package com.stormpath.spring.security.provider;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.authc.AuthenticationRequest;
import com.stormpath.sdk.authc.UsernamePasswordRequests;
import com.stormpath.sdk.group.Group;
import com.stormpath.sdk.group.GroupStatus;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.resource.ResourceException;
import com.stormpath.spring.security.authz.permission.Permission;
import com.stormpath.spring.security.token.ProviderAuthenticationToken;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/stormpath/spring/security/provider/StormpathAuthenticationProvider.class */
public class StormpathAuthenticationProvider implements AuthenticationProvider {
    private final Application application;
    private GroupGrantedAuthorityResolver groupGrantedAuthorityResolver;
    private GroupPermissionResolver groupPermissionResolver;
    private AccountGrantedAuthorityResolver accountGrantedAuthorityResolver;
    private AccountPermissionResolver accountPermissionResolver;
    private AuthenticationTokenFactory authenticationTokenFactory;

    public StormpathAuthenticationProvider(Application application) {
        Assert.notNull(application, "application can't be null");
        this.application = application;
        setGroupGrantedAuthorityResolver(new DefaultGroupGrantedAuthorityResolver());
        setGroupPermissionResolver(new GroupCustomDataPermissionResolver());
        setAccountPermissionResolver(new AccountCustomDataPermissionResolver());
        setAuthenticationTokenFactory(new UsernamePasswordAuthenticationTokenFactory());
    }

    public GroupGrantedAuthorityResolver getGroupGrantedAuthorityResolver() {
        return this.groupGrantedAuthorityResolver;
    }

    public void setGroupGrantedAuthorityResolver(GroupGrantedAuthorityResolver groupGrantedAuthorityResolver) {
        this.groupGrantedAuthorityResolver = groupGrantedAuthorityResolver;
    }

    public AccountGrantedAuthorityResolver getAccountGrantedAuthorityResolver() {
        return this.accountGrantedAuthorityResolver;
    }

    public void setAccountGrantedAuthorityResolver(AccountGrantedAuthorityResolver accountGrantedAuthorityResolver) {
        this.accountGrantedAuthorityResolver = accountGrantedAuthorityResolver;
    }

    public GroupPermissionResolver getGroupPermissionResolver() {
        return this.groupPermissionResolver;
    }

    public void setGroupPermissionResolver(GroupPermissionResolver groupPermissionResolver) {
        this.groupPermissionResolver = groupPermissionResolver;
    }

    public AccountPermissionResolver getAccountPermissionResolver() {
        return this.accountPermissionResolver;
    }

    public void setAccountPermissionResolver(AccountPermissionResolver accountPermissionResolver) {
        this.accountPermissionResolver = accountPermissionResolver;
    }

    public AuthenticationTokenFactory getAuthenticationTokenFactory() {
        return this.authenticationTokenFactory;
    }

    public void setAuthenticationTokenFactory(AuthenticationTokenFactory authenticationTokenFactory) {
        if (authenticationTokenFactory == null) {
            throw new IllegalArgumentException("authenticationTokenFactory cannot be null.");
        }
        this.authenticationTokenFactory = authenticationTokenFactory;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            Account handleProviderAuthentication = authentication instanceof ProviderAuthenticationToken ? handleProviderAuthentication((ProviderAuthenticationToken) authentication) : handleUsernamePasswordAuthentication(authentication);
            return this.authenticationTokenFactory.createAuthenticationToken(authentication.getPrincipal(), null, getGrantedAuthorities(handleProviderAuthentication), handleProviderAuthentication);
        } catch (ResourceException e) {
            String clean = Strings.clean(e.getMessage());
            if (clean == null) {
                clean = Strings.clean(e.getDeveloperMessage());
            }
            if (clean == null) {
                clean = "Invalid login or password.";
            }
            throw new AuthenticationServiceException(clean, e);
        }
    }

    private Account handleUsernamePasswordAuthentication(Authentication authentication) throws AuthenticationException {
        AuthenticationRequest createAuthenticationRequest = createAuthenticationRequest(authentication);
        try {
            Account account = this.application.authenticateAccount(createAuthenticationRequest).getAccount();
            createAuthenticationRequest.clear();
            return account;
        } catch (Throwable th) {
            createAuthenticationRequest.clear();
            throw th;
        }
    }

    private Account handleProviderAuthentication(ProviderAuthenticationToken providerAuthenticationToken) {
        return providerAuthenticationToken.getAccount();
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls) || ProviderAuthenticationToken.class.isAssignableFrom(cls);
    }

    protected AuthenticationRequest createAuthenticationRequest(Authentication authentication) {
        String str = (String) authentication.getPrincipal();
        String str2 = (String) authentication.getCredentials();
        if (Strings.hasText(str)) {
            return UsernamePasswordRequests.builder().setUsernameOrEmail(str).setPassword(str2).build();
        }
        throw new AuthenticationServiceException("Login and password required");
    }

    protected Collection<GrantedAuthority> getGrantedAuthorities(Account account) {
        HashSet hashSet = new HashSet();
        for (Group group : account.getGroups()) {
            if (GroupStatus.ENABLED.equals(group.getStatus())) {
                hashSet.addAll(resolveGrantedAuthorities(group));
                hashSet.addAll(resolvePermissions(group));
            }
        }
        hashSet.addAll(resolveGrantedAuthorities(account));
        Iterator<Permission> it = resolvePermissions(account).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        return hashSet;
    }

    private Set<GrantedAuthority> resolveGrantedAuthorities(Group group) {
        return this.groupGrantedAuthorityResolver != null ? this.groupGrantedAuthorityResolver.resolveGrantedAuthorities(group) : Collections.emptySet();
    }

    private Set<GrantedAuthority> resolveGrantedAuthorities(Account account) {
        return this.accountGrantedAuthorityResolver != null ? this.accountGrantedAuthorityResolver.resolveGrantedAuthorities(account) : Collections.emptySet();
    }

    private Set<Permission> resolvePermissions(Group group) {
        return this.groupPermissionResolver != null ? this.groupPermissionResolver.resolvePermissions(group) : Collections.emptySet();
    }

    private Set<Permission> resolvePermissions(Account account) {
        return this.accountPermissionResolver != null ? this.accountPermissionResolver.resolvePermissions(account) : Collections.emptySet();
    }
}
