package org.cloudfoundry.identity.uaa.login.saml;

import java.util.Date;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
import org.cloudfoundry.identity.uaa.authentication.manager.NewUserAuthenticatedEvent;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.ProviderNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.providers.ExpiringUsernameAuthenticationToken;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLAuthenticationToken;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.2.5.jar:org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProvider.class */
public class LoginSamlAuthenticationProvider extends SAMLAuthenticationProvider implements ApplicationEventPublisherAware {
    private UaaUserDatabase userDatabase;
    private ApplicationEventPublisher eventPublisher;
    private IdentityProviderProvisioning identityProviderProvisioning;

    public void setIdentityProviderProvisioning(IdentityProviderProvisioning identityProviderProvisioning) {
        this.identityProviderProvisioning = identityProviderProvisioning;
    }

    public void setUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.userDatabase = uaaUserDatabase;
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    @Override // org.springframework.security.saml.SAMLAuthenticationProvider, org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            throw new IllegalArgumentException("Only SAMLAuthenticationToken is supported, " + authentication.getClass() + " was attempted");
        }
        IdentityZone identityZone = IdentityZoneHolder.get();
        String alias = ((SAMLAuthenticationToken) authentication).getCredentials().getPeerExtendedMetadata().getAlias();
        try {
            if (!this.identityProviderProvisioning.retrieveByOrigin(alias, IdentityZoneHolder.get().getId()).isActive()) {
                throw new ProviderNotFoundException("Identity Provider has been disabled by administrator.");
            }
            ExpiringUsernameAuthenticationToken expiringUsernameAuthenticationToken = (ExpiringUsernameAuthenticationToken) super.authenticate(authentication);
            return new LoginSamlAuthenticationToken(createIfMissing(new UaaPrincipal("NaN", expiringUsernameAuthenticationToken.getName(), null, alias, expiringUsernameAuthenticationToken.getName(), identityZone.getId())), expiringUsernameAuthenticationToken);
        } catch (EmptyResultDataAccessException e) {
            throw new ProviderNotFoundException("Not identity provider found in zone.");
        }
    }

    protected void publish(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    protected UaaPrincipal createIfMissing(UaaPrincipal uaaPrincipal) {
        UaaUser retrieveUserByName;
        try {
            retrieveUserByName = this.userDatabase.retrieveUserByName(uaaPrincipal.getName(), uaaPrincipal.getOrigin());
        } catch (UsernameNotFoundException e) {
            publish(new NewUserAuthenticatedEvent(getUser(uaaPrincipal)));
            try {
                retrieveUserByName = this.userDatabase.retrieveUserByName(uaaPrincipal.getName(), uaaPrincipal.getOrigin());
            } catch (UsernameNotFoundException e2) {
                throw new BadCredentialsException("Unable to establish shadow user for SAML user:" + uaaPrincipal.getName());
            }
        }
        UaaPrincipal uaaPrincipal2 = new UaaPrincipal(retrieveUserByName);
        publish(new UserAuthenticationSuccessEvent(retrieveUserByName, new UaaAuthentication(uaaPrincipal2, retrieveUserByName.getAuthorities(), null)));
        return uaaPrincipal2;
    }

    protected UaaUser getUser(UaaPrincipal uaaPrincipal) {
        String name = uaaPrincipal.getName();
        String str = null;
        String origin = uaaPrincipal.getOrigin() != null ? uaaPrincipal.getOrigin() : Origin.LOGIN_SERVER;
        String zoneId = uaaPrincipal.getZoneId();
        if (name == null && 0 != 0) {
            name = null;
        }
        if (name == null && "NaN".equals("NaN")) {
            throw new BadCredentialsException("Cannot determine username from credentials supplied");
        }
        if (name == null) {
            name = "unknown";
        }
        if (0 == 0) {
            str = name.contains("@") ? (name.split("@").length != 2 || name.startsWith("@") || name.endsWith("@")) ? name.replaceAll("@", "") + "@unknown.org" : name : name + "@unknown.org";
        }
        String str2 = null;
        if (0 == 0) {
            str2 = str.split("@")[0];
        }
        String str3 = null;
        if (0 == 0) {
            str3 = str.split("@")[1];
        }
        return new UaaUser("NaN", name, "", str, UaaAuthority.USER_AUTHORITIES, str2, str3, new Date(), new Date(), origin, name, false, zoneId);
    }
}
