package org.glassfish.soteria.cdi;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.context.Dependent;
import jakarta.enterprise.event.Observes;
import jakarta.enterprise.inject.spi.AfterBeanDiscovery;
import jakarta.enterprise.inject.spi.Annotated;
import jakarta.enterprise.inject.spi.Bean;
import jakarta.enterprise.inject.spi.BeanManager;
import jakarta.enterprise.inject.spi.BeforeBeanDiscovery;
import jakarta.enterprise.inject.spi.DefinitionException;
import jakarta.enterprise.inject.spi.Extension;
import jakarta.enterprise.inject.spi.ProcessBean;
import jakarta.interceptor.Interceptor;
import jakarta.security.enterprise.authentication.mechanism.http.AutoApplySession;
import jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import jakarta.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
import jakarta.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue;
import jakarta.security.enterprise.authentication.mechanism.http.OpenIdAuthenticationMechanismDefinition;
import jakarta.security.enterprise.authentication.mechanism.http.RememberMe;
import jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
import jakarta.security.enterprise.identitystore.IdentityStore;
import jakarta.security.enterprise.identitystore.IdentityStoreHandler;
import jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.soteria.SecurityContextImpl;
import org.glassfish.soteria.SoteriaServiceProviders;
import org.glassfish.soteria.cdi.spi.BeanDecorator;
import org.glassfish.soteria.cdi.spi.WebXmlLoginConfig;
import org.glassfish.soteria.identitystores.DatabaseIdentityStore;
import org.glassfish.soteria.identitystores.EmbeddedIdentityStore;
import org.glassfish.soteria.identitystores.LdapIdentityStore;
import org.glassfish.soteria.identitystores.annotation.EmbeddedIdentityStoreDefinition;
import org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl;
import org.glassfish.soteria.mechanisms.BasicAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.CustomFormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.FormAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.OpenIdAuthenticationMechanism;
import org.glassfish.soteria.mechanisms.openid.OpenIdIdentityStore;
import org.glassfish.soteria.mechanisms.openid.controller.AuthenticationController;
import org.glassfish.soteria.mechanisms.openid.controller.ConfigurationController;
import org.glassfish.soteria.mechanisms.openid.controller.JWTValidator;
import org.glassfish.soteria.mechanisms.openid.controller.NonceController;
import org.glassfish.soteria.mechanisms.openid.controller.ProviderMetadataController;
import org.glassfish.soteria.mechanisms.openid.controller.StateController;
import org.glassfish.soteria.mechanisms.openid.controller.TokenController;
import org.glassfish.soteria.mechanisms.openid.controller.UserInfoController;
import org.glassfish.soteria.mechanisms.openid.domain.OpenIdContextImpl;

/* loaded from: input_file:MICRO-INF/runtime/jakarta.security.enterprise.jar:org/glassfish/soteria/cdi/CdiExtension.class */
public class CdiExtension implements Extension {
    private static final Logger LOGGER = Logger.getLogger(CdiExtension.class.getName());
    private Bean<HttpAuthenticationMechanism> authenticationMechanismBean;
    private boolean httpAuthenticationMechanismFound;
    private List<Bean<IdentityStore>> identityStoreBeans = new ArrayList();
    private List<Bean<?>> extraBeans = new ArrayList();

    public void register(@Observes BeforeBeanDiscovery beforeBeanDiscovery, BeanManager beanManager) {
        CdiUtils.addAnnotatedTypes(beforeBeanDiscovery, beanManager, AutoApplySessionInterceptor.class, RememberMeInterceptor.class, LoginToContinueInterceptor.class, FormAuthenticationMechanism.class, CustomFormAuthenticationMechanism.class, SecurityContextImpl.class, IdentityStoreHandler.class, Pbkdf2PasswordHashImpl.class, AuthenticationController.class, ConfigurationController.class, NonceController.class, ProviderMetadataController.class, StateController.class, TokenController.class, UserInfoController.class, OpenIdContextImpl.class, OpenIdIdentityStore.class, OpenIdAuthenticationMechanism.class, JWTValidator.class);
    }

