package org.pac4j.core.engine;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.pac4j.core.authorization.checker.AuthorizationChecker;
import org.pac4j.core.authorization.checker.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.finder.ClientFinder;
import org.pac4j.core.client.finder.DefaultSecurityClientFinder;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.FrameworkParameters;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler;
import org.pac4j.core.engine.savedrequest.SavedRequestHandler;
import org.pac4j.core.exception.http.ForbiddenAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.http.ajax.AjaxRequestResolver;
import org.pac4j.core.matching.checker.DefaultMatchingChecker;
import org.pac4j.core.matching.checker.MatchingChecker;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.HttpActionHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/core/engine/DefaultSecurityLogic.class */
public class DefaultSecurityLogic extends AbstractExceptionAwareLogic implements SecurityLogic {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSecurityLogic.class);
    public static final DefaultSecurityLogic INSTANCE = new DefaultSecurityLogic();
    private ClientFinder clientFinder = new DefaultSecurityClientFinder();
    private AuthorizationChecker authorizationChecker = new DefaultAuthorizationChecker();
    private MatchingChecker matchingChecker = new DefaultMatchingChecker();
    private SavedRequestHandler savedRequestHandler = new DefaultSavedRequestHandler();
    private boolean loadProfilesFromSession = true;

    @Override // org.pac4j.core.engine.SecurityLogic
    public Object perform(Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, String str, String str2, String str3, FrameworkParameters frameworkParameters) {
        HttpAction unauthorized;
        LOGGER.debug("=== SECURITY ===");
        CallContext buildContext = buildContext(config, frameworkParameters);
        WebContext webContext = buildContext.webContext();
        SessionStore sessionStore = buildContext.sessionStore();
        HttpActionAdapter httpActionAdapter = config.getHttpActionAdapter();
        CommonHelper.assertNotNull("httpActionAdapter", httpActionAdapter);
        try {
            CommonHelper.assertNotNull("clientFinder", this.clientFinder);
            CommonHelper.assertNotNull("authorizationChecker", this.authorizationChecker);
            CommonHelper.assertNotNull("matchingChecker", this.matchingChecker);
            Clients clients = config.getClients();
            CommonHelper.assertNotNull("configClients", clients);
            LOGGER.debug("url: {}", webContext.getFullRequestURL());
            LOGGER.debug("clients: {} | matchers: {}", str, str3);
            List<Client> find = this.clientFinder.find(clients, webContext, str);
            LOGGER.debug("currentClients: {}", find);
            if (!this.matchingChecker.matches(buildContext, str3, config.getMatchers(), find)) {
                LOGGER.debug("no matching for this request -> grant access");
                return securityGrantedAccessAdapter.adapt(webContext, sessionStore, Collections.emptyList());
            }
            ProfileManager apply = buildContext.profileManagerFactory().apply(webContext, sessionStore);
            apply.setConfig(config);
            List<UserProfile> loadProfiles = this.loadProfilesFromSession ? loadProfiles(buildContext, apply, find) : List.of();
            LOGGER.debug("Loaded profiles (from session: {}): {} ", Boolean.valueOf(this.loadProfilesFromSession), loadProfiles);
            if (CommonHelper.isEmpty(loadProfiles) && !CommonHelper.isEmpty(find)) {
                boolean z = false;
                for (Client client : find) {
                    if (client instanceof DirectClient) {
                        DirectClient directClient = (DirectClient) client;
                        LOGGER.debug("Performing authentication for direct client: {}", client);
                        Credentials orElse = client.validateCredentials(buildContext, client.getCredentials(buildContext).orElse(null)).orElse(null);
                        LOGGER.debug("credentials: {}", orElse);
                        if (orElse != null && orElse.isForAuthentication()) {
                            Optional<UserProfile> userProfile = client.getUserProfile(buildContext, orElse);
                            LOGGER.debug("profile: {}", userProfile);
                            if (userProfile.isPresent()) {
                                UserProfile userProfile2 = userProfile.get();
                                Boolean saveProfileInSession = directClient.getSaveProfileInSession(webContext, userProfile2);
                                boolean isMultiProfile = directClient.isMultiProfile(webContext, userProfile2);
                                LOGGER.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, Boolean.valueOf(isMultiProfile));
                                apply.save(saveProfileInSession.booleanValue(), userProfile2, isMultiProfile);
                                z = true;
                                if (!isMultiProfile) {
                                    break;
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                }
                if (z) {
                    loadProfiles = loadProfiles(buildContext, apply, find);
                    LOGGER.debug("Reloaded profiles: {}", loadProfiles);
                }
            }
            if (CommonHelper.isNotEmpty(loadProfiles)) {
                LOGGER.debug("authorizers: {}", str2);
                if (this.authorizationChecker.isAuthorized(webContext, sessionStore, loadProfiles, str2, config.getAuthorizers(), find)) {
                    LOGGER.debug("authenticated and authorized -> grant access");
                    return securityGrantedAccessAdapter.adapt(webContext, sessionStore, loadProfiles);
                }
                LOGGER.debug("forbidden");
                unauthorized = forbidden(buildContext, find, loadProfiles, str2);
            } else if (startAuthentication(buildContext, find)) {
                LOGGER.debug("Starting authentication");
                saveRequestedUrl(buildContext, find, config.getClients().getAjaxRequestResolver());
                unauthorized = redirectToIdentityProvider(buildContext, find);
            } else {
                LOGGER.debug("unauthorized");
                unauthorized = unauthorized(buildContext, find);
            }
            return httpActionAdapter.adapt(unauthorized, webContext);
        } catch (Exception e) {
            return handleException(e, httpActionAdapter, webContext);
        }
    }

