package org.apache.deltaspike.security.impl.authentication;

import java.lang.annotation.Annotation;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import org.apache.deltaspike.core.util.ExceptionUtils;
import org.apache.deltaspike.security.api.Identity;
import org.apache.deltaspike.security.api.User;
import org.apache.deltaspike.security.api.authentication.AuthenticationException;
import org.apache.deltaspike.security.api.authentication.UnexpectedCredentialException;
import org.apache.deltaspike.security.api.authentication.event.AlreadyLoggedInEvent;
import org.apache.deltaspike.security.api.authentication.event.LoggedInEvent;
import org.apache.deltaspike.security.api.authentication.event.LoginFailedEvent;
import org.apache.deltaspike.security.api.authentication.event.PostAuthenticateEvent;
import org.apache.deltaspike.security.api.authentication.event.PostLoggedOutEvent;
import org.apache.deltaspike.security.api.authentication.event.PreAuthenticateEvent;
import org.apache.deltaspike.security.api.authentication.event.PreLoggedOutEvent;
import org.apache.deltaspike.security.api.credential.LoginCredential;
import org.apache.deltaspike.security.spi.authentication.Authenticator;
import org.apache.deltaspike.security.spi.authentication.AuthenticatorSelector;

@SessionScoped
/* loaded from: input_file:org/apache/deltaspike/security/impl/authentication/DefaultIdentity.class */
public class DefaultIdentity implements Identity {
    private static final long serialVersionUID = 3696702275353144429L;

    @Inject
    private AuthenticatorSelector authenticatorSelector;

    @Inject
    private BeanManager beanManager;

    @Inject
    private LoginCredential loginCredential;
    private boolean authenticating;
    private User user;

    public boolean isLoggedIn() {
        return this.user != null;
    }

    public User getUser() {
        return this.user;
    }

    public Identity.AuthenticationResult login() {
        try {
            if (isLoggedIn()) {
                if (isAuthenticationRequestWithDifferentUserId()) {
                    throw new UnexpectedCredentialException("active user: " + this.user.getId() + " provided credentials: " + this.loginCredential.getUserId());
                }
                this.beanManager.fireEvent(new AlreadyLoggedInEvent(), new Annotation[0]);
                return Identity.AuthenticationResult.SUCCESS;
            }
            if (authenticate()) {
                this.beanManager.fireEvent(new LoggedInEvent(), new Annotation[0]);
                return Identity.AuthenticationResult.SUCCESS;
            }
            this.beanManager.fireEvent(new LoginFailedEvent((Exception) null), new Annotation[0]);
            return Identity.AuthenticationResult.FAILED;
        } catch (Exception e) {
            this.beanManager.fireEvent(new LoginFailedEvent(e), new Annotation[0]);
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            ExceptionUtils.throwAsRuntimeException(e);
            throw new IllegalStateException(e);
        }
    }

    private boolean isAuthenticationRequestWithDifferentUserId() {
        return (!isLoggedIn() || this.loginCredential.getUserId() == null || this.loginCredential.getUserId().equals(this.user.getId())) ? false : true;
    }

    protected boolean authenticate() throws AuthenticationException {
        try {
            if (this.authenticating) {
                this.authenticating = false;
                throw new IllegalStateException("Authentication already in progress.");
            }
            try {
                this.authenticating = true;
                this.beanManager.fireEvent(new PreAuthenticateEvent(), new Annotation[0]);
                Authenticator selectedAuthenticator = this.authenticatorSelector.getSelectedAuthenticator();
                selectedAuthenticator.authenticate();
                if (selectedAuthenticator.getStatus() == null) {
                    throw new AuthenticationException("Authenticator must return a valid authentication status");
                }
                if (selectedAuthenticator.getStatus() != Authenticator.AuthenticationStatus.SUCCESS) {
                    this.authenticating = false;
                    return false;
                }
                postAuthenticate(selectedAuthenticator);
                this.user = selectedAuthenticator.getUser();
                this.authenticating = false;
                return true;
            } catch (Exception e) {
                if (e instanceof AuthenticationException) {
                    throw e;
                }
                throw new AuthenticationException("Authentication failed.", e);
            }
        } catch (Throwable th) {
            this.authenticating = false;
            throw th;
        }
    }

    protected void postAuthenticate(Authenticator authenticator) {
        authenticator.postAuthenticate();
        if (authenticator.getStatus().equals(Authenticator.AuthenticationStatus.SUCCESS)) {
            this.beanManager.fireEvent(new PostAuthenticateEvent(), new Annotation[0]);
        }
    }

    public void logout() {
        logout(true);
    }

    protected void logout(boolean z) {
        if (isLoggedIn()) {
            this.beanManager.fireEvent(new PreLoggedOutEvent(this.user), new Annotation[0]);
            PostLoggedOutEvent postLoggedOutEvent = new PostLoggedOutEvent(this.user);
            unAuthenticate(z);
            this.beanManager.fireEvent(postLoggedOutEvent, new Annotation[0]);
        }
    }

    private void unAuthenticate(boolean z) {
        this.user = null;
        if (z) {
            this.loginCredential.invalidate();
        }
    }
}
