package com.cloudseal.client.spring;

import com.cloudseal.client.saml2.AuthResponseValidatorImpl;
import com.cloudseal.client.saml2.CloudsealPrincipal;
import com.cloudseal.client.saml2.VerificationException;
import com.cloudseal.client.spring.CloudsealAssertionAuthenticationToken;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;

/* loaded from: input_file:com/cloudseal/client/spring/CloudsealAuthenticationProvider.class */
public class CloudsealAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private CloudsealManager cloudsealManager;
    private AuthResponseValidatorImpl responseValidator;
    private UserDetailsService userDetailsService;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        CloudsealAssertionAuthenticationToken.TokenDetails tokenDetails = (CloudsealAssertionAuthenticationToken.TokenDetails) ((CloudsealAssertionAuthenticationToken) authentication).getDetails();
        try {
            CloudsealPrincipal validateResponse = this.responseValidator.validateResponse(this.cloudsealManager.getPublicKey(), tokenDetails.getSamlResponse(), tokenDetails.getRequestId(), tokenDetails.getAudience());
            CloudsealAuthenticationToken cloudsealAuthenticationToken = new CloudsealAuthenticationToken(new CloudsealUserDetails(validateResponse, mapAuthorities(validateResponse)));
            cloudsealAuthenticationToken.setAuthenticated(true);
            return decorateUserDetails(cloudsealAuthenticationToken);
        } catch (VerificationException e) {
            throw new BadCredentialsException("Unable to verify response from Cloudseal IDP");
        }
    }

    private CloudsealAuthenticationToken decorateUserDetails(CloudsealAuthenticationToken cloudsealAuthenticationToken) {
        if (this.userDetailsService == null) {
            return cloudsealAuthenticationToken;
        }
        CloudsealUserDetails cloudsealUserDetails = (CloudsealUserDetails) cloudsealAuthenticationToken.getUserDetails();
        if (CloudsealUserDetailsService.class.isAssignableFrom(this.userDetailsService.getClass())) {
            cloudsealAuthenticationToken.setDetails(((CloudsealUserDetailsService) this.userDetailsService).loadUser(cloudsealUserDetails));
        } else {
            cloudsealAuthenticationToken.setPrincipal(this.userDetailsService.loadUserByUsername(cloudsealAuthenticationToken.getName()));
        }
        return cloudsealAuthenticationToken;
    }

    private Collection<? extends GrantedAuthority> mapAuthorities(CloudsealPrincipal cloudsealPrincipal) {
        HashSet hashSet = new HashSet();
        if (cloudsealPrincipal.getRoles() != null) {
            Iterator it = cloudsealPrincipal.getRoles().iterator();
            while (it.hasNext()) {
                hashSet.add(new SimpleGrantedAuthority((String) it.next()));
            }
        }
        return hashSet;
    }

    public boolean supports(Class<?> cls) {
        return CloudsealAssertionAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.cloudsealManager, "cloudsealManager must be set");
        if (this.responseValidator == null) {
            this.responseValidator = new AuthResponseValidatorImpl();
        }
    }

    public void setCloudsealManager(CloudsealManager cloudsealManager) {
        this.cloudsealManager = cloudsealManager;
    }

    public void setResponseValidator(AuthResponseValidatorImpl authResponseValidatorImpl) {
        this.responseValidator = authResponseValidatorImpl;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
}
