package pl.edu.icm.yadda.ui.security.impl.aas;

import org.opensaml.lite.xacml.ctx.DecisionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.util.Assert;
import pl.edu.icm.yadda.aas.client.LoginResult;
import pl.edu.icm.yadda.aas.client.authn.IAuthenticationManager;
import pl.edu.icm.yadda.service2.user.token.AnonymousToken;
import pl.edu.icm.yadda.ui.security.AuthenticationInspector;

/* loaded from: input_file:WEB-INF/lib/yaddaweb-lite-core-4.4.28.jar:pl/edu/icm/yadda/ui/security/impl/aas/AnonymousAuthenticationProvider.class */
public class AnonymousAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private String key;
    protected IAuthenticationManager authnManager;
    protected AuthenticationInspector authnInspector;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.key, "A Key is required");
        Assert.notNull(this.messages, "A message source must be set");
    }

    @Override // org.springframework.security.providers.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        if (this.key.hashCode() != ((AnonymousAuthenticationToken) authentication).getKeyHash()) {
            throw new BadCredentialsException(this.messages.getMessage("AnonymousAuthenticationProvider.incorrectKey", "The presented AnonymousAuthenticationToken does not contain the expected key"));
        }
        if (!this.authnInspector.requiresAuthentication(authentication)) {
            this.log.debug("already authenticated...");
            return authentication;
        }
        WebAuthenticationDetails webAuthenticationDetails = (WebAuthenticationDetails) authentication.getDetails();
        String remoteAddress = webAuthenticationDetails.getRemoteAddress();
        String sessionId = webAuthenticationDetails.getSessionId();
        LoginResult login = this.authnManager.login(new AnonymousToken(remoteAddress));
        this.log.info("Anonymous LoginResult: decision={}, ip={}, sessionId={}, errors.size()={}", login.getDecition(), remoteAddress, sessionId, Integer.valueOf(login.getErrors().size()));
        if (DecisionType.DECISION.Permit.equals(login.getDecition())) {
            return authentication;
        }
        throw new AuthenticationServiceException("Expecting permit decision, got: " + login.getDecition() + ", error: " + (login.getErrors().size() > 0 ? login.getErrors().get(0).getMessage() : null));
    }

    @Override // org.springframework.security.providers.AuthenticationProvider
    public boolean supports(Class cls) {
        return AnonymousAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void setKey(String str) {
        this.key = str;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setMessages(MessageSourceAccessor messageSourceAccessor) {
        this.messages = messageSourceAccessor;
    }

    public void setAuthnManager(IAuthenticationManager iAuthenticationManager) {
        this.authnManager = iAuthenticationManager;
    }

    public void setAuthnInspector(AuthenticationInspector authenticationInspector) {
        this.authnInspector = authenticationInspector;
    }
}
