package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.Date;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
import org.cloudfoundry.identity.uaa.user.DialableByPhone;
import org.cloudfoundry.identity.uaa.user.ExternallyIdentifiable;
import org.cloudfoundry.identity.uaa.user.Mailable;
import org.cloudfoundry.identity.uaa.user.Named;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.user.UaaUserPrototype;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManager.class */
public class ExternalLoginAuthenticationManager implements AuthenticationManager, ApplicationEventPublisherAware, BeanNameAware {
    private ApplicationEventPublisher eventPublisher;
    private UaaUserDatabase userDatabase;
    private String name;
    protected final Log logger = LogFactory.getLog(getClass());
    private String origin = Origin.UNKNOWN;

    public String getOrigin() {
        return this.origin;
    }

    public void setOrigin(String str) {
        this.origin = str;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.userDatabase = uaaUserDatabase;
    }

    public UaaUserDatabase getUserDatabase() {
        return this.userDatabase;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UaaUser user = getUser(authentication);
        if (user == null) {
            return null;
        }
        boolean z = false;
        try {
            UaaUser retrieveUserByName = this.userDatabase.retrieveUserByName(user.getUsername(), getOrigin());
            if (retrieveUserByName != null) {
                user = retrieveUserByName;
            } else {
                z = true;
            }
        } catch (UsernameNotFoundException e) {
            z = true;
        }
        if (z) {
            publish(new NewUserAuthenticatedEvent(user));
            try {
                user = this.userDatabase.retrieveUserByName(user.getUsername(), getOrigin());
            } catch (UsernameNotFoundException e2) {
                throw new BadCredentialsException("Unable to register user in internal UAA store.");
            }
        }
        UaaUser userAuthenticated = userAuthenticated(authentication, user);
        UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(userAuthenticated), userAuthenticated.getAuthorities(), authentication.getDetails() instanceof UaaAuthenticationDetails ? (UaaAuthenticationDetails) authentication.getDetails() : UaaAuthenticationDetails.UNKNOWN);
        if (authentication.getPrincipal() instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
            uaaAuthentication.setUserAttributes(getUserAttributes(userDetails));
            uaaAuthentication.setExternalGroups(new HashSet(getExternalUserAuthorities(userDetails)));
        }
        publish(new UserAuthenticationSuccessEvent(userAuthenticated, uaaAuthentication));
        return uaaAuthentication;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MultiValueMap<String, String> getUserAttributes(UserDetails userDetails) {
        return new LinkedMultiValueMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getExternalUserAuthorities(UserDetails userDetails) {
        return new LinkedList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void publish(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    protected UaaUser userAuthenticated(Authentication authentication, UaaUser uaaUser) {
        return uaaUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UaaUser getUser(Authentication authentication) {
        UserDetails user;
        if (authentication.getPrincipal() instanceof UserDetails) {
            user = (UserDetails) authentication.getPrincipal();
        } else {
            if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                if (authentication.getPrincipal() == null) {
                    this.logger.debug(getClass().getName() + "[" + this.name + "] cannot process null principal");
                    return null;
                }
                this.logger.debug(getClass().getName() + "[" + this.name + "] cannot process request of type: " + authentication.getClass().getName());
                return null;
            }
            user = new User(authentication.getPrincipal().toString(), authentication.getCredentials() != null ? authentication.getCredentials().toString() : "", true, true, true, true, UaaAuthority.USER_AUTHORITIES);
        }
        String username = user.getUsername();
        String str = null;
        if (user instanceof Mailable) {
            str = ((Mailable) user).getEmailAddress();
            if (username == null) {
                username = str;
            }
        }
        if (str == null) {
            if (username == null) {
                throw new BadCredentialsException("Cannot determine username from credentials supplied");
            }
            str = username.contains("@") ? (username.split("@").length != 2 || username.startsWith("@") || username.endsWith("@")) ? username.replaceAll("@", "") + "@user.from." + getOrigin() + ".cf" : username : username + "@user.from." + getOrigin() + ".cf";
        }
        String str2 = null;
        String str3 = null;
        if (user instanceof Named) {
            Named named = (Named) user;
            str2 = named.getGivenName();
            str3 = named.getFamilyName();
        }
        if (str2 == null) {
            str2 = str.split("@")[0];
        }
        if (str3 == null) {
            str3 = str.split("@")[1];
        }
        return new UaaUser(new UaaUserPrototype().withUsername(username).withPassword("").withEmail(str).withAuthorities(UaaAuthority.USER_AUTHORITIES).withGivenName(str2).withFamilyName(str3).withCreated(new Date()).withModified(new Date()).withOrigin(this.origin).withExternalId(user instanceof ExternallyIdentifiable ? ((ExternallyIdentifiable) user).getExternalId() : username).withZoneId(IdentityZoneHolder.get().getId()).withPhoneNumber(user instanceof DialableByPhone ? ((DialableByPhone) user).getPhoneNumber() : null));
    }

    public void setBeanName(String str) {
        this.name = str;
    }
}
