package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.Arrays;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.util.LinkedMaskingMultiValueMap;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.2.5.jar:org/cloudfoundry/identity/uaa/authentication/manager/RestAuthenticationManager.class */
public class RestAuthenticationManager implements AuthenticationManager {
    private RestOperations restTemplate;
    private static String DEFAULT_LOGIN_URL = "http://uaa.cloudfoundry.com/authenticate";
    protected final Log logger = LogFactory.getLog(getClass());
    private String remoteUrl = DEFAULT_LOGIN_URL;
    private boolean nullPassword = false;

    public void setRemoteUrl(String str) {
        this.remoteUrl = str;
    }

    public String getRemoteUrl() {
        return this.remoteUrl;
    }

    public void setRestTemplate(RestOperations restOperations) {
        this.restTemplate = restOperations;
    }

    public RestOperations getRestTemplate() {
        return this.restTemplate;
    }

    public RestAuthenticationManager() {
        this.restTemplate = new RestTemplate();
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
        restTemplate.setErrorHandler(new DefaultResponseErrorHandler() { // from class: org.cloudfoundry.identity.uaa.authentication.manager.RestAuthenticationManager.1
            @Override // org.springframework.web.client.DefaultResponseErrorHandler
            protected boolean hasError(HttpStatus httpStatus) {
                return httpStatus.series() == HttpStatus.Series.SERVER_ERROR;
            }
        });
        this.restTemplate = restTemplate;
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        ResponseEntity<Map> exchange = this.restTemplate.exchange(this.remoteUrl, HttpMethod.POST, new HttpEntity<>(getParameters(name, (String) authentication.getCredentials()), getHeaders()), Map.class, new Object[0]);
        if (exchange.getStatusCode() == HttpStatus.OK || exchange.getStatusCode() == HttpStatus.CREATED) {
            if (evaluateResponse(authentication, exchange)) {
                this.logger.info("Successful authentication request for " + authentication.getName());
                return new UsernamePasswordAuthenticationToken(name, this.nullPassword ? null : "", UaaAuthority.USER_AUTHORITIES);
            }
        } else {
            if (exchange.getStatusCode() == HttpStatus.UNAUTHORIZED) {
                this.logger.info("Failed authentication request");
                throw new BadCredentialsException("Authentication failed");
            }
            if (exchange.getStatusCode() == HttpStatus.INTERNAL_SERVER_ERROR) {
                this.logger.info("Internal error from UAA. Please Check the UAA logs.");
            } else {
                this.logger.error("Unexpected status code " + exchange.getStatusCode() + " from the UAA. Is a compatible version running?");
            }
        }
        throw new RuntimeException("Could not authenticate with remote server");
    }

    protected boolean evaluateResponse(Authentication authentication, ResponseEntity<Map> responseEntity) {
        return ((String) responseEntity.getBody().get("username")).equals(authentication.getPrincipal().toString());
    }

    protected Object getParameters(String str, String str2) {
        LinkedMaskingMultiValueMap linkedMaskingMultiValueMap = new LinkedMaskingMultiValueMap("password");
        linkedMaskingMultiValueMap.set("username", str);
        linkedMaskingMultiValueMap.set("password", str2);
        return linkedMaskingMultiValueMap;
    }

    protected HttpHeaders getHeaders() {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
        return httpHeaders;
    }

    public boolean isNullPassword() {
        return this.nullPassword;
    }

    public void setNullPassword(boolean z) {
        this.nullPassword = z;
    }
}
