package org.cloudfoundry.identity.uaa.authentication;

import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.login.AuthenticationResponse;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.12.4.jar:org/cloudfoundry/identity/uaa/authentication/RemoteAuthenticationEndpoint.class */
public class RemoteAuthenticationEndpoint {
    private final Log logger = LogFactory.getLog(getClass());
    private AuthenticationManager authenticationManager;
    private AuthenticationManager loginAuthenticationManager;

    public void setLoginAuthenticationManager(AuthenticationManager authenticationManager) {
        this.loginAuthenticationManager = authenticationManager;
    }

    public RemoteAuthenticationEndpoint(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @RequestMapping(value = {"/authenticate"}, method = {RequestMethod.POST})
    @ResponseBody
    public HttpEntity<AuthenticationResponse> authenticate(HttpServletRequest httpServletRequest, @RequestParam(value = "username", required = true) String str, @RequestParam(value = "password", required = true) String str2) {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, str2);
        usernamePasswordAuthenticationToken.setDetails(new UaaAuthenticationDetails(httpServletRequest));
        HttpStatus httpStatus = HttpStatus.UNAUTHORIZED;
        try {
            Authentication authenticate = this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
            authenticationResponse.setUsername(authenticate.getName());
            if (authenticate.getPrincipal() != null && (authenticate.getPrincipal() instanceof UaaPrincipal)) {
                authenticationResponse.setEmail(((UaaPrincipal) authenticate.getPrincipal()).getEmail());
            }
            processAdditionalInformation(authenticationResponse, authenticate);
            httpStatus = HttpStatus.OK;
        } catch (AccountNotVerifiedException e) {
            authenticationResponse.setError("account not verified");
            httpStatus = HttpStatus.FORBIDDEN;
        } catch (AuthenticationException e2) {
            authenticationResponse.setError("authentication failed");
        } catch (Exception e3) {
            this.logger.debug("Failed to authenticate user ", e3);
            authenticationResponse.setError("error");
            httpStatus = HttpStatus.INTERNAL_SERVER_ERROR;
        }
        return new ResponseEntity(authenticationResponse, httpStatus);
    }

    @RequestMapping(value = {"/authenticate"}, method = {RequestMethod.POST}, params = {"source", "origin", UaaAuthenticationDetails.ADD_NEW})
    @ResponseBody
    public HttpEntity<AuthenticationResponse> authenticate(HttpServletRequest httpServletRequest, @RequestParam(value = "username", required = true) String str, @RequestParam(value = "origin", required = true) String str2, @RequestParam(value = "email", required = false) String str3) {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        HttpStatus httpStatus = HttpStatus.UNAUTHORIZED;
        if (!hasClientOauth2Authentication()) {
            authenticationResponse.setError("authentication failed");
            return new ResponseEntity(authenticationResponse, httpStatus);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("username", str);
        hashMap.put("origin", str2);
        if (StringUtils.hasText(str3)) {
            hashMap.put("email", str3);
        }
        try {
            Authentication authenticate = this.loginAuthenticationManager.authenticate(new AuthzAuthenticationRequest(hashMap, new UaaAuthenticationDetails(httpServletRequest)));
            authenticationResponse.setUsername(authenticate.getName());
            processAdditionalInformation(authenticationResponse, authenticate);
            httpStatus = HttpStatus.OK;
        } catch (AuthenticationException e) {
            authenticationResponse.setError("authentication failed");
        } catch (Exception e2) {
            this.logger.debug("Failed to authenticate user ", e2);
            authenticationResponse.setError("error");
            httpStatus = HttpStatus.INTERNAL_SERVER_ERROR;
        }
        return new ResponseEntity(authenticationResponse, httpStatus);
    }

    private void processAdditionalInformation(AuthenticationResponse authenticationResponse, Authentication authentication) {
        UaaPrincipal principal;
        if (!hasClientOauth2Authentication() || (principal = getPrincipal(authentication)) == null) {
            return;
        }
        authenticationResponse.setOrigin(principal.getOrigin());
        authenticationResponse.setUserId(principal.getId());
    }

    protected UaaPrincipal getPrincipal(Authentication authentication) {
        if (authentication.getPrincipal() instanceof UaaPrincipal) {
            return (UaaPrincipal) authentication.getPrincipal();
        }
        return null;
    }

    protected boolean hasClientOauth2Authentication() {
        SecurityContext context = SecurityContextHolder.getContext();
        return (context.getAuthentication() instanceof OAuth2Authentication) && ((OAuth2Authentication) context.getAuthentication()).isClientOnly();
    }
}
