package leap.web.security.authc;

import leap.core.annotation.Inject;
import leap.core.security.Anonymous;
import leap.core.security.Authentication;
import leap.core.security.ClientPrincipal;
import leap.core.security.Credentials;
import leap.core.security.UserPrincipal;
import leap.lang.Out;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.intercepting.State;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.web.Request;
import leap.web.RequestIntercepted;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.SecurityInterceptor;
import leap.web.security.SecuritySessionManager;
import leap.web.security.authc.credentials.CredentialsAuthenticationContext;
import leap.web.security.authc.credentials.CredentialsAuthenticator;

/* loaded from: input_file:leap/web/security/authc/DefaultAuthenticationManager.class */
public class DefaultAuthenticationManager implements AuthenticationManager {
    private static final Log log = LogFactory.get(DefaultAuthenticationManager.class);

    @Inject
    protected SecurityConfig securityConfig;

    @Inject
    protected AuthenticationResolver[] resolvers;

    @Inject
    protected SecuritySessionManager sessionManager;

    @Inject
    protected TokenAuthenticationManager tokenAuthenticationManager;

    @Inject
    protected RememberMeManager rememberMeManager;

    @Inject
    protected CredentialsAuthenticator[] credentialsAuthenticators;

    /* loaded from: input_file:leap/web/security/authc/DefaultAuthenticationManager$WrappedAuthentication.class */
    protected static final class WrappedAuthentication implements Authentication {
        private final Authentication wrapped;
        private final UserPrincipal user;

        WrappedAuthentication(Authentication authentication, UserPrincipal userPrincipal) {
            this.wrapped = authentication;
            this.user = userPrincipal;
        }

        public boolean isAuthenticated() {
            return this.wrapped.isAuthenticated();
        }

        public boolean isRememberMe() {
            return this.wrapped.isRememberMe();
        }

        public Object getCredentials() {
            return this.wrapped.getCredentials();
        }

        public UserPrincipal getUser() {
            return this.user;
        }

        public ClientPrincipal getClient() {
            return this.wrapped.getClient();
        }

        public String getToken() {
            return this.wrapped.getToken();
        }

        public void setToken(String str) throws IllegalStateException {
            this.wrapped.setToken(str);
        }

        public String[] getPermissions() {
            return this.wrapped.getPermissions();
        }

        public void setPermissions(String... strArr) {
            this.wrapped.setPermissions(strArr);
        }

        public String[] getRoles() {
            return this.wrapped.getRoles();
        }

        public void setRoles(String... strArr) {
            this.wrapped.setRoles(strArr);
        }

        public String toString() {
            return this.wrapped.toString();
        }
    }

    @Override // leap.web.security.authc.AuthenticationManager
    public Authentication authenticate(CredentialsAuthenticationContext credentialsAuthenticationContext, Credentials credentials) {
        Out<UserPrincipal> out = new Out<>();
        if (!State.isIntercepted(beforeAuthenticate(credentialsAuthenticationContext, credentials, out))) {
            return afterAuthenticate(credentialsAuthenticationContext, credentials, authentication(credentialsAuthenticationContext, credentials, out));
        }
        if (null != out.getValue()) {
            return new SimpleAuthentication((UserPrincipal) out.getValue(), credentials);
        }
        return null;
    }

    protected State beforeAuthenticate(CredentialsAuthenticationContext credentialsAuthenticationContext, Credentials credentials, Out<UserPrincipal> out) {
        for (SecurityInterceptor securityInterceptor : this.securityConfig.getInterceptors()) {
            try {
                State preAuthenticateCredentials = securityInterceptor.preAuthenticateCredentials(credentialsAuthenticationContext, credentials, out);
                if (State.isIntercepted(preAuthenticateCredentials)) {
                    return preAuthenticateCredentials;
                }
            } catch (Throwable th) {
                throw new AuthenticationException(th);
            }
        }
        return State.CONTINUE;
    }

    protected Authentication authentication(CredentialsAuthenticationContext credentialsAuthenticationContext, Credentials credentials, Out<UserPrincipal> out) {
        CredentialsAuthenticator[] credentialsAuthenticatorArr = this.credentialsAuthenticators;
        int length = credentialsAuthenticatorArr.length;
        for (int i = 0; i < length && !credentialsAuthenticatorArr[i].authenticate(credentialsAuthenticationContext, credentials, out); i++) {
        }
        return null != out.getValue() ? new SimpleAuthentication((UserPrincipal) out.getValue(), credentials) : null;
    }

    protected Authentication afterAuthenticate(CredentialsAuthenticationContext credentialsAuthenticationContext, Credentials credentials, Authentication authentication) {
        for (SecurityInterceptor securityInterceptor : this.securityConfig.getInterceptors()) {
            try {
                if (State.isIntercepted(securityInterceptor.postAuthenticateCredentials(credentialsAuthenticationContext, credentials, authentication))) {
                    return authentication;
                }
            } catch (Throwable th) {
                throw new AuthenticationException(th);
            }
        }
        return authentication;
    }

