package org.apache.cxf.fediz.spring.authentication;

import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.apache.cxf.fediz.spring.FederationConfig;
import org.apache.cxf.fediz.spring.SpringFedizMessageSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.class */
public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
    private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
    private AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService;
    private FederationConfig federationConfig;
    protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
    private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();

    public AuthenticationUserDetailsService<FederationResponseAuthenticationToken> getAuthenticationUserDetailsService() {
        return this.authenticationUserDetailsService;
    }

    public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService) {
        this.authenticationUserDetailsService = authenticationUserDetailsService;
    }

    public FederationConfig getFederationConfig() {
        return this.federationConfig;
    }

    public void setFederationConfig(FederationConfig federationConfig) {
        this.federationConfig = federationConfig;
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationUserDetailsService, "An authenticationUserDetailsService must be set");
        Assert.notNull(this.messages, "A message source must be set");
        Assert.notNull(this.federationConfig, "FederationConfig cannot be null.");
    }

    public Authentication authenticate(Authentication authentication) {
        if (!supports(authentication.getClass()) || !(authentication instanceof UsernamePasswordAuthenticationToken)) {
            return null;
        }
        if (authentication.getCredentials() == null || "".equals(authentication.getCredentials())) {
            throw new BadCredentialsException(this.messages.getMessage("FederationAuthenticationProvider.noSignInRequest", "Failed to get SignIn request"));
        }
        FederationAuthenticationToken authenticateNow = authenticateNow(authentication);
        authenticateNow.setDetails(authentication.getDetails());
        return authenticateNow;
    }

    private FederationAuthenticationToken authenticateNow(Authentication authentication) {
        try {
            FedizRequest fedizRequest = (FedizRequest) authentication.getCredentials();
            FedizContext fedizContext = this.federationConfig.getFedizContext();
            FedizResponse processRequest = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol()).processRequest(fedizRequest, fedizContext);
            UserDetails loadUserByFederationResponse = loadUserByFederationResponse(processRequest);
            this.userDetailsChecker.check(loadUserByFederationResponse);
            return new FederationAuthenticationToken(loadUserByFederationResponse, authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(loadUserByFederationResponse.getAuthorities()), loadUserByFederationResponse, processRequest);
        } catch (Exception e) {
            LOG.error("Failed to validate SignIn request", e);
            throw new BadCredentialsException(e.getMessage(), e);
        }
    }

    protected UserDetails loadUserByFederationResponse(FedizResponse fedizResponse) {
        return this.authenticationUserDetailsService.loadUserDetails(new FederationResponseAuthenticationToken(fedizResponse));
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls) || FederationAuthenticationToken.class.isAssignableFrom(cls);
    }
}
