package com.kerb4j.server.spring;

import java.util.Collections;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;

/* loaded from: input_file:com/kerb4j/server/spring/SpnegoAuthenticationProvider.class */
public class SpnegoAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private static final Log LOG = LogFactory.getLog(SpnegoAuthenticationProvider.class);
    private KerberosTicketValidator ticketValidator;
    private UserDetailsService userDetailsService;
    private AuthenticationUserDetailsService<SpnegoAuthenticationToken> extractGroupsUserDetailsService = new ExtractGroupsUserDetailsService();
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();

    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public SpnegoAuthenticationToken m1authenticate(Authentication authentication) {
        SpnegoRequestToken spnegoRequestToken = (SpnegoRequestToken) authentication;
        byte[] token = spnegoRequestToken.getToken();
        LOG.debug("Try to validate Kerberos Token");
        SpnegoAuthenticationToken validateTicket = this.ticketValidator.validateTicket(token);
        LOG.debug("Successfully validated " + validateTicket.username());
        UserDetails loadUserDetails = null != this.extractGroupsUserDetailsService ? this.extractGroupsUserDetailsService.loadUserDetails(validateTicket) : null;
        UserDetails loadUserByUsername = (null != loadUserDetails || null == this.userDetailsService) ? loadUserDetails : this.userDetailsService.loadUserByUsername(validateTicket.username());
        UserDetails user = null == loadUserByUsername ? new User(validateTicket.username(), "", Collections.emptySet()) : loadUserByUsername;
        this.userDetailsChecker.check(user);
        additionalAuthenticationChecks(user, spnegoRequestToken);
        SpnegoAuthenticationToken spnegoAuthenticationToken = new SpnegoAuthenticationToken(user.getAuthorities(), validateTicket.getToken(), user.getUsername(), validateTicket.responseToken(), validateTicket.getSubject(), validateTicket.getKerberosKeys());
        spnegoAuthenticationToken.setDetails(authentication.getDetails());
        return spnegoAuthenticationToken;
    }

    public boolean supports(Class<?> cls) {
        return SpnegoRequestToken.class.isAssignableFrom(cls);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.ticketValidator, "ticketValidator must be specified");
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setExtractGroupsUserDetailsService(AuthenticationUserDetailsService<SpnegoAuthenticationToken> authenticationUserDetailsService) {
        this.extractGroupsUserDetailsService = authenticationUserDetailsService;
    }

    public void setTicketValidator(KerberosTicketValidator kerberosTicketValidator) {
        this.ticketValidator = kerberosTicketValidator;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, SpnegoRequestToken spnegoRequestToken) throws AuthenticationException {
    }
}
