package org.cloudfoundry.identity.uaa.login;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.client.SocialClientUserDetails;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.3.1.jar:org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManager.class */
public class AutologinAuthenticationManager implements AuthenticationManager {
    private Log logger = LogFactory.getLog(getClass());
    private ExpiringCodeStore codeStore;

    public ExpiringCodeStore getExpiringCodeStore() {
        return this.codeStore;
    }

    public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.codeStore = expiringCodeStore;
    }

    public ExpiringCode doRetrieveCode(String str) {
        return this.codeStore.retrieveCode(str);
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof AuthzAuthenticationRequest)) {
            return null;
        }
        ExpiringCode doRetrieveCode = doRetrieveCode(((AuthzAuthenticationRequest) authentication).getInfo().get("code"));
        SocialClientUserDetails socialClientUserDetails = null;
        if (doRetrieveCode != null) {
            try {
                socialClientUserDetails = (SocialClientUserDetails) JsonUtils.readValue(doRetrieveCode.getData(), SocialClientUserDetails.class);
            } catch (JsonUtils.JsonUtilException e) {
                throw new BadCredentialsException("JsonConversion error", e);
            }
        }
        if (socialClientUserDetails == null) {
            throw new BadCredentialsException("Cannot redeem provided code for user");
        }
        String str = null;
        Object username = socialClientUserDetails.getUsername();
        if (socialClientUserDetails.getDetails() instanceof String) {
            str = (String) socialClientUserDetails.getDetails();
        } else if (socialClientUserDetails.getDetails() instanceof Map) {
            Map map = (Map) socialClientUserDetails.getDetails();
            str = (String) map.get("client_id");
            username = new UaaPrincipal((String) map.get(Claims.USER_ID), socialClientUserDetails.getUsername(), null, (String) map.get(Origin.ORIGIN), null, IdentityZoneHolder.get().getId());
        }
        if (str == null) {
            throw new BadCredentialsException("Cannot redeem provided code for user, client id missing");
        }
        if (!(authentication.getDetails() instanceof UaaAuthenticationDetails)) {
            throw new BadCredentialsException("Cannot redeem provided code for user, auth details missing");
        }
        if (!str.equals(((UaaAuthenticationDetails) authentication.getDetails()).getClientId())) {
            throw new BadCredentialsException("Cannot redeem provided code for user, client mismatch");
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(username, null, socialClientUserDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(authentication.getDetails());
        return usernamePasswordAuthenticationToken;
    }
}
