package org.tynamo.security.federatedaccounts.facebook.services;

import com.restfb.DefaultFacebookClient;
import com.restfb.Parameter;
import com.restfb.exception.FacebookException;
import com.restfb.types.User;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.apache.tapestry5.ioc.annotations.Symbol;
import org.slf4j.Logger;
import org.tynamo.security.federatedaccounts.FederatedAccount;
import org.tynamo.security.federatedaccounts.facebook.FacebookAccessToken;
import org.tynamo.security.federatedaccounts.services.FederatedAccountService;

/* loaded from: input_file:org/tynamo/security/federatedaccounts/facebook/services/FacebookRealm.class */
public class FacebookRealm extends AuthenticatingRealm {
    public static final String FACEBOOK_CLIENTID = "facebook.clientid";
    public static final String FACEBOOK_CLIENTSECRET = "facebook.clientsecret";
    public static final String FACEBOOK_PERMISSIONS = "facebook.permissions";
    public static final String FACEBOOK_PRINCIPAL = "facebook.principal";
    private Logger logger;
    private PrincipalProperty principalProperty;
    private FederatedAccountService federatedAccountService;

    /* loaded from: input_file:org/tynamo/security/federatedaccounts/facebook/services/FacebookRealm$PrincipalProperty.class */
    public enum PrincipalProperty {
        id,
        email,
        name
    }

    public FacebookRealm(Logger logger, FederatedAccountService federatedAccountService, @Inject @Symbol("facebook.principal") String str) {
        super(new MemoryConstrainedCacheManager());
        this.federatedAccountService = federatedAccountService;
        this.logger = logger;
        this.principalProperty = PrincipalProperty.valueOf(str);
        setName(FederatedAccount.FederatedAccountType.facebook.name());
        setAuthenticationTokenClass(FacebookAccessToken.class);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        try {
            User user = (User) new DefaultFacebookClient(authenticationToken.getPrincipal().toString()).fetchObject("me", User.class, new Parameter[0]);
            if (user == null) {
                throw new AccountException("Null Facebook user is not allowed by this realm.");
            }
            String str = null;
            switch (this.principalProperty) {
                case id:
                    str = user.getId();
                    break;
                case email:
                    str = user.getEmail();
                    break;
                case name:
                    str = user.getName();
                    break;
            }
            return this.federatedAccountService.federate(FederatedAccount.FederatedAccountType.facebook.name(), str, authenticationToken, user);
        } catch (FacebookException e) {
            this.logger.error(e.getMessage(), e);
            throw new IncorrectCredentialsException("Facebook security verification failed, terminating authentication request", e);
        }
    }
}