    public <T> void processBean(@Observes ProcessBean<T> processBean, BeanManager beanManager) {
        Class<?> beanClass = processBean.getBean().getBeanClass();
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), EmbeddedIdentityStoreDefinition.class).ifPresent(embeddedIdentityStoreDefinition -> {
            logActivatedIdentityStore(EmbeddedIdentityStore.class, beanClass);
            this.identityStoreBeans.add(new CdiProducer().scope(ApplicationScoped.class).types(Object.class, IdentityStore.class, EmbeddedIdentityStore.class).addToId(EmbeddedIdentityStoreDefinition.class).create(creationalContext -> {
                return new EmbeddedIdentityStore(embeddedIdentityStoreDefinition);
            }));
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), DatabaseIdentityStoreDefinition.class).ifPresent(databaseIdentityStoreDefinition -> {
            logActivatedIdentityStore(DatabaseIdentityStoreDefinition.class, beanClass);
            this.identityStoreBeans.add(new CdiProducer().scope(ApplicationScoped.class).types(Object.class, IdentityStore.class, DatabaseIdentityStore.class).addToId(DatabaseIdentityStoreDefinition.class).create(creationalContext -> {
                return new DatabaseIdentityStore(DatabaseIdentityStoreDefinitionAnnotationLiteral.eval(databaseIdentityStoreDefinition));
            }));
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), LdapIdentityStoreDefinition.class).ifPresent(ldapIdentityStoreDefinition -> {
            logActivatedIdentityStore(LdapIdentityStoreDefinition.class, beanClass);
            this.identityStoreBeans.add(new CdiProducer().scope(ApplicationScoped.class).types(Object.class, IdentityStore.class, LdapIdentityStore.class).addToId(LdapIdentityStoreDefinition.class).create(creationalContext -> {
                return new LdapIdentityStore(LdapIdentityStoreDefinitionAnnotationLiteral.eval(ldapIdentityStoreDefinition));
            }));
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), BasicAuthenticationMechanismDefinition.class).ifPresent(basicAuthenticationMechanismDefinition -> {
            logActivatedAuthenticationMechanism(BasicAuthenticationMechanismDefinition.class, beanClass);
            this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(Object.class, HttpAuthenticationMechanism.class, BasicAuthenticationMechanism.class).addToId(BasicAuthenticationMechanismDefinition.class).create(creationalContext -> {
                return new BasicAuthenticationMechanism(BasicAuthenticationMechanismDefinitionAnnotationLiteral.eval(basicAuthenticationMechanismDefinition));
            });
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), FormAuthenticationMechanismDefinition.class).ifPresent(formAuthenticationMechanismDefinition -> {
            logActivatedAuthenticationMechanism(FormAuthenticationMechanismDefinition.class, beanClass);
            this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(Object.class, HttpAuthenticationMechanism.class).addToId(FormAuthenticationMechanismDefinition.class).create(creationalContext -> {
                FormAuthenticationMechanism formAuthenticationMechanism = (FormAuthenticationMechanism) CdiUtils.getBeanReference(FormAuthenticationMechanism.class, new Annotation[0]);
                formAuthenticationMechanism.setLoginToContinue(LoginToContinueAnnotationLiteral.eval(formAuthenticationMechanismDefinition.loginToContinue()));
                return formAuthenticationMechanism;
            });
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), CustomFormAuthenticationMechanismDefinition.class).ifPresent(customFormAuthenticationMechanismDefinition -> {
            logActivatedAuthenticationMechanism(CustomFormAuthenticationMechanismDefinition.class, beanClass);
            this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(Object.class, HttpAuthenticationMechanism.class).addToId(CustomFormAuthenticationMechanismDefinition.class).create(creationalContext -> {
                CustomFormAuthenticationMechanism customFormAuthenticationMechanism = (CustomFormAuthenticationMechanism) CdiUtils.getBeanReference(CustomFormAuthenticationMechanism.class, new Annotation[0]);
                customFormAuthenticationMechanism.setLoginToContinue(LoginToContinueAnnotationLiteral.eval(customFormAuthenticationMechanismDefinition.loginToContinue()));
                return customFormAuthenticationMechanism;
            });
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), OpenIdAuthenticationMechanismDefinition.class).ifPresent(openIdAuthenticationMechanismDefinition -> {
            logActivatedAuthenticationMechanism(OpenIdAuthenticationMechanismDefinition.class, beanClass);
            validateOpenIdParametersFormat(openIdAuthenticationMechanismDefinition);
            this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(HttpAuthenticationMechanism.class).addToId(OpenIdAuthenticationMechanism.class).create(creationalContext -> {
                return (HttpAuthenticationMechanism) CdiUtils.getBeanReference(OpenIdAuthenticationMechanism.class, new Annotation[0]);
            });
            this.identityStoreBeans.add(new CdiProducer().scope(ApplicationScoped.class).types(IdentityStore.class).addToId(OpenIdIdentityStore.class).create(creationalContext2 -> {
                return (IdentityStore) CdiUtils.getBeanReference(OpenIdIdentityStore.class, new Annotation[0]);
            }));
            this.extraBeans.add(new CdiProducer().scope(ApplicationScoped.class).types(OpenIdAuthenticationMechanismDefinition.class).addToId("OpenId Definition").create(creationalContext3 -> {
                return openIdAuthenticationMechanismDefinition;
            }));
        });
        if (processBean.getBean().getTypes().contains(HttpAuthenticationMechanism.class)) {
            this.httpAuthenticationMechanismFound = true;
        }
        checkForWrongUseOfInterceptors(processBean.getAnnotated(), beanClass);
    }

