package org.cloudfoundry.identity.uaa.authentication;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.login.LoginInfoEndpoint;
import org.cloudfoundry.identity.uaa.login.PasscodeInformation;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.hsqldb.lib.StringUtil;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/authentication/PasscodeAuthenticationFilter.class */
public class PasscodeAuthenticationFilter extends BackwardsCompatibleTokenEndpointAuthenticationFilter {
    private final Log logger;
    private List<String> parameterNames;

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/authentication/PasscodeAuthenticationFilter$ExpiringCodeAuthentication.class */
    protected static class ExpiringCodeAuthentication implements Authentication {
        private final HttpServletRequest request;
        private final String passcode;

        public ExpiringCodeAuthentication(HttpServletRequest httpServletRequest, String str) {
            this.request = httpServletRequest;
            this.passcode = str;
        }

        public Collection<? extends GrantedAuthority> getAuthorities() {
            return null;
        }

        public Object getCredentials() {
            return null;
        }

        public Object getDetails() {
            return null;
        }

        public Object getPrincipal() {
            return null;
        }

        public boolean isAuthenticated() {
            return false;
        }

        public void setAuthenticated(boolean z) throws IllegalArgumentException {
        }

        public HttpServletRequest getRequest() {
            return this.request;
        }

        public String getPasscode() {
            return this.passcode;
        }

        public String getName() {
            return getPasscode();
        }
    }

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/authentication/PasscodeAuthenticationFilter$ExpiringCodeAuthenticationManager.class */
    protected static class ExpiringCodeAuthenticationManager implements AuthenticationManager {
        private final Log logger;
        private final ExpiringCodeStore expiringCodeStore;
        private final Set<String> methods;
        private final AuthenticationManager parent;
        private final UaaUserDatabase uaaUserDatabase;

        public ExpiringCodeAuthenticationManager(UaaUserDatabase uaaUserDatabase, AuthenticationManager authenticationManager, Log log, ExpiringCodeStore expiringCodeStore, Set<String> set) {
            this.logger = log;
            this.expiringCodeStore = expiringCodeStore;
            this.methods = set;
            this.parent = authenticationManager;
            this.uaaUserDatabase = uaaUserDatabase;
        }

        protected ExpiringCode doRetrieveCode(String str) {
            return this.expiringCodeStore.retrieveCode(str);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v38, types: [java.util.Collection] */
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (!(authentication instanceof ExpiringCodeAuthentication)) {
                return this.parent.authenticate(authentication);
            }
            ExpiringCodeAuthentication expiringCodeAuthentication = (ExpiringCodeAuthentication) authentication;
            this.logger.debug("Located credentials in request, with passcode");
            if (this.methods != null && !this.methods.contains(expiringCodeAuthentication.getRequest().getMethod().toUpperCase())) {
                throw new BadCredentialsException("Credentials must be sent by (one of methods): " + this.methods);
            }
            String passcode = expiringCodeAuthentication.getPasscode();
            if (StringUtil.isEmpty(passcode)) {
                throw new InsufficientAuthenticationException("Passcode information is missing.");
            }
            ExpiringCode doRetrieveCode = doRetrieveCode(passcode);
            PasscodeInformation passcodeInformation = null;
            if (doRetrieveCode != null && doRetrieveCode.getData() != null) {
                try {
                    passcodeInformation = (PasscodeInformation) JsonUtils.readValue(doRetrieveCode.getData(), PasscodeInformation.class);
                } catch (JsonUtils.JsonUtilException e) {
                    throw new InsufficientAuthenticationException("Unable to deserialize passcode object.", e);
                }
            }
            if (passcodeInformation == null) {
                throw new InsufficientAuthenticationException("Invalid passcode");
            }
            this.logger.debug("Successful passcode authentication request for " + passcodeInformation.getUsername());
            List<? extends GrantedAuthority> list = null;
            if (null != passcodeInformation.getAuthorizationParameters()) {
                list = (Collection) passcodeInformation.getAuthorizationParameters().get(UaaAuthenticationJsonBase.AUTHORITIES);
            }
            try {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(new UaaPrincipal(passcodeInformation.getUserId(), passcodeInformation.getUsername(), null, passcodeInformation.getOrigin(), null, IdentityZoneHolder.get().getId()), (Object) null, (list == null || list.size() == 0) ? this.uaaUserDatabase.retrieveUserById(passcodeInformation.getUserId()).getAuthorities() : list);
                PasscodeHttpServletRequest request = expiringCodeAuthentication.getRequest();
                request.addParameter("username", new String[]{passcodeInformation.getUsername()});
                request.addParameter("origin", new String[]{passcodeInformation.getOrigin()});
                return usernamePasswordAuthenticationToken;
            } catch (UsernameNotFoundException e2) {
                throw new BadCredentialsException("Invalid user.");
            }
        }
    }

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/authentication/PasscodeAuthenticationFilter$PasscodeHttpServletRequest.class */
    protected static class PasscodeHttpServletRequest extends HttpServletRequestWrapper {
        Map<String, String[]> extendedParameters;

        public PasscodeHttpServletRequest(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
            this.extendedParameters = new HashMap();
        }

        public void addParameter(String str, String[] strArr) {
            this.extendedParameters.put(str, strArr);
        }

        public Map<String, String[]> getParameterMap() {
            HashMap hashMap = new HashMap(this.extendedParameters);
            hashMap.putAll(super.getParameterMap());
            return hashMap;
        }
    }

    public PasscodeAuthenticationFilter(UaaUserDatabase uaaUserDatabase, AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory, ExpiringCodeStore expiringCodeStore) {
        super(new ExpiringCodeAuthenticationManager(uaaUserDatabase, authenticationManager, LogFactory.getLog(PasscodeAuthenticationFilter.class), expiringCodeStore, Collections.singleton(HttpMethod.POST.toString())), oAuth2RequestFactory);
        this.logger = LogFactory.getLog(getClass());
        this.parameterNames = Collections.emptyList();
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        super.doFilter(new PasscodeHttpServletRequest((HttpServletRequest) servletRequest), servletResponse, filterChain);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter
    public Authentication extractCredentials(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("grant_type");
        if (parameter == null || !parameter.equals("password")) {
            return null;
        }
        String str = getCredentials(httpServletRequest).get(LoginInfoEndpoint.PASSCODE);
        return str != null ? new ExpiringCodeAuthentication(httpServletRequest, str) : super.extractCredentials(httpServletRequest);
    }

    private Map<String, String> getCredentials(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        for (String str : this.parameterNames) {
            String parameter = httpServletRequest.getParameter(str);
            if (parameter != null) {
                if (parameter.startsWith("{")) {
                    try {
                        hashMap.putAll((Map) JsonUtils.readValue(parameter, new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.authentication.PasscodeAuthenticationFilter.1
                        }));
                    } catch (JsonUtils.JsonUtilException e) {
                        this.logger.warn("Unknown format of value for request param: " + str + ". Ignoring.");
                    }
                } else {
                    hashMap.put(str, parameter);
                }
            }
        }
        return hashMap;
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter
    public void destroy() {
    }

    public void setParameterNames(List<String> list) {
        this.parameterNames = list;
    }
}
