package org.cloudfoundry.identity.uaa.authentication.manager;

import com.fasterxml.jackson.core.type.TypeReference;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.InvalidCodeException;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.class */
public class AutologinAuthenticationManager implements AuthenticationManager {
    private Log logger = LogFactory.getLog(getClass());
    private ExpiringCodeStore codeStore;
    private ClientDetailsService clientDetailsService;
    private UaaUserDatabase userDatabase;

    public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.codeStore = expiringCodeStore;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public void setUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.userDatabase = uaaUserDatabase;
    }

    public ExpiringCode doRetrieveCode(String str) {
        return this.codeStore.retrieveCode(str);
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof AuthzAuthenticationRequest)) {
            return null;
        }
        ExpiringCode doRetrieveCode = doRetrieveCode(((AuthzAuthenticationRequest) authentication).getInfo().get("code"));
        try {
            if (doRetrieveCode == null) {
                this.logger.debug("Autologin code has expired");
                throw new InvalidCodeException("expired_code", "Expired code", 422);
            }
            Map map = (Map) JsonUtils.readValue(doRetrieveCode.getData(), new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.authentication.manager.AutologinAuthenticationManager.1
            });
            if (!isAutologinCode(doRetrieveCode.getIntent(), (String) map.get("action"))) {
                this.logger.debug("Code is not meant for autologin");
                throw new InvalidCodeException("invalid_code", "Not an autologin code", 422);
            }
            String str = (String) map.get("user_id");
            String str2 = (String) map.get("client_id");
            if (str2 == null) {
                throw new BadCredentialsException("Cannot redeem provided code for user, client id missing");
            }
            try {
                this.clientDetailsService.loadClientByClientId(str2);
                try {
                    UaaUser retrieveUserById = this.userDatabase.retrieveUserById(str);
                    if (str2.equals(((UaaAuthenticationDetails) authentication.getDetails()).getClientId())) {
                        return new UaaAuthentication(new UaaPrincipal(retrieveUserById), UaaAuthority.USER_AUTHORITIES, (UaaAuthenticationDetails) authentication.getDetails());
                    }
                    throw new BadCredentialsException("Cannot redeem provided code for user, client mismatch");
                } catch (UsernameNotFoundException e) {
                    throw new BadCredentialsException("Cannot redeem provided code for user, user is missing");
                }
            } catch (NoSuchClientException e2) {
                throw new BadCredentialsException("Cannot redeem provided code for user, client is missing");
            }
        } catch (JsonUtils.JsonUtilException e3) {
            throw new BadCredentialsException("JsonConversion error", e3);
        }
    }

    private boolean isAutologinCode(String str, String str2) {
        return (str != null && str.equals(ExpiringCodeType.AUTOLOGIN.name())) || (str2 != null && str2.equals(ExpiringCodeType.AUTOLOGIN.name()));
    }
}
