package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.Date;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.OAuth2Authentication;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.class */
public class LoginAuthenticationManager implements AuthenticationManager, ApplicationEventPublisherAware {
    public static final String NotANumber = "NaN";
    private ApplicationEventPublisher eventPublisher;
    private UaaUserDatabase userDatabase;
    private final Log logger = LogFactory.getLog(getClass());
    private RandomValueStringGenerator generator = new RandomValueStringGenerator();

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.userDatabase = uaaUserDatabase;
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UaaUser retrieveUserByName;
        if (!(authentication instanceof AuthzAuthenticationRequest)) {
            this.logger.debug("Cannot process request of type: " + authentication.getClass().getName());
            return null;
        }
        AuthzAuthenticationRequest authzAuthenticationRequest = (AuthzAuthenticationRequest) authentication;
        Map<String, String> info = authzAuthenticationRequest.getInfo();
        this.logger.debug("Processing authentication request for " + authzAuthenticationRequest.getName());
        SecurityContext context = SecurityContextHolder.getContext();
        if (!(context.getAuthentication() instanceof OAuth2Authentication) || !((OAuth2Authentication) context.getAuthentication()).isClientOnly()) {
            this.logger.debug("Did not locate login credentials");
            return null;
        }
        UaaUser user = getUser(authzAuthenticationRequest, info);
        UaaAuthenticationDetails uaaAuthenticationDetails = (UaaAuthenticationDetails) authzAuthenticationRequest.getDetails();
        try {
            retrieveUserByName = "NaN".equals(user.getId()) ? this.userDatabase.retrieveUserByName(user.getUsername(), user.getOrigin()) : this.userDatabase.retrieveUserById(user.getId());
        } catch (UsernameNotFoundException e) {
            if (!(uaaAuthenticationDetails != null && uaaAuthenticationDetails.isAddNew())) {
                throw new BadCredentialsException("Bad Credentials");
            }
            publish(new NewUserAuthenticatedEvent(user));
            try {
                retrieveUserByName = this.userDatabase.retrieveUserByName(user.getUsername(), user.getOrigin());
            } catch (UsernameNotFoundException e2) {
                throw new BadCredentialsException("Bad credentials");
            }
        }
        UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(retrieveUserByName), retrieveUserByName.getAuthorities(), uaaAuthenticationDetails);
        publish(new UserAuthenticationSuccessEvent(retrieveUserByName, uaaAuthentication));
        return uaaAuthentication;
    }

    protected void publish(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    protected UaaUser getUser(AuthzAuthenticationRequest authzAuthenticationRequest, Map<String, String> map) {
        String name = authzAuthenticationRequest.getName();
        String str = map.get("email");
        String str2 = map.get("user_id") != null ? map.get("user_id") : "NaN";
        if (map.get("origin") != null && map.get("origin").equals(OriginKeys.UAA)) {
            throw new BadCredentialsException("uaa origin not allowed for external login server");
        }
        String str3 = map.get("origin") != null ? map.get("origin") : OriginKeys.LOGIN_SERVER;
        if (name == null && str != null) {
            name = str;
        }
        if (name == null && "NaN".equals(str2)) {
            throw new BadCredentialsException("Cannot determine username from credentials supplied");
        }
        if (name == null) {
            name = OriginKeys.UNKNOWN;
        }
        if (str == null) {
            str = name.contains("@") ? (name.split("@").length != 2 || name.startsWith("@") || name.endsWith("@")) ? name.replaceAll("@", "") + "@unknown.org" : name : name + "@unknown.org";
        }
        String str4 = map.get("given_name");
        if (str4 == null) {
            str4 = str.split("@")[0];
        }
        String str5 = map.get("family_name");
        if (str5 == null) {
            str5 = str.split("@").length > 1 ? str.split("@")[1] : str;
        }
        return new UaaUser(str2, name, "", str, UaaAuthority.USER_AUTHORITIES, str4, str5, new Date(), new Date(), str3, name, false, IdentityZoneHolder.get().getId(), null, null);
    }
}
