package io.micronaut.security.authentication.providers;

import io.micronaut.context.annotation.Requires;
import io.micronaut.security.authentication.AuthenticationFailed;
import io.micronaut.security.authentication.AuthenticationFailureReason;
import io.micronaut.security.authentication.AuthenticationProvider;
import io.micronaut.security.authentication.AuthenticationRequest;
import io.micronaut.security.authentication.AuthenticationResponse;
import io.micronaut.security.authentication.UserDetails;
import io.reactivex.Flowable;
import java.util.List;
import javax.inject.Singleton;
import org.reactivestreams.Publisher;

@Singleton
@Requires(beans = {UserFetcher.class, PasswordEncoder.class, AuthoritiesFetcher.class})
/* loaded from: input_file:io/micronaut/security/authentication/providers/DelegatingAuthenticationProvider.class */
public class DelegatingAuthenticationProvider implements AuthenticationProvider {
    protected final UserFetcher userFetcher;
    protected final PasswordEncoder passwordEncoder;
    protected final AuthoritiesFetcher authoritiesFetcher;

    public DelegatingAuthenticationProvider(UserFetcher userFetcher, PasswordEncoder passwordEncoder, AuthoritiesFetcher authoritiesFetcher) {
        this.userFetcher = userFetcher;
        this.passwordEncoder = passwordEncoder;
        this.authoritiesFetcher = authoritiesFetcher;
    }

    @Override // io.micronaut.security.authentication.AuthenticationProvider
    public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
        return Flowable.fromPublisher(fetchUserState(authenticationRequest)).switchMap(userState -> {
            return !userState.isEnabled() ? Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.USER_DISABLED)) : userState.isAccountExpired() ? Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.ACCOUNT_EXPIRED)) : userState.isAccountLocked() ? Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.ACCOUNT_LOCKED)) : userState.isPasswordExpired() ? Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.PASSWORD_EXPIRED)) : !this.passwordEncoder.matches(authenticationRequest.getSecret().toString(), userState.getPassword()) ? Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH)) : createSuccessfulAuthenticationResponse(authenticationRequest, userState);
        }).switchIfEmpty(Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.USER_NOT_FOUND)));
    }

    protected Publisher<UserState> fetchUserState(AuthenticationRequest authenticationRequest) {
        return this.userFetcher.findByUsername(authenticationRequest.getIdentity().toString());
    }

    protected Publisher<AuthenticationResponse> createSuccessfulAuthenticationResponse(AuthenticationRequest authenticationRequest, UserState userState) {
        return Flowable.fromPublisher(this.authoritiesFetcher.findAuthoritiesByUsername(userState.getUsername())).map(list -> {
            return createSuccessfulAuthenticationResponse(authenticationRequest, userState, list);
        });
    }

    protected AuthenticationResponse createSuccessfulAuthenticationResponse(AuthenticationRequest authenticationRequest, UserState userState, List<String> list) {
        return new UserDetails(userState.getUsername(), list);
    }
}