    @Override // leap.web.security.authc.AuthenticationManager
    public Authentication resolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        Authentication authentication = null;
        if (State.isContinue(this.tokenAuthenticationManager.preResolveAuthentication(request, response, authenticationContext))) {
            authentication = authenticationContext.getAuthentication();
            if (null == authentication) {
                AuthenticationResolver[] authenticationResolverArr = this.resolvers;
                int length = authenticationResolverArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Result<Authentication> resolveAuthentication = authenticationResolverArr[i].resolveAuthentication(request, response, authenticationContext);
                    if (null != resolveAuthentication && !resolveAuthentication.isEmpty()) {
                        if (resolveAuthentication.isIntercepted()) {
                            RequestIntercepted.throwIt();
                        }
                        if (resolveAuthentication.isPresent()) {
                            authentication = (Authentication) resolveAuthentication.get();
                            break;
                        }
                    }
                    i++;
                }
                if (null == authentication) {
                    Authentication authentication2 = this.sessionManager.getAuthentication(request);
                    if (null != authentication2) {
                        return authentication2;
                    }
                    authentication = (Authentication) Result.value(this.tokenAuthenticationManager.resolveAuthentication(request, response, authenticationContext));
                    if (null == authentication) {
                        authentication = (Authentication) Result.value(this.rememberMeManager.resolveAuthentication(request, response, authenticationContext));
                    }
                }
            }
            if (null != authentication) {
                if (null == authentication.getUser()) {
                    authentication = new WrappedAuthentication(authentication, createAnonymous(request, response, authenticationContext));
                }
                if (authentication.isAuthenticated() && !authentication.isClientOnly()) {
                    loginImmediately(request, response, authentication);
                }
            }
        }
        return null == authentication ? createAnonymousAuthentication(request, response, authenticationContext) : authentication;
    }

    @Override // leap.web.security.authc.AuthenticationManager
    public void loginImmediately(Request request, Response response, Authentication authentication) {
        log.debug("User {} logged in", new Object[]{authentication.getUser().getLoginName()});
        saveAuthentication(request, response, authentication);
        if (this.securityConfig.isAuthenticationTokenEnabled()) {
            this.tokenAuthenticationManager.onLoginSuccess(request, response, authentication);
        }
        if (this.securityConfig.isRememberMeEnabled() && !authentication.isRememberMe()) {
            this.rememberMeManager.onLoginSuccess(request, response, authentication);
        }
        for (AuthenticationResolver authenticationResolver : this.resolvers) {
            authenticationResolver.onLoginSuccess(request, response, authentication);
        }
    }

    @Override // leap.web.security.authc.AuthenticationManager
    public void logoutImmediately(Request request, Response response) {
        this.sessionManager.removeAuthentication(request);
        if (this.securityConfig.isAuthenticationTokenEnabled()) {
            this.tokenAuthenticationManager.onLogoutSuccess(request, response);
        }
        if (this.securityConfig.isRememberMeEnabled()) {
            this.rememberMeManager.onLogoutSuccess(request, response);
        }
        for (AuthenticationResolver authenticationResolver : this.resolvers) {
            authenticationResolver.onLogoutSuccess(request, response);
        }
    }

    protected void saveAuthentication(Request request, Response response, Authentication authentication) {
        this.sessionManager.saveAuthentication(request, authentication);
    }

    protected Authentication createAnonymousAuthentication(Request request, Response response, AuthenticationContext authenticationContext) {
        return new SimpleAuthentication(createAnonymous(request, response, authenticationContext));
    }

    @Override // leap.web.security.authc.AuthenticationManager
    public UserPrincipal createAnonymous(Request request, Response response, AuthenticationContext authenticationContext) {
        String message = request.getMessageSource().getMessage("websecurity.anonymous.name", new Object[0]);
        if (Strings.isEmpty(message)) {
            message = "Anonymous";
        }
        return new Anonymous(message);
    }
}
