package org.glassfish.soteria.cdi;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
import javax.security.enterprise.identitystore.IdentityStoreHandler;

/* loaded from: input_file:org/glassfish/soteria/cdi/DefaultIdentityStoreHandler.class */
public class DefaultIdentityStoreHandler implements IdentityStoreHandler {
    private List<IdentityStore> authenticationIdentityStores;
    private List<IdentityStore> authorizationIdentityStores;

    public void init() {
        List beanReferencesByType = CdiUtils.getBeanReferencesByType(IdentityStore.class, false);
        this.authenticationIdentityStores = (List) beanReferencesByType.stream().filter(identityStore -> {
            return identityStore.validationTypes().contains(IdentityStore.ValidationType.VALIDATE);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.priority();
        })).collect(Collectors.toList());
        this.authorizationIdentityStores = (List) beanReferencesByType.stream().filter(identityStore2 -> {
            return identityStore2.validationTypes().contains(IdentityStore.ValidationType.PROVIDE_GROUPS) && !identityStore2.validationTypes().contains(IdentityStore.ValidationType.VALIDATE);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.priority();
        })).collect(Collectors.toList());
    }

    public CredentialValidationResult validate(Credential credential) {
        CredentialValidationResult credentialValidationResult = null;
        IdentityStore identityStore = null;
        boolean z = false;
        Iterator<IdentityStore> it = this.authenticationIdentityStores.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            IdentityStore next = it.next();
            credentialValidationResult = next.validate(credential);
            if (credentialValidationResult.getStatus() == CredentialValidationResult.Status.VALID) {
                identityStore = next;
                break;
            }
            if (credentialValidationResult.getStatus() == CredentialValidationResult.Status.INVALID) {
                z = true;
            }
        }
        if (credentialValidationResult == null || credentialValidationResult.getStatus() != CredentialValidationResult.Status.VALID) {
            return z ? CredentialValidationResult.INVALID_RESULT : CredentialValidationResult.NOT_VALIDATED_RESULT;
        }
        final HashSet hashSet = new HashSet();
        if (identityStore.validationTypes().contains(IdentityStore.ValidationType.PROVIDE_GROUPS)) {
            hashSet.addAll(credentialValidationResult.getCallerGroups());
        }
        final CredentialValidationResult credentialValidationResult2 = credentialValidationResult;
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.glassfish.soteria.cdi.DefaultIdentityStoreHandler.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Iterator it2 = DefaultIdentityStoreHandler.this.authorizationIdentityStores.iterator();
                while (it2.hasNext()) {
                    hashSet.addAll(((IdentityStore) it2.next()).getCallerGroups(credentialValidationResult2));
                }
                return null;
            }
        });
        return new CredentialValidationResult(credentialValidationResult.getIdentityStoreId(), credentialValidationResult.getCallerPrincipal(), credentialValidationResult.getCallerDn(), credentialValidationResult.getCallerUniqueId(), hashSet);
    }
}
