package org.linuxprobe.shiro.pac4j.engine;

import io.buji.pac4j.engine.ShiroSecurityLogic;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.linuxprobe.luava.servlet.HttpServletUtils;
import org.linuxprobe.shiro.config.ShiroPac4jConfig;
import org.linuxprobe.shiro.session.SessionTokenStore;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.engine.SecurityGrantedAccessAdapter;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.CommonHelper;

/* loaded from: input_file:org/linuxprobe/shiro/pac4j/engine/DefaultPac4jSecurityLogic.class */
public class DefaultPac4jSecurityLogic<R> extends ShiroSecurityLogic<R, J2EContext> implements AjaxPac4jSecurityLogic<R> {
    private SessionTokenStore sessionTokenStore;
    private ShiroPac4jConfig shiroPac4jConfig;

    public DefaultPac4jSecurityLogic(SessionTokenStore sessionTokenStore, ShiroPac4jConfig shiroPac4jConfig) {
        this.sessionTokenStore = sessionTokenStore;
        CommonHelper.assertNotNull("shiroPac4jConfig", shiroPac4jConfig);
        this.shiroPac4jConfig = shiroPac4jConfig;
    }

    protected HttpAction unauthorized(J2EContext j2EContext, List<Client> list) {
        return HttpServletUtils.isAjax(j2EContext.getRequest()) ? onAjaxUnauthorized(j2EContext) : super.unauthorized(j2EContext, list);
    }

    private void addTokenMapSession(Credentials credentials) {
        if ((credentials instanceof TokenCredentials) && this.shiroPac4jConfig.getEnableSession().booleanValue() && this.sessionTokenStore != null) {
            String token = ((TokenCredentials) credentials).getToken();
            Session session = SecurityUtils.getSubject().getSession();
            this.sessionTokenStore.addMap(token, session.getId().toString(), session.getTimeout(), TimeUnit.MILLISECONDS);
        }
    }

    public R perform(J2EContext j2EContext, Config config, SecurityGrantedAccessAdapter<R, J2EContext> securityGrantedAccessAdapter, HttpActionAdapter<R, J2EContext> httpActionAdapter, String str, String str2, String str3, Boolean bool, Object... objArr) {
        boolean booleanValue;
        HttpAction unauthorized;
        this.logger.debug("=== SECURITY ===");
        if (bool == null) {
            booleanValue = false;
        } else {
            try {
                booleanValue = bool.booleanValue();
            } catch (Exception e) {
                return (R) handleException(e, httpActionAdapter, j2EContext);
            }
        }
        CommonHelper.assertNotNull("context", j2EContext);
        CommonHelper.assertNotNull("config", config);
        CommonHelper.assertNotNull("httpActionAdapter", httpActionAdapter);
        CommonHelper.assertNotNull("clientFinder", getClientFinder());
        CommonHelper.assertNotNull("authorizationChecker", getAuthorizationChecker());
        CommonHelper.assertNotNull("matchingChecker", getMatchingChecker());
        CommonHelper.assertNotNull("profileStorageDecision", getProfileStorageDecision());
        Clients clients = config.getClients();
        CommonHelper.assertNotNull("configClients", clients);
        this.logger.debug("url: {}", j2EContext.getFullRequestURL());
        this.logger.debug("matchers: {}", str3);
        if (!getMatchingChecker().matches(j2EContext, str3, config.getMatchers())) {
            this.logger.debug("no matching for this request -> grant access");
            return (R) securityGrantedAccessAdapter.adapt(j2EContext, Arrays.asList(new CommonProfile[0]), objArr);
        }
        this.logger.debug("clients: {}", str);
        List<Client> find = getClientFinder().find(clients, j2EContext, str);
        this.logger.debug("currentClients: {}", find);
        boolean mustLoadProfilesFromSession = getProfileStorageDecision().mustLoadProfilesFromSession(j2EContext, find);
        this.logger.debug("loadProfilesFromSession: {}", Boolean.valueOf(mustLoadProfilesFromSession));
        ProfileManager profileManager = getProfileManager(j2EContext, config);
        List all = profileManager.getAll(mustLoadProfilesFromSession);
        this.logger.debug("profiles: {}", all);
        if (CommonHelper.isEmpty(all) && CommonHelper.isNotEmpty(find)) {
            boolean z = false;
            Iterator<Client> it = find.iterator();
            while (it.hasNext()) {
                DirectClient directClient = (Client) it.next();
                if (directClient instanceof DirectClient) {
                    this.logger.debug("Performing authentication for direct client: {}", directClient);
                    Credentials credentials = directClient.getCredentials(j2EContext);
                    addTokenMapSession(credentials);
                    this.logger.debug("credentials: {}", credentials);
                    CommonProfile userProfile = directClient.getUserProfile(credentials, j2EContext);
                    this.logger.debug("profile: {}", userProfile);
                    if (userProfile != null) {
                        boolean mustSaveProfileInSession = getProfileStorageDecision().mustSaveProfileInSession(j2EContext, find, directClient, userProfile);
                        this.logger.debug("saveProfileInSession: {} / multiProfile: {}", Boolean.valueOf(mustSaveProfileInSession), Boolean.valueOf(booleanValue));
                        profileManager.save(mustSaveProfileInSession, userProfile, booleanValue);
                        z = true;
                        if (!booleanValue) {
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
            if (z) {
                all = profileManager.getAll(mustLoadProfilesFromSession);
                this.logger.debug("new profiles: {}", all);
            }
        }
        if (CommonHelper.isNotEmpty(all)) {
            this.logger.debug("authorizers: {}", str2);
            if (getAuthorizationChecker().isAuthorized(j2EContext, all, str2, config.getAuthorizers())) {
                this.logger.debug("authenticated and authorized -> grant access");
                return (R) securityGrantedAccessAdapter.adapt(j2EContext, all, objArr);
            }
            this.logger.debug("forbidden");
            unauthorized = forbidden(j2EContext, find, all, str2);
        } else if (startAuthentication(j2EContext, find)) {
            this.logger.debug("Starting authentication");
            saveRequestedUrl(j2EContext, find);
            unauthorized = redirectToIdentityProvider(j2EContext, find);
        } else {
            this.logger.debug("unauthorized");
            unauthorized = unauthorized(j2EContext, find);
        }
        return (R) httpActionAdapter.adapt(unauthorized.getCode(), j2EContext);
    }

    public SessionTokenStore getSessionTokenStore() {
        return this.sessionTokenStore;
    }

    public ShiroPac4jConfig getShiroPac4jConfig() {
        return this.shiroPac4jConfig;
    }

    public void setSessionTokenStore(SessionTokenStore sessionTokenStore) {
        this.sessionTokenStore = sessionTokenStore;
    }

    public void setShiroPac4jConfig(ShiroPac4jConfig shiroPac4jConfig) {
        this.shiroPac4jConfig = shiroPac4jConfig;
    }

    protected /* bridge */ /* synthetic */ HttpAction unauthorized(WebContext webContext, List list) {
        return unauthorized((J2EContext) webContext, (List<Client>) list);
    }
}
