package net.devh.boot.grpc.server.security.authentication;

import java.util.Objects;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:BOOT-INF/lib/grpc-server-spring-boot-autoconfigure-2.15.0.RELEASE.jar:net/devh/boot/grpc/server/security/authentication/X509CertificateAuthenticationProvider.class */
public class X509CertificateAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509CertificateAuthenticationProvider.class);
    public static final Function<Authentication, String> PRINCIPAL_USERNAME_EXTRACTOR = (v0) -> {
        return v0.getName();
    };
    public static final Function<X509CertificateAuthentication, String> CN_USERNAME_EXTRACTOR = patternExtractor("CN", PRINCIPAL_USERNAME_EXTRACTOR);
    public static final Function<Authentication, String> FAIL_FALLBACK = authentication -> {
        return null;
    };
    private final Function<? super X509CertificateAuthentication, String> usernameExtractor;
    private final UserDetailsService userDetailsService;

    public static Function<X509CertificateAuthentication, String> patternExtractor(String str, Function<? super X509CertificateAuthentication, String> function) {
        Objects.requireNonNull(str, "key");
        Objects.requireNonNull(function, "fallback");
        Pattern compile = Pattern.compile(str + "=(.+?)(?:,|$)", 2);
        return x509CertificateAuthentication -> {
            Object principal = x509CertificateAuthentication.getPrincipal();
            if (principal instanceof X500Principal) {
                Matcher matcher = compile.matcher(((X500Principal) principal).getName());
                if (matcher.find()) {
                    return matcher.group(1);
                }
            }
            return (String) function.apply(x509CertificateAuthentication);
        };
    }

    public X509CertificateAuthenticationProvider(UserDetailsService userDetailsService) {
        this(CN_USERNAME_EXTRACTOR, userDetailsService);
    }

    public X509CertificateAuthenticationProvider(Function<? super X509CertificateAuthentication, String> function, UserDetailsService userDetailsService) {
        this.usernameExtractor = (Function) Objects.requireNonNull(function, "usernameExtractor");
        this.userDetailsService = (UserDetailsService) Objects.requireNonNull(userDetailsService, "userDetailsService");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof X509CertificateAuthentication)) {
            throw new IllegalArgumentException("Unsupported authentication type: " + authentication.getClass().getName() + ". Only X509CertificateAuthentication is supported!");
        }
        X509CertificateAuthentication x509CertificateAuthentication = (X509CertificateAuthentication) authentication;
        String apply = this.usernameExtractor.apply(x509CertificateAuthentication);
        if (apply == null) {
            log.debug("Could not find username");
            throw new UsernameNotFoundException("No username provided");
        }
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(apply);
        if (loadUserByUsername == null) {
            log.debug("Could not find user '{}'", apply);
            throw new UsernameNotFoundException("Unknown username: " + apply);
        }
        log.debug("Authenticated as '{}'", apply);
        return new X509CertificateAuthentication(loadUserByUsername, x509CertificateAuthentication.m4476getCredentials(), loadUserByUsername.getAuthorities());
    }

    public boolean supports(Class<?> cls) {
        return X509CertificateAuthentication.class.isAssignableFrom(cls);
    }
}
