package eu.eudml.ui.security.spring.authentication.provider;

import eu.eudml.service.usercatalog.EudmlUserCatalog;
import eu.eudml.ui.security.spring.Domain;
import eu.eudml.ui.security.spring.ExternalUser;
import eu.eudml.ui.security.spring.RoleName;
import eu.eudml.ui.security.spring.UserSecurityService;
import eu.eudml.ui.security.spring.authentication.token.EudmlAuthentication;
import eu.eudml.ui.security.spring.authentication.token.EudmlOpenIdAuthentication;
import eu.eudml.ui.security.spring.helper.UserDataWrapper;
import eu.eudml.ui.security.spring.service.UserService;
import eu.eudml.ui.security.spring.service.accessors.SecurityAccessor;
import eu.eudml.ui.security.spring.transformers.UserDataWrapperToAuthenticationTransformer;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.openid.AuthenticationCancelledException;
import org.springframework.security.openid.OpenIDAuthenticationStatus;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import pl.edu.icm.yadda.service2.user.model.UserData;
import pl.edu.icm.yadda.service2.user.token.OpenIdToken;

/* loaded from: input_file:WEB-INF/classes/eu/eudml/ui/security/spring/authentication/provider/EudmlOpenIdAuthenticationProvider.class */
public class EudmlOpenIdAuthenticationProvider implements AuthenticationProvider {
    Logger logger = LoggerFactory.getLogger(EudmlOpenIdAuthenticationProvider.class);
    UserDataWrapperToAuthenticationTransformer userDataWrapperToAuthenticationTransformer;
    private EudmlUserCatalog eudmlUserCatalog;
    private UserSecurityService securityService;
    private UserService userService;
    private SecurityAccessor securityAccessor;

    /* loaded from: input_file:WEB-INF/classes/eu/eudml/ui/security/spring/authentication/provider/EudmlOpenIdAuthenticationProvider$CT.class */
    private static class CT {
        private static final String GOOGLE_ACCOUNT_ID = "https://www.google.com/accounts";
        private static final String GOOGLE = "GOOGLE";
        private static final String OPEN_ID = "OPEN_ID";

        private CT() {
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<? extends Object> cls) {
        return cls.isAssignableFrom(OpenIDAuthenticationToken.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass()) || !(authentication instanceof OpenIDAuthenticationToken)) {
            return null;
        }
        OpenIDAuthenticationToken openIDAuthenticationToken = (OpenIDAuthenticationToken) authentication;
        OpenIDAuthenticationStatus status = openIDAuthenticationToken.getStatus();
        if (status != OpenIDAuthenticationStatus.SUCCESS) {
            if (status == OpenIDAuthenticationStatus.CANCELLED) {
                throw new AuthenticationCancelledException("Log in cancelled");
            }
            if (status == OpenIDAuthenticationStatus.ERROR) {
                throw new AuthenticationServiceException("Server error: " + openIDAuthenticationToken.getMessage());
            }
            if (status == OpenIDAuthenticationStatus.FAILURE) {
                throw new BadCredentialsException("Log in failed");
            }
            if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
                throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
            }
            throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
        }
        if (this.securityService.userCurrentlyLogIn()) {
            this.userService.bindToCurrentUserIdentity(openIDAuthenticationToken.getIdentityUrl());
            this.securityService.reauthenticate();
            return this.securityAccessor.getCurrentAuthentication();
        }
        String verifyToken = this.securityService.verifyToken(new OpenIdToken(openIDAuthenticationToken.getIdentityUrl(), Domain.EUDML.DOMAIN));
        if (ifAccountNotExists(verifyToken)) {
            EudmlOpenIdAuthentication createEudmlOpenIdAuthentication = createEudmlOpenIdAuthentication(openIDAuthenticationToken.getIdentityUrl());
            this.logger.debug("login succeeded {}", openIDAuthenticationToken.getIdentityUrl());
            return createEudmlOpenIdAuthentication;
        }
        UserDataWrapper userDataWrapper = new UserDataWrapper(this.eudmlUserCatalog.loadUser(verifyToken, Domain.EUDML.DOMAIN, UserData.UserDataParts.EFFECTIVE_ROLES, UserData.UserDataParts.SAFE_SENSITIVE_DATA));
        if (userDataWrapper.accountNotExists()) {
            this.logger.debug("There is inconsistent userdata for userId = {}, identity = {}", verifyToken, openIDAuthenticationToken.getIdentityUrl());
            return null;
        }
        EudmlAuthentication transform = this.userDataWrapperToAuthenticationTransformer.transform(userDataWrapper);
        transform.setLoginUsingOpenId(true);
        return transform;
    }

    private EudmlOpenIdAuthentication createEudmlOpenIdAuthentication(String str) {
        ExternalUser externalUser = new ExternalUser(str.startsWith("https://www.google.com/accounts") ? "GOOGLE" : "OPEN_ID", str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GrantedAuthorityImpl(RoleName.LIMITED.ROLE));
        EudmlOpenIdAuthentication eudmlOpenIdAuthentication = new EudmlOpenIdAuthentication(externalUser, arrayList);
        eudmlOpenIdAuthentication.setAuthenticated(true);
        return eudmlOpenIdAuthentication;
    }

    private boolean ifAccountNotExists(String str) {
        return str == null;
    }

    @Required
    public void setUserDataWrapperToAuthenticationTransformer(UserDataWrapperToAuthenticationTransformer userDataWrapperToAuthenticationTransformer) {
        this.userDataWrapperToAuthenticationTransformer = userDataWrapperToAuthenticationTransformer;
    }

    @Required
    public void setEudmlUserCatalog(EudmlUserCatalog eudmlUserCatalog) {
        this.eudmlUserCatalog = eudmlUserCatalog;
    }

    @Required
    public void setSecurityService(UserSecurityService userSecurityService) {
        this.securityService = userSecurityService;
    }

    @Required
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Required
    public void setSecurityAccessor(SecurityAccessor securityAccessor) {
        this.securityAccessor = securityAccessor;
    }
}
