package kikaha.core.modules.security;

import io.undertow.security.idm.Account;
import io.undertow.server.HttpServerExchange;
import java.beans.ConstructorProperties;
import java.util.Iterator;
import kikaha.core.modules.security.SecurityEventListener;
import lombok.NonNull;

/* loaded from: input_file:kikaha/core/modules/security/DefaultSecurityContext.class */
public class DefaultSecurityContext implements SecurityContext {
    private AuthenticationMechanism currentAuthMechanism = null;
    private Session currentSession = null;
    private boolean authenticated = false;

    @NonNull
    private final AuthenticationRule rule;

    @NonNull
    private final HttpServerExchange exchange;

    @NonNull
    private final SecurityConfiguration configuration;

    @NonNull
    private final boolean authenticationRequired;

    public boolean authenticate() {
        this.authenticated = true;
        Account performAuthentication = performAuthentication();
        if (performAuthentication == null) {
            this.authenticated = false;
            getCurrentSession().setAuthenticatedAccount(performAuthentication);
            this.configuration.getAuthenticationFailureListener().onAuthenticationFailure(this.exchange, getCurrentSession(), this.currentAuthMechanism);
        } else {
            getCurrentSession().setAuthenticatedAccount(performAuthentication);
            this.configuration.getAuthenticationSuccessListener().onAuthenticationSuccess(this.exchange, getCurrentSession(), this.currentAuthMechanism);
            notifySecurityEvent(SecurityEventListener.SecurityEventType.LOGIN);
        }
        updateCurrentSession();
        return this.authenticated;
    }

    private Account performAuthentication() {
        Account account;
        Iterator<AuthenticationMechanism> it = this.rule.mechanisms().iterator();
        Account authenticatedAccount = getCurrentSession().getAuthenticatedAccount();
        while (true) {
            account = authenticatedAccount;
            if (account != null || !it.hasNext()) {
                break;
            }
            this.currentAuthMechanism = it.next();
            authenticatedAccount = this.currentAuthMechanism.authenticate(this.exchange, this.rule.identityManagers(), getCurrentSession());
        }
        return account;
    }

    public void logout() {
        Session currentSession = getCurrentSession();
        if (currentSession != null) {
            this.configuration.getSessionStore().invalidateSession(currentSession);
            this.configuration.getSessionIdManager().expiresSessionId(this.exchange);
            notifySecurityEvent(SecurityEventListener.SecurityEventType.LOGOUT);
        }
    }

    @Override // kikaha.core.modules.security.SecurityContext
    public void updateCurrentSession() {
        if (this.currentSession == null || !this.currentSession.hasChanged()) {
            return;
        }
        try {
            this.configuration.getSessionStore().flush(this.currentSession);
        } finally {
            this.currentSession.flush();
        }
    }

    @Override // kikaha.core.modules.security.SecurityContext
    public Session getCurrentSession() {
        if (this.currentSession == null) {
            this.currentSession = this.configuration.getSessionStore().createOrRetrieveSession(this.exchange, this.configuration.getSessionIdManager());
        }
        return this.currentSession;
    }

    @Override // kikaha.core.modules.security.SecurityContext
    public void setCurrentSession(Session session) {
        this.currentSession = session;
    }

    public Account getAuthenticatedAccount() {
        if (this.currentSession != null) {
            return this.currentSession.getAuthenticatedAccount();
        }
        return null;
    }

    @Override // kikaha.core.modules.security.SecurityContext
    public void setAuthenticatedAccount(Account account) {
        if (getCurrentSession() != null) {
            getCurrentSession().setAuthenticatedAccount(account);
            notifySecurityEvent(SecurityEventListener.SecurityEventType.PROFILE_UPDATED);
        }
    }

    void notifySecurityEvent(SecurityEventListener.SecurityEventType securityEventType) {
        Iterator<SecurityEventListener> it = this.configuration.getEventListeners().iterator();
        while (it.hasNext()) {
            it.next().onEvent(securityEventType, this.exchange, getCurrentSession());
        }
    }

    public AuthenticationMechanism getCurrentAuthMechanism() {
        return this.currentAuthMechanism;
    }

    public boolean isAuthenticated() {
        return this.authenticated;
    }

    @NonNull
    public AuthenticationRule getRule() {
        return this.rule;
    }

    @NonNull
    public HttpServerExchange getExchange() {
        return this.exchange;
    }

    @NonNull
    public SecurityConfiguration getConfiguration() {
        return this.configuration;
    }

    @NonNull
    public boolean isAuthenticationRequired() {
        return this.authenticationRequired;
    }

    @ConstructorProperties({"rule", "exchange", "configuration", "authenticationRequired"})
    public DefaultSecurityContext(@NonNull AuthenticationRule authenticationRule, @NonNull HttpServerExchange httpServerExchange, @NonNull SecurityConfiguration securityConfiguration, @NonNull boolean z) {
        if (authenticationRule == null) {
            throw new NullPointerException("rule");
        }
        if (httpServerExchange == null) {
            throw new NullPointerException("exchange");
        }
        if (securityConfiguration == null) {
            throw new NullPointerException("configuration");
        }
        this.rule = authenticationRule;
        this.exchange = httpServerExchange;
        this.configuration = securityConfiguration;
        this.authenticationRequired = z;
    }
}
