessionStore, find) : List.of();
            LOGGER.debug("Loaded profiles (from session: {}): {} ", Boolean.valueOf(this.loadProfilesFromSession), loadProfiles);
            if (CommonHelper.isEmpty(loadProfiles) && CommonHelper.isNotEmpty(find)) {
                boolean z = false;
                for (Client client : find) {
                    if (client instanceof DirectClient) {
                        LOGGER.debug("Performing authentication for direct client: {}", client);
                        Optional<Credentials> credentials = client.getCredentials(webContext, sessionStore);
                        LOGGER.debug("credentials: {}", credentials);
                        if (credentials.isPresent()) {
                            Optional<UserProfile> userProfile = client.getUserProfile(credentials.get(), webContext, sessionStore);
                            LOGGER.debug("profile: {}", userProfile);
                            if (userProfile.isPresent()) {
                                UserProfile userProfile2 = userProfile.get();
                                DirectClient directClient = (DirectClient) client;
                                boolean booleanValue = directClient.getSaveProfileInSession(webContext, userProfile2).booleanValue();
                                boolean isMultiProfile = directClient.isMultiProfile(webContext, userProfile2);
                                LOGGER.debug("saveProfileInSession: {} / multiProfile: {}", Boolean.valueOf(booleanValue), Boolean.valueOf(isMultiProfile));
                                profileManager.save(booleanValue, userProfile2, isMultiProfile);
                                z = true;
                                if (!isMultiProfile) {
                                    break;
                                }
                            } else {
                                continue;
                            }
                        } else {
                            continue;
                        }
                    }
                }
                if (z) {
                    loadProfiles = loadProfiles(profileManager, webContext, sessionStore, find);
                    LOGGER.debug("Reloaded profiles: {}", loadProfiles);
                }
            }
            if (CommonHelper.isNotEmpty(loadProfiles)) {
                LOGGER.debug("authorizers: {}", str2);
                if (this.authorizationChecker.isAuthorized(webContext, sessionStore, loadProfiles, str2, config.getAuthorizers(), find)) {
                    LOGGER.debug("authenticated and authorized -> grant access");
                    return securityGrantedAccessAdapter.adapt(webContext, sessionStore, loadProfiles, objArr);
                }
                LOGGER.debug("forbidden");
                unauthorized = forbidden(webContext, sessionStore, find, loadProfiles, str2);
            } else if (startAuthentication(webContext, sessionStore, find)) {
                LOGGER.debug("Starting authentication");
                saveRequestedUrl(webContext, sessionStore, find, config.getClients().getAjaxRequestResolver());
                unauthorized = redirectToIdentityProvider(webContext, sessionStore, find);
            } else {
                LOGGER.debug("unauthorized");
                unauthorized = unauthorized(webContext, sessionStore, find);
            }
            return httpActionAdapter.adapt(unauthorized, webContext);
        } catch (Exception e) {
            return handleException(e, httpActionAdapter, webContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<UserProfile> loadProfiles(ProfileManager profileManager, WebContext webContext, SessionStore sessionStore, List<Client> list) {
        return profileManager.getProfiles();
    }

    protected HttpAction forbidden(WebContext webContext, SessionStore sessionStore, List<Client> list, List<UserProfile> list2, String str) {
        return ForbiddenAction.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean startAuthentication(WebContext webContext, SessionStore sessionStore, List<Client> list) {
        return CommonHelper.isNotEmpty(list) && (list.get(0) instanceof IndirectClient);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveRequestedUrl(WebContext webContext, SessionStore sessionStore, List<Client> list, AjaxRequestResolver ajaxRequestResolver) {
        if (ajaxRequestResolver == null || !ajaxRequestResolver.isAjax(webContext, sessionStore)) {
            this.savedRequestHandler.save(webContext, sessionStore);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpAction redirectToIdentityProvider(WebContext webContext, SessionStore sessionStore, List<Client> list) {
        return ((IndirectClient) list.get(0)).getRedirectionAction(webContext, sessionStore).get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpAction unauthorized(WebContext webContext, SessionStore sessionStore, List<Client> list) {
        return HttpActionHelper.buildUnauthenticatedAction(webContext);
    }

    public ClientFinder getClientFinder() {
        return this.clientFinder;
    }

    public void setClientFinder(ClientFinder clientFinder) {
        this.clientFinder = clientFinder;
    }

    public AuthorizationChecker getAuthorizationChecker() {
        return this.authorizationChecker;
    }

    public void setAuthorizationChecker(AuthorizationChecker authorizationChecker) {
        this.authorizationChecker = authorizationChecker;
    }

    public MatchingChecker getMatchingChecker() {
        return this.matchingChecker;
    }

    public void setMatchingChecker(MatchingChecker matchingChecker) {
        this.matchingChecker = matchingChecker;
    }

    public SavedRequestHandler getSavedRequestHandler() {
        return this.savedRequestHandler;
    }

    public void setSavedRequestHandler(SavedRequestHandler savedRequestHandler) {
        this.savedRequestHandler = savedRequestHandler;
    }

    public void setLoadProfilesFromSession(boolean z) {
        this.loadProfilesFromSession = z;
    }

    public boolean isLoadProfilesFromSession() {
        return this.loadProfilesFromSession;
    }

    public String toString() {
        return CommonHelper.toNiceString(getClass(), "clientFinder", this.clientFinder, "authorizationChecker", this.authorizationChecker, "matchingChecker", this.matchingChecker, "errorUrl", getErrorUrl(), "savedRequestHandler", this.savedRequestHandler);
    }
}
