package top.idbase.auth.core;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.engine.SecurityGrantedAccessAdapter;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.CommonHelper;
import top.idbase.auth.client.IdbaseClient;
import top.idbase.auth.config.IdbaseAuthConfig;
import top.idbase.auth.core.context.IdbaseWebContext;
import top.idbase.auth.profile.IdbaseProfileManager;
import top.idbase.auth.sso.LocalUser;
import top.idbase.auth.sso.SSOEvent;

/* loaded from: input_file:top/idbase/auth/core/IdbaseSecurityLogic.class */
public class IdbaseSecurityLogic<R, C extends IdbaseWebContext> extends DefaultSecurityLogic<R, C> {
    private IdbaseAuthConfig config;

    public IdbaseSecurityLogic() {
        setProfileManagerFactory((v1) -> {
            return new IdbaseProfileManager(v1);
        });
    }

    public R perform(C c, Config config, SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, HttpActionAdapter<R, C> httpActionAdapter, String str, String str2, String str3, Boolean bool, Object... objArr) {
        boolean booleanValue;
        HttpAction redirectToIdentityProvider;
        this.logger.debug("=== SECURITY ===");
        if (bool == null) {
            booleanValue = false;
        } else {
            try {
                booleanValue = bool.booleanValue();
            } catch (Exception e) {
                return (R) handleException(e, httpActionAdapter, c);
            }
        }
        CommonHelper.assertNotNull("context", c);
        CommonHelper.assertNotNull("config", config);
        CommonHelper.assertNotNull("httpActionAdapter", httpActionAdapter);
        CommonHelper.assertNotNull("clientFinder", getClientFinder());
        CommonHelper.assertNotNull("authorizationChecker", getAuthorizationChecker());
        CommonHelper.assertNotNull("matchingChecker", getMatchingChecker());
        CommonHelper.assertNotNull("profileStorageDecision", getProfileStorageDecision());
        CommonHelper.assertTrue(config instanceof IdbaseAuthConfig, " config is not instance of IdbaseAuthConfig");
        this.config = (IdbaseAuthConfig) config;
        Clients clients = config.getClients();
        CommonHelper.assertNotNull("configClients", clients);
        this.logger.debug("url: {}", c.getFullRequestURL());
        this.logger.debug("matchers: {}", str3);
        if (!getMatchingChecker().matches(c, str3, config.getMatchers())) {
            this.logger.debug("no matching for this request -> grant access");
            return (R) securityGrantedAccessAdapter.adapt(c, Arrays.asList(new CommonProfile[0]), objArr);
        }
        this.logger.debug("clients: {}", str);
        List<Client> find = getClientFinder().find(clients, c, str);
        this.logger.debug("currentClients: {}", find);
        boolean mustLoadProfilesFromSession = getProfileStorageDecision().mustLoadProfilesFromSession(c, find);
        this.logger.debug("loadProfilesFromSession: {}", Boolean.valueOf(mustLoadProfilesFromSession));
        ProfileManager profileManager = getProfileManager(c, config);
        List all = profileManager.getAll(mustLoadProfilesFromSession);
        this.logger.debug("profiles: {}", all);
        if (CommonHelper.isEmpty(all) && CommonHelper.isNotEmpty(find)) {
            boolean z = false;
            Iterator<Client> it = find.iterator();
            while (it.hasNext()) {
                DirectClient directClient = (Client) it.next();
                if (directClient instanceof DirectClient) {
                    this.logger.debug("Performing authentication for direct client: {}", directClient);
                    Credentials credentials = directClient.getCredentials(c);
                    this.logger.debug("credentials: {}", credentials);
                    CommonProfile userProfile = directClient.getUserProfile(credentials, c);
                    this.logger.debug("profile: {}", userProfile);
                    if (userProfile != null) {
                        boolean mustSaveProfileInSession = getProfileStorageDecision().mustSaveProfileInSession(c, find, directClient, userProfile);
                        this.logger.debug("saveProfileInSession: {} / multiProfile: {}", Boolean.valueOf(mustSaveProfileInSession), Boolean.valueOf(booleanValue));
                        profileManager.save(mustSaveProfileInSession, userProfile, booleanValue);
                        z = true;
                        if (!booleanValue) {
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
            if (z) {
                all = profileManager.getAll(mustLoadProfilesFromSession);
                this.logger.debug("new profiles: {}", all);
            }
        }
        if (CommonHelper.isNotEmpty(all)) {
            this.logger.debug("authorizers: {}", str2);
            if (getAuthorizationChecker().isAuthorized(c, all, str2, config.getAuthorizers())) {
                this.logger.debug("authenticated and authorized -> grant access");
                return (R) securityGrantedAccessAdapter.adapt(c, all, objArr);
            }
            this.logger.debug("forbidden");
            redirectToIdentityProvider = forbidden(c, find, all, str2);
        } else {
            if (!startAuthentication((IdbaseSecurityLogic<R, C>) c, find)) {
                this.logger.debug("unauthorized");
                return (R) securityGrantedAccessAdapter.adapt(c, new ArrayList(), objArr);
            }
            this.logger.debug("Starting authentication");
            saveRequestedUrl(c, find);
            redirectToIdentityProvider = redirectToIdentityProvider(c, find);
        }
        return (R) httpActionAdapter.adapt(redirectToIdentityProvider.getCode(), c);
    }

    protected boolean startAuthentication(C c, List<Client> list) {
        if (!CommonHelper.isNotEmpty(list) || !(list.get(0) instanceof IdbaseClient)) {
            return false;
        }
        if (goToAuthentication(c)) {
            return true;
        }
        if (!goToBind(c)) {
            return false;
        }
        IdbaseClient idbaseClient = list.get(0);
        LocalUser localUser = this.config.getSSOEvents().localUser(c);
        HashMap hashMap = new HashMap();
        hashMap.put("user_id", localUser.getUserId());
        hashMap.put("username", localUser.getUsername());
        idbaseClient.getConfiguration().setCustomParams(hashMap);
        return true;
    }

    protected boolean goToBind(C c) {
        SSOEvent sSOEvents;
        LocalUser localUser;
        return (!c.getRequestParameters().containsKey("bind-idbase") || (sSOEvents = this.config.getSSOEvents()) == null || !sSOEvents.localAuthenticated(c) || (localUser = sSOEvents.localUser(c)) == null || localUser.getUsername() == null) ? false : true;
    }

    protected boolean goToAuthentication(C c) {
        return "idbase".equals(c.getRequestParameter("sso"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected /* bridge */ /* synthetic */ boolean startAuthentication(WebContext webContext, List list) {
        return startAuthentication((IdbaseSecurityLogic<R, C>) webContext, (List<Client>) list);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public /* bridge */ /* synthetic */ Object perform(WebContext webContext, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, String str, String str2, String str3, Boolean bool, Object[] objArr) {
        return perform((IdbaseSecurityLogic<R, C>) webContext, config, (SecurityGrantedAccessAdapter<R, IdbaseSecurityLogic<R, C>>) securityGrantedAccessAdapter, (HttpActionAdapter<R, IdbaseSecurityLogic<R, C>>) httpActionAdapter, str, str2, str3, bool, objArr);
    }
}
