package com.rsmart.rfabric.auth.tokenauth.springsecurity;

import com.rsmart.rfabric.auth.tokenauth.AuthToken;
import com.rsmart.rfabric.auth.tokenauth.AuthTokenValidator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.providers.AuthenticationProvider;

/* loaded from: input_file:com/rsmart/rfabric/auth/tokenauth/springsecurity/AuthTokenAuthenticationProvider.class */
public class AuthTokenAuthenticationProvider implements AuthenticationProvider {
    private static final Log LOG = LogFactory.getLog(AuthTokenAuthenticationProvider.class);
    private static final String[] CREDENTIALS = {AuthTokenAuthentication.KCID, AuthTokenAuthentication.ISPI};
    protected transient AuthTokenValidator validator;
    protected transient SpringAuthTokenNameMapper mapper = null;
    protected transient UserDetailProvider detailProvider = null;

    public AuthTokenAuthenticationProvider() {
        this.validator = null;
        this.validator = new AuthTokenValidator();
    }

    public AuthTokenAuthenticationProvider(String str) {
        this.validator = null;
        this.validator = new AuthTokenValidator();
        this.validator.setSecret(str);
    }

    public void setSecret(String str) {
        this.validator.setSecret(str);
    }

    public void setUserDetailProvider(UserDetailProvider userDetailProvider) {
        this.detailProvider = userDetailProvider;
    }

    public void setNameMapper(SpringAuthTokenNameMapper springAuthTokenNameMapper) {
        this.mapper = springAuthTokenNameMapper;
    }

    public void setTimeout(long j) {
        this.validator.setTimeout(j);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String secret = this.validator.getSecret();
        if (this.mapper == null) {
            LOG.error("no SpringAuthTokenNameMapper set to derive user name");
            throw new IllegalStateException("No name mapper set");
        }
        if (secret == null || "".equals(secret)) {
            LOG.error("sharedSecret is empty");
            throw new IllegalStateException("sharedSecret == null || empty");
        }
        if (this.detailProvider == null) {
            throw new IllegalStateException("AuthTokenUserProvider must have an ExternalUserProvider set, or must have singleUser and singleUserAuthorities set");
        }
        if (!supports(authentication.getClass()) || authentication == null) {
            throw new IllegalArgumentException("Expecting AuthTokenAuthentication object as argument");
        }
        AuthTokenAuthentication authTokenAuthentication = (AuthTokenAuthentication) authentication;
        if (authTokenAuthentication.isAuthenticated()) {
            return authTokenAuthentication;
        }
        AuthToken authToken = (AuthToken) authTokenAuthentication.getCredentials();
        if (!this.validator.isValid(authToken)) {
            LOG.warn("invalid token: " + authToken);
            return null;
        }
        LOG.debug("token is valid");
        String userName = this.mapper.getUserName(authToken);
        LOG.debug("mapper maps to the username - " + userName);
        try {
            if (this.detailProvider.userExists(userName)) {
                this.detailProvider.populateUserDetails(userName, authTokenAuthentication);
                return authTokenAuthentication;
            }
            LOG.error("User does not exist for token " + authToken);
            authentication.setAuthenticated(false);
            return null;
        } catch (Exception e) {
            LOG.error("UserDetailProvider [" + this.detailProvider.getClass() + "] threw an internal error in userExists()", e);
            throw new IllegalStateException("UserDetailProvider failed on call to userExists()", e);
        }
    }

    public boolean supports(Class cls) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("supports(\"" + cls.getName() + "\") reports: " + AuthTokenAuthentication.class.equals(cls));
        }
        return AuthTokenAuthentication.class.equals(cls);
    }
}
