package org.pac4j.core.engine;

import io.undertow.server.protocol.ajp.AjpRequestParser;
import java.util.Arrays;
import java.util.List;
import org.apache.logging.log4j.core.LoggerContext;
import org.pac4j.core.authorization.checker.AuthorizationChecker;
import org.pac4j.core.authorization.checker.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.finder.ClientFinder;
import org.pac4j.core.client.finder.DefaultSecurityClientFinder;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.Pac4jConstants;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.engine.decision.DefaultProfileStorageDecision;
import org.pac4j.core.engine.decision.ProfileStorageDecision;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.http.ajax.AjaxRequestResolver;
import org.pac4j.core.http.ajax.DefaultAjaxRequestResolver;
import org.pac4j.core.matching.MatchingChecker;
import org.pac4j.core.matching.RequireAllMatchersChecker;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.CommonHelper;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-3.6.1.jar:org/pac4j/core/engine/DefaultSecurityLogic.class */
public class DefaultSecurityLogic<R, C extends WebContext> extends AbstractExceptionAwareLogic<R, C> implements SecurityLogic<R, C> {
    private ClientFinder clientFinder = new DefaultSecurityClientFinder();
    private AuthorizationChecker authorizationChecker = new DefaultAuthorizationChecker();
    private MatchingChecker matchingChecker = new RequireAllMatchersChecker();
    private ProfileStorageDecision profileStorageDecision = new DefaultProfileStorageDecision();
    private AjaxRequestResolver ajaxRequestResolver = new DefaultAjaxRequestResolver();

    @Override // org.pac4j.core.engine.SecurityLogic
    public R perform(C c, Config config, SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, HttpActionAdapter<R, C> httpActionAdapter, String str, String str2, String str3, Boolean bool, Object... objArr) {
        boolean booleanValue;
        HttpAction unauthorized;
        this.logger.debug("=== SECURITY ===");
        if (bool == null) {
            booleanValue = false;
        } else {
            try {
                booleanValue = bool.booleanValue();
            } catch (Exception e) {
                return handleException(e, httpActionAdapter, c);
            }
        }
        CommonHelper.assertNotNull(AjpRequestParser.CONTEXT, c);
        CommonHelper.assertNotNull(LoggerContext.PROPERTY_CONFIG, config);
        CommonHelper.assertNotNull("httpActionAdapter", httpActionAdapter);
        CommonHelper.assertNotNull("clientFinder", this.clientFinder);
        CommonHelper.assertNotNull("authorizationChecker", this.authorizationChecker);
        CommonHelper.assertNotNull("matchingChecker", this.matchingChecker);
        CommonHelper.assertNotNull("profileStorageDecision", this.profileStorageDecision);
        Clients clients = config.getClients();
        CommonHelper.assertNotNull("configClients", clients);
        this.logger.debug("url: {}", c.getFullRequestURL());
        this.logger.debug("matchers: {}", str3);
        if (!this.matchingChecker.matches(c, str3, config.getMatchers())) {
            this.logger.debug("no matching for this request -> grant access");
            return securityGrantedAccessAdapter.adapt(c, Arrays.asList(new CommonProfile[0]), objArr);
        }
        this.logger.debug("clients: {}", str);
        List<Client> find = this.clientFinder.find(clients, c, str);
        this.logger.debug("currentClients: {}", find);
        boolean mustLoadProfilesFromSession = this.profileStorageDecision.mustLoadProfilesFromSession(c, find);
        this.logger.debug("loadProfilesFromSession: {}", Boolean.valueOf(mustLoadProfilesFromSession));
        ProfileManager profileManager = getProfileManager(c, config);
        List<CommonProfile> all = profileManager.getAll(mustLoadProfilesFromSession);
        this.logger.debug("profiles: {}", all);
        if (CommonHelper.isEmpty(all) && CommonHelper.isNotEmpty(find)) {
            boolean z = false;
            for (Client client : find) {
                if (client instanceof DirectClient) {
                    this.logger.debug("Performing authentication for direct client: {}", client);
                    Credentials credentials = client.getCredentials(c);
                    this.logger.debug("credentials: {}", credentials);
                    CommonProfile userProfile = client.getUserProfile(credentials, c);
                    this.logger.debug("profile: {}", userProfile);
                    if (userProfile != null) {
                        boolean mustSaveProfileInSession = this.profileStorageDecision.mustSaveProfileInSession(c, find, (DirectClient) client, userProfile);
                        this.logger.debug("saveProfileInSession: {} / multiProfile: {}", Boolean.valueOf(mustSaveProfileInSession), Boolean.valueOf(booleanValue));
                        profileManager.save(mustSaveProfileInSession, userProfile, booleanValue);
                        z = true;
                        if (!booleanValue) {
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
            if (z) {
                all = profileManager.getAll(mustLoadProfilesFromSession);
                this.logger.debug("new profiles: {}", all);
            }
        }
        if (CommonHelper.isNotEmpty(all)) {
            this.logger.debug("authorizers: {}", str2);
            if (this.authorizationChecker.isAuthorized(c, all, str2, config.getAuthorizers())) {
                this.logger.debug("authenticated and authorized -> grant access");
                return securityGrantedAccessAdapter.adapt(c, all, objArr);
            }
            this.logger.debug("forbidden");
            unauthorized = forbidden(c, find, all, str2);
        } else if (startAuthentication(c, find)) {
            this.logger.debug("Starting authentication");
            saveRequestedUrl(c, find);
            unauthorized = redirectToIdentityProvider(c, find);
        } else {
            this.logger.debug("unauthorized");
            unauthorized = unauthorized(c, find);
        }
        return httpActionAdapter.adapt(unauthorized.getCode(), c);
    }

