package org.springframework.security.openid;

import java.util.Collection;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/openid/OpenIDAuthenticationProvider.class */
public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService;
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "The userDetailsService must be set");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass()) || !(authentication instanceof OpenIDAuthenticationToken)) {
            return null;
        }
        OpenIDAuthenticationToken openIDAuthenticationToken = (OpenIDAuthenticationToken) authentication;
        OpenIDAuthenticationStatus status = openIDAuthenticationToken.getStatus();
        if (status == OpenIDAuthenticationStatus.SUCCESS) {
            return createSuccessfulAuthentication(this.userDetailsService.loadUserDetails(openIDAuthenticationToken), openIDAuthenticationToken);
        }
        if (status == OpenIDAuthenticationStatus.CANCELLED) {
            throw new AuthenticationCancelledException("Log in cancelled");
        }
        if (status == OpenIDAuthenticationStatus.ERROR) {
            throw new AuthenticationServiceException("Error message from server: " + openIDAuthenticationToken.getMessage());
        }
        if (status == OpenIDAuthenticationStatus.FAILURE) {
            throw new BadCredentialsException("Log in failed - identity could not be verified");
        }
        if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
            throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
        }
        throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
    }

    protected Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken openIDAuthenticationToken) {
        return new OpenIDAuthenticationToken(userDetails, (Collection<? extends GrantedAuthority>) this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), openIDAuthenticationToken.getIdentityUrl(), openIDAuthenticationToken.getAttributes());
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = new UserDetailsByNameServiceWrapper(userDetailsService);
    }

    public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService) {
        this.userDetailsService = authenticationUserDetailsService;
    }

    public boolean supports(Class<?> cls) {
        return OpenIDAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }
}
