package org.pac4j.play.deadbolt2;

import be.objectify.deadbolt.java.DeadboltHandler;
import be.objectify.deadbolt.java.DynamicResourceHandler;
import be.objectify.deadbolt.java.models.Permission;
import be.objectify.deadbolt.java.models.Subject;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.config.Config;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.exception.http.StatusAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.play.PlayWebContext;
import org.pac4j.play.store.PlaySessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.libs.concurrent.HttpExecutionContext;
import play.mvc.Http;
import play.mvc.Result;

/* loaded from: input_file:org/pac4j/play/deadbolt2/Pac4jHandler.class */
public class Pac4jHandler extends DefaultSecurityLogic<Result, PlayWebContext> implements DeadboltHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(Pac4jHandler.class);
    private final Config config;
    private final HttpExecutionContext httpExecutionContext;
    private final String clients;
    private final PlaySessionStore playSessionStore;
    private final Pac4jRoleHandler rolePermissionsHandler;

    public Pac4jHandler(Config config, HttpExecutionContext httpExecutionContext, String str, PlaySessionStore playSessionStore, Pac4jRoleHandler pac4jRoleHandler) {
        CommonHelper.assertNotNull("config", config);
        CommonHelper.assertNotNull("httpExecutionContext", httpExecutionContext);
        CommonHelper.assertNotNull("playSessionStore", playSessionStore);
        this.config = config;
        this.httpExecutionContext = httpExecutionContext;
        this.clients = str;
        this.playSessionStore = playSessionStore;
        this.rolePermissionsHandler = pac4jRoleHandler;
    }

    public long getId() {
        return this.clients.hashCode();
    }

    public CompletionStage<Optional<Result>> beforeAuthCheck(Http.RequestHeader requestHeader, Optional<String> optional) {
        return CompletableFuture.supplyAsync(() -> {
            HttpAction httpAction;
            CommonProfile userProfile;
            if (getProfile(requestHeader).isPresent()) {
                LOGGER.debug("profile found -> returning empty");
                return Optional.empty();
            }
            PlayWebContext playWebContext = new PlayWebContext(requestHeader, this.playSessionStore);
            HttpActionAdapter httpActionAdapter = this.config.getHttpActionAdapter();
            List<Client<? extends Credentials>> find = getClientFinder().find(this.config.getClients(), playWebContext, this.clients);
            LOGGER.debug("currentClients: {}", find);
            try {
                if (startDirectAuthentication(find)) {
                    LOGGER.debug("Starting direct authentication");
                    Optional credentials = find.get(0).getCredentials(playWebContext);
                    if (credentials.isPresent() && (userProfile = ((Credentials) credentials.get()).getUserProfile()) != null) {
                        setProfile(requestHeader, userProfile);
                        return Optional.empty();
                    }
                    LOGGER.debug("unauthorized");
                    httpAction = unauthorized(playWebContext, find);
                } else if (startAuthentication(playWebContext, find)) {
                    LOGGER.debug("Starting authentication");
                    saveRequestedUrl(playWebContext, find, null);
                    httpAction = redirectToIdentityProvider(playWebContext, find);
                } else {
                    LOGGER.debug("unauthorized");
                    httpAction = unauthorized(playWebContext, find);
                }
            } catch (HttpAction e) {
                httpAction = e;
            }
            return Optional.of((Result) httpActionAdapter.adapt(httpAction, playWebContext));
        }, this.httpExecutionContext.current());
    }

    public CompletionStage<Optional<? extends Subject>> getSubject(Http.RequestHeader requestHeader) {
        return CompletableFuture.supplyAsync(() -> {
            Optional<CommonProfile> profile = getProfile(requestHeader);
            if (profile.isPresent()) {
                LOGGER.debug("profile found: {} -> building a subject", profile);
                return Optional.of(new Pac4jSubject(profile.get()));
            }
            LOGGER.debug("no profile found -> returning empty");
            return Optional.empty();
        }, this.httpExecutionContext.current());
    }

    public CompletionStage<List<? extends Permission>> getPermissionsForRole(String str) {
        return this.rolePermissionsHandler.getPermissionsForRole(this.clients, str, this.httpExecutionContext);
    }

    private Optional<CommonProfile> getProfile(Http.RequestHeader requestHeader) {
        return new ProfileManager(new PlayWebContext(requestHeader, this.playSessionStore)).getLikeDefaultSecurityLogic(true);
    }

    private void setProfile(Http.RequestHeader requestHeader, CommonProfile commonProfile) {
        new PlayWebContext(requestHeader, this.playSessionStore).setRequestAttribute("pac4jUserProfiles", commonProfile);
    }

    public CompletionStage<Result> onAuthFailure(Http.RequestHeader requestHeader, Optional<String> optional) {
        return CompletableFuture.supplyAsync(() -> {
            return (Result) this.config.getHttpActionAdapter().adapt(new StatusAction(403), new PlayWebContext(requestHeader, this.playSessionStore));
        }, this.httpExecutionContext.current());
    }

    public CompletionStage<Optional<DynamicResourceHandler>> getDynamicResourceHandler(Http.RequestHeader requestHeader) {
        throw new TechnicalException("getDynamicResourceHandler() not supported in Pac4jHandler");
    }

    private boolean startDirectAuthentication(List<Client<? extends Credentials>> list) {
        return CommonHelper.isNotEmpty(list) && (list.get(0) instanceof DirectClient);
    }
}
