package org.apereo.cas.support.oauth.authenticator;

import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.profile.OAuthUserProfile;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.CredentialsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/authenticator/OAuthUserAuthenticator.class */
public class OAuthUserAuthenticator implements Authenticator<UsernamePasswordCredentials> {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuthUserAuthenticator.class);
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final ServicesManager servicesManager;
    private final ServiceFactory webApplicationServiceFactory;

    public OAuthUserAuthenticator(AuthenticationSystemSupport authenticationSystemSupport, ServicesManager servicesManager, ServiceFactory serviceFactory) {
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.servicesManager = servicesManager;
        this.webApplicationServiceFactory = serviceFactory;
    }

    public void validate(UsernamePasswordCredentials usernamePasswordCredentials, WebContext webContext) throws CredentialsException {
        Credential usernamePasswordCredential = new UsernamePasswordCredential(usernamePasswordCredentials.getUsername(), usernamePasswordCredentials.getPassword());
        try {
            String requestParameter = webContext.getRequestParameter("client_id");
            Service createService = this.webApplicationServiceFactory.createService(requestParameter);
            OAuthRegisteredService registeredOAuthService = OAuth20Utils.getRegisteredOAuthService(this.servicesManager, requestParameter);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredOAuthService);
            Principal principal = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction((Service) null, new Credential[]{usernamePasswordCredential}).getAuthentication().getPrincipal();
            OAuthUserProfile oAuthUserProfile = new OAuthUserProfile();
            String resolveUsername = registeredOAuthService.getUsernameAttributeProvider().resolveUsername(principal, createService);
            LOGGER.debug("Created profile id [{}]", resolveUsername);
            oAuthUserProfile.setId(resolveUsername);
            oAuthUserProfile.addAttributes(registeredOAuthService.getAttributeReleasePolicy().getAttributes(principal, registeredOAuthService));
            LOGGER.debug("Authenticated user profile [{}]", oAuthUserProfile);
            usernamePasswordCredentials.setUserProfile(oAuthUserProfile);
        } catch (Exception e) {
            throw new CredentialsException("Cannot login user using CAS internal authentication", e);
        }
    }
}
