package org.apache.kylin.rest.security.cas;

import java.util.Collection;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.security.KylinUserManager;
import org.apache.kylin.rest.security.ManagedUser;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:WEB-INF/lib/kylin-server-base-4.0.4.jar:org/apache/kylin/rest/security/cas/CasUserDetailsService.class */
public class CasUserDetailsService extends AbstractCasAssertionUserDetailsService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CasUserDetailsService.class);
    private static final String NON_EXISTENT_PASSWORD_VALUE = "NO_PASSWORD";
    private String[] defaultAuthorities = {Constant.GROUP_ALL_USERS};

    public void setDefaultAuthorities(String[] strArr) {
        this.defaultAuthorities = strArr;
    }

    @Override // org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
    protected UserDetails loadUserDetails(Assertion assertion) {
        if (assertion == null) {
            throw new CredentialsExpiredException("bad assertion");
        }
        ManagedUser parseUserDetails = parseUserDetails(assertion);
        KylinUserManager kylinUserManager = KylinUserManager.getInstance(KylinConfig.getInstanceFromEnv());
        if (kylinUserManager.get(parseUserDetails.getUsername()) == null) {
            kylinUserManager.update(parseUserDetails);
        }
        return kylinUserManager.get(parseUserDetails.getUsername());
    }

    protected ManagedUser parseUserDetails(Assertion assertion) {
        AttributePrincipal principal = assertion.getPrincipal();
        return new ManagedUser(principal.getName(), NON_EXISTENT_PASSWORD_VALUE, (Boolean) true, (Collection<? extends GrantedAuthority>) Stream.of((Object[]) this.defaultAuthorities).map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
    }
}
