package org.apereo.cas.uma.web.authn;

import java.util.LinkedHashMap;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/uma/web/authn/BaseUmaTokenAuthenticator.class */
public abstract class BaseUmaTokenAuthenticator implements Authenticator<TokenCredentials> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseUmaTokenAuthenticator.class);
    private final TicketRegistry ticketRegistry;

    public void validate(TokenCredentials tokenCredentials, WebContext webContext) {
        String trim = tokenCredentials.getToken().trim();
        AccessToken ticket = this.ticketRegistry.getTicket(trim, AccessToken.class);
        if (ticket == null || ticket.isExpired()) {
            throw new CredentialsException(String.format("Access token is not found or has expired. Unable to authenticate requesting party access token %s", trim));
        }
        if (!ticket.getScopes().contains(getRequiredScope())) {
            throw new CredentialsException(String.format("Missing scope [%s]. Unable to authenticate requesting party access token %s", "permission", trim));
        }
        CommonProfile commonProfile = new CommonProfile();
        Authentication authentication = ticket.getAuthentication();
        Principal principal = authentication.getPrincipal();
        commonProfile.setId(principal.getId());
        LinkedHashMap linkedHashMap = new LinkedHashMap(authentication.getAttributes());
        linkedHashMap.putAll(principal.getAttributes());
        commonProfile.addAttributes(linkedHashMap);
        commonProfile.addPermissions(ticket.getScopes());
        commonProfile.addAttribute(AccessToken.class.getName(), ticket);
        LOGGER.debug("Authenticated access token [{}]", commonProfile);
        tokenCredentials.setUserProfile(commonProfile);
    }

    protected abstract String getRequiredScope();

    @Generated
    public BaseUmaTokenAuthenticator(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }
}