    protected List<UserProfile> loadProfiles(CallContext callContext, ProfileManager profileManager, List<Client> list) {
        return profileManager.getProfiles();
    }

    protected HttpAction forbidden(CallContext callContext, List<Client> list, List<UserProfile> list2, String str) {
        return new ForbiddenAction();
    }

    protected boolean startAuthentication(CallContext callContext, List<Client> list) {
        return CommonHelper.isNotEmpty(list) && (list.get(0) instanceof IndirectClient);
    }

    protected void saveRequestedUrl(CallContext callContext, List<Client> list, AjaxRequestResolver ajaxRequestResolver) {
        if (ajaxRequestResolver == null || !ajaxRequestResolver.isAjax(callContext)) {
            this.savedRequestHandler.save(callContext);
        }
    }

    protected HttpAction redirectToIdentityProvider(CallContext callContext, List<Client> list) {
        return ((IndirectClient) list.get(0)).getRedirectionAction(callContext).get();
    }

    protected HttpAction unauthorized(CallContext callContext, List<Client> list) {
        return HttpActionHelper.buildUnauthenticatedAction(callContext.webContext());
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public ClientFinder getClientFinder() {
        return this.clientFinder;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public AuthorizationChecker getAuthorizationChecker() {
        return this.authorizationChecker;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public MatchingChecker getMatchingChecker() {
        return this.matchingChecker;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public SavedRequestHandler getSavedRequestHandler() {
        return this.savedRequestHandler;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public boolean isLoadProfilesFromSession() {
        return this.loadProfilesFromSession;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public DefaultSecurityLogic setClientFinder(ClientFinder clientFinder) {
        this.clientFinder = clientFinder;
        return this;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public DefaultSecurityLogic setAuthorizationChecker(AuthorizationChecker authorizationChecker) {
        this.authorizationChecker = authorizationChecker;
        return this;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public DefaultSecurityLogic setMatchingChecker(MatchingChecker matchingChecker) {
        this.matchingChecker = matchingChecker;
        return this;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public DefaultSecurityLogic setSavedRequestHandler(SavedRequestHandler savedRequestHandler) {
        this.savedRequestHandler = savedRequestHandler;
        return this;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public DefaultSecurityLogic setLoadProfilesFromSession(boolean z) {
        this.loadProfilesFromSession = z;
        return this;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public String toString() {
        return "DefaultSecurityLogic(super=" + super.toString() + ", clientFinder=" + this.clientFinder + ", authorizationChecker=" + this.authorizationChecker + ", matchingChecker=" + this.matchingChecker + ", savedRequestHandler=" + this.savedRequestHandler + ", loadProfilesFromSession=" + this.loadProfilesFromSession + ")";
    }
}