    public void afterBean(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        BeanDecorator beanDecorator = (BeanDecorator) SoteriaServiceProviders.getServiceProvider(BeanDecorator.class);
        WebXmlLoginConfig webXmlLoginConfig = (WebXmlLoginConfig) SoteriaServiceProviders.getServiceProvider(WebXmlLoginConfig.class);
        if (!this.identityStoreBeans.isEmpty()) {
            Iterator<Bean<IdentityStore>> it = this.identityStoreBeans.iterator();
            while (it.hasNext()) {
                afterBeanDiscovery.addBean(beanDecorator.decorateBean(it.next(), IdentityStore.class, beanManager));
            }
        }
        if (this.authenticationMechanismBean == null && webXmlLoginConfig.getAuthMethod() != null) {
            if ("basic".equalsIgnoreCase(webXmlLoginConfig.getAuthMethod())) {
                this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(Object.class, HttpAuthenticationMechanism.class, BasicAuthenticationMechanism.class).addToId(BasicAuthenticationMechanismDefinition.class).create(creationalContext -> {
                    return new BasicAuthenticationMechanism(new BasicAuthenticationMechanismDefinitionAnnotationLiteral(webXmlLoginConfig.getRealmName()));
                });
                this.httpAuthenticationMechanismFound = true;
            } else if ("form".equalsIgnoreCase(webXmlLoginConfig.getAuthMethod())) {
                this.authenticationMechanismBean = new CdiProducer().scope(ApplicationScoped.class).types(Object.class, HttpAuthenticationMechanism.class).addToId(FormAuthenticationMechanismDefinition.class).create(creationalContext2 -> {
                    FormAuthenticationMechanism formAuthenticationMechanism = (FormAuthenticationMechanism) CdiUtils.getBeanReference(FormAuthenticationMechanism.class, new Annotation[0]);
                    formAuthenticationMechanism.setLoginToContinue(new LoginToContinueAnnotationLiteral(webXmlLoginConfig.getFormLoginPage(), true, null, webXmlLoginConfig.getFormErrorPage()));
                    return formAuthenticationMechanism;
                });
                this.httpAuthenticationMechanismFound = true;
            }
        }
        if (this.authenticationMechanismBean != null) {
            afterBeanDiscovery.addBean(beanDecorator.decorateBean(this.authenticationMechanismBean, HttpAuthenticationMechanism.class, beanManager));
        }
        Iterator<Bean<?>> it2 = this.extraBeans.iterator();
        while (it2.hasNext()) {
            afterBeanDiscovery.addBean(it2.next());
        }
        if (this.extraBeans.isEmpty()) {
            afterBeanDiscovery.addBean().scope(Dependent.class).types(OpenIdAuthenticationMechanismDefinition.class).id("Null OpenId Definition").createWith(creationalContext3 -> {
                return null;
            });
        }
        afterBeanDiscovery.addBean(beanDecorator.decorateBean(new CdiProducer().scope(ApplicationScoped.class).types(Object.class, IdentityStoreHandler.class).addToId(IdentityStoreHandler.class).create(creationalContext4 -> {
            DefaultIdentityStoreHandler defaultIdentityStoreHandler = new DefaultIdentityStoreHandler();
            defaultIdentityStoreHandler.init();
            return defaultIdentityStoreHandler;
        }), IdentityStoreHandler.class, beanManager));
    }

    public boolean isHttpAuthenticationMechanismFound() {
        return this.httpAuthenticationMechanismFound;
    }

    private void logActivatedIdentityStore(Class<?> cls, Class<?> cls2) {
        LOGGER.log(Level.INFO, "Activating {0} identity store from {1} class", new Object[]{cls.getName(), cls2.getName()});
    }

    private void logActivatedAuthenticationMechanism(Class<?> cls, Class<?> cls2) {
        LOGGER.log(Level.INFO, "Activating {0} authentication mechanism from {1} class", new Object[]{cls.getName(), cls2.getName()});
    }

    private void checkForWrongUseOfInterceptors(Annotated annotated, Class<?> cls) {
        for (Class<? extends Annotation> cls2 : Arrays.asList(AutoApplySession.class, LoginToContinue.class, RememberMe.class)) {
            if (annotated.isAnnotationPresent(cls2) && !annotated.isAnnotationPresent(Interceptor.class) && !HttpAuthenticationMechanism.class.isAssignableFrom(cls)) {
                LOGGER.log(Level.WARNING, "Only classes implementing {0} may be annotated with {1}. {2} is annotated, but the interceptor won't take effect on it.", new Object[]{HttpAuthenticationMechanism.class.getName(), cls2.getName(), cls.getName()});
            }
        }
    }

    private void validateOpenIdParametersFormat(OpenIdAuthenticationMechanismDefinition openIdAuthenticationMechanismDefinition) {
        for (String str : openIdAuthenticationMechanismDefinition.extraParameters()) {
            if (str.split("=").length != 2) {
                throw new DefinitionException(OpenIdAuthenticationMechanismDefinition.class.getSimpleName() + ".extraParameters() value '" + str + "' is not of the format key=value");
            }
        }
    }
}
