package org.cloudfoundry.multiapps.controller.web.security;

import com.sap.cloudfoundry.client.facade.CloudOperationException;
import javax.inject.Inject;
import javax.inject.Named;
import org.cloudfoundry.multiapps.controller.client.TokenProvider;
import org.cloudfoundry.multiapps.controller.client.util.TokenFactory;
import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider;
import org.cloudfoundry.multiapps.controller.core.cf.TokenProviderFactory;
import org.cloudfoundry.multiapps.controller.core.security.token.parsers.TokenParserChain;
import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
import org.cloudfoundry.multiapps.controller.core.util.SecurityUtil;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Named("customAuthenticationProvider")
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/security/CustomAuthenticationProvider.class */
public class CustomAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

    @Inject
    @Qualifier("tokenStore")
    TokenStore tokenStore;

    @Inject
    @Qualifier("tokenProviderFactory")
    TokenProviderFactory cloudFoundryTokenProviderFactory;

    @Inject
    ApplicationConfiguration configuration;

    @Inject
    TokenFactory tokenFactory;

    @Inject
    TokenParserChain tokenParserChain;

    public Authentication authenticate(Authentication authentication) {
        if (!this.configuration.isBasicAuthEnabled().booleanValue()) {
            throw new InsufficientAuthenticationException("Basic authentication is not enabled, use OAuth2");
        }
        try {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
            TokenProvider createTokenProvider = this.cloudFoundryTokenProviderFactory.createTokenProvider((String) usernamePasswordAuthenticationToken.getPrincipal(), (String) usernamePasswordAuthenticationToken.getCredentials());
            OAuth2AccessToken token = createTokenProvider != null ? createTokenProvider.getToken() : null;
            if (token == null) {
                AuditLoggingProvider.getFacade().logSecurityIncident("Null access token returned by cloud controller");
                throw new AuthenticationServiceException("Null access token returned by cloud controller");
            }
            OAuth2Authentication readAuthentication = this.tokenStore.readAuthentication(token);
            if (readAuthentication == null) {
                OAuth2AccessToken parse = this.tokenParserChain.parse(token.getValue());
                readAuthentication = SecurityUtil.createAuthentication("cf", parse.getScope(), SecurityUtil.getTokenUserInfo(parse));
                storeAccessToken(parse, readAuthentication);
            }
            return readAuthentication;
        } catch (CloudOperationException e) {
            AuditLoggingProvider.getFacade().logSecurityIncident(Messages.CANNOT_AUTHENTICATE_WITH_CLOUD_CONTROLLER);
            throw new BadCredentialsException(Messages.CANNOT_AUTHENTICATE_WITH_CLOUD_CONTROLLER, e);
        }
    }

    private void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        try {
            this.tokenStore.storeAccessToken(oAuth2AccessToken, oAuth2Authentication);
        } catch (DataIntegrityViolationException e) {
            LOGGER.debug(Messages.ERROR_STORING_TOKEN_DUE_TO_INTEGRITY_VIOLATION, e);
        }
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
