package io.inugami.core.security.commons.services;

import io.inugami.api.loggers.Loggers;
import io.inugami.core.security.commons.models.SecurityToken;
import io.inugami.core.security.commons.services.producers.TechnicalAccountInitializer;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.Default;
import javax.inject.Inject;
import javax.inject.Named;
import org.picketlink.annotations.PicketLink;
import org.picketlink.authentication.Authenticator;
import org.picketlink.authentication.BaseAuthenticator;
import org.picketlink.authentication.UnexpectedCredentialException;
import org.picketlink.credential.DefaultLoginCredentials;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;

@Default
@PicketLink
@Named
@RequestScoped
/* loaded from: input_file:WEB-INF/lib/inugami_core_security_commons-3.0.0.jar:io/inugami/core/security/commons/services/TokenAndLoginPasswordAuthenticator.class */
public class TokenAndLoginPasswordAuthenticator extends BaseAuthenticator {

    @Inject
    private SecurityTokenService securityTokenService;

    @Inject
    private DefaultLoginCredentials credentials;

    @Inject
    private List<LoginPasswordAuthentificator> authentificators;

    @Inject
    private List<TechnicalAccountInitializer> technicalAccountInitializer;

    @Override // org.picketlink.authentication.Authenticator
    public void authenticate() {
        if (this.credentials.getCredential() == null) {
            return;
        }
        if (isUsernamePasswordCredential()) {
            identifyWithLoginPassword();
        } else if (isTokenCredential()) {
            identifyByToken();
        } else {
            throwUnexpectedCredential(this.credentials.getCredential());
        }
        postProcessIdentify();
    }

    private void identifyByToken() {
        SecurityToken securityToken = this.credentials.getCredential() instanceof SecurityToken ? (SecurityToken) this.credentials.getCredential() : (SecurityToken) ((TokenCredential) this.credentials.getCredential()).getToken();
        Authenticator.AuthenticationStatus identify = this.securityTokenService.identify(securityToken.getToken());
        this.credentials.setStatus(Authenticator.AuthenticationStatus.SUCCESS == identify ? Credentials.Status.VALID : Credentials.Status.INVALID);
        if (Authenticator.AuthenticationStatus.SUCCESS != identify) {
            this.credentials.setStatus(Credentials.Status.UNVALIDATED);
        } else {
            this.credentials.setValidatedAccount(this.securityTokenService.getUser(securityToken.getToken()));
        }
    }

    private void identifyWithLoginPassword() {
        Credentials processIdentifyWithPassword = processIdentifyWithPassword(this.credentials.getUserId(), (Password) this.credentials.getCredential());
        this.credentials.setStatus(processIdentifyWithPassword == null ? Credentials.Status.INVALID : processIdentifyWithPassword.getStatus());
        if (processIdentifyWithPassword != null) {
            this.credentials.setValidatedAccount(processIdentifyWithPassword.getValidatedAccount());
        }
    }

    public Credentials processIdentifyWithPassword(String str, Password password) {
        Credentials credentials = null;
        Iterator<LoginPasswordAuthentificator> it = this.authentificators.iterator();
        while (it.hasNext()) {
            try {
                credentials = it.next().authentificate(str, password);
                if (credentials != null && Credentials.Status.VALID == credentials.getStatus()) {
                    break;
                }
            } catch (Exception e) {
                Loggers.SECURITY.debug(e.getMessage());
            }
        }
        return credentials;
    }

    private void postProcessIdentify() {
        this.credentials.setStatus(this.credentials.getStatus());
        if (Credentials.Status.VALID.equals(this.credentials.getStatus())) {
            setAccount(this.credentials.getValidatedAccount());
        }
    }

    @Override // org.picketlink.authentication.BaseAuthenticator, org.picketlink.authentication.Authenticator
    public Authenticator.AuthenticationStatus getStatus() {
        Authenticator.AuthenticationStatus authenticationStatus = Authenticator.AuthenticationStatus.FAILURE;
        if (Credentials.Status.VALID == this.credentials.getStatus()) {
            authenticationStatus = Authenticator.AuthenticationStatus.SUCCESS;
        }
        return authenticationStatus;
    }

    private boolean isUsernamePasswordCredential() {
        return Password.class.equals(this.credentials.getCredential().getClass()) && this.credentials.getUserId() != null;
    }

    private boolean isTokenCredential() {
        return (this.credentials.getCredential() instanceof Token) || (this.credentials.getCredential() instanceof TokenCredential);
    }

    private void throwUnexpectedCredential(Object obj) {
        throw new UnexpectedCredentialException("Unsupported credential type [" + obj.getClass() + "].");
    }
}