    protected HttpAction forbidden(C c, List<Client> list, List<CommonProfile> list2, String str) {
        return HttpAction.forbidden(c);
    }

    protected boolean startAuthentication(C c, List<Client> list) {
        return CommonHelper.isNotEmpty(list) && (list.get(0) instanceof IndirectClient);
    }

    protected void saveRequestedUrl(C c, List<Client> list) {
        if (this.ajaxRequestResolver == null || !this.ajaxRequestResolver.isAjax(c)) {
            String fullRequestURL = c.getFullRequestURL();
            this.logger.debug("requestedUrl: {}", fullRequestURL);
            c.getSessionStore().set(c, Pac4jConstants.REQUESTED_URL, fullRequestURL);
        }
    }

    protected HttpAction redirectToIdentityProvider(C c, List<Client> list) {
        return ((IndirectClient) list.get(0)).redirect(c);
    }

    protected HttpAction unauthorized(C c, List<Client> list) {
        return HttpAction.unauthorized(c);
    }

    public ClientFinder getClientFinder() {
        return this.clientFinder;
    }

    public void setClientFinder(ClientFinder clientFinder) {
        this.clientFinder = clientFinder;
    }

    public AuthorizationChecker getAuthorizationChecker() {
        return this.authorizationChecker;
    }

    public void setAuthorizationChecker(AuthorizationChecker authorizationChecker) {
        this.authorizationChecker = authorizationChecker;
    }

    public MatchingChecker getMatchingChecker() {
        return this.matchingChecker;
    }

    public void setMatchingChecker(MatchingChecker matchingChecker) {
        this.matchingChecker = matchingChecker;
    }

    public ProfileStorageDecision getProfileStorageDecision() {
        return this.profileStorageDecision;
    }

    public void setProfileStorageDecision(ProfileStorageDecision profileStorageDecision) {
        this.profileStorageDecision = profileStorageDecision;
    }

    public AjaxRequestResolver getAjaxRequestResolver() {
        return this.ajaxRequestResolver;
    }

    public void setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver) {
        this.ajaxRequestResolver = ajaxRequestResolver;
    }

    public String toString() {
        return CommonHelper.toNiceString(getClass(), "clientFinder", this.clientFinder, "authorizationChecker", this.authorizationChecker, "matchingChecker", this.matchingChecker, "profileStorageDecision", this.profileStorageDecision, "errorUrl", getErrorUrl(), "ajaxRequestResolver", this.ajaxRequestResolver);
    }
}
