package org.apereo.cas.support.oauth.authenticator;

import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.credentials.extractor.BasicAuthExtractor;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/authenticator/OAuth20UsernamePasswordAuthenticator.class */
public class OAuth20UsernamePasswordAuthenticator implements Authenticator<UsernamePasswordCredentials> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20UsernamePasswordAuthenticator.class);
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final ServicesManager servicesManager;
    private final ServiceFactory webApplicationServiceFactory;

    public void validate(UsernamePasswordCredentials usernamePasswordCredentials, WebContext webContext) throws CredentialsException {
        Credential usernamePasswordCredential = new UsernamePasswordCredential(usernamePasswordCredentials.getUsername(), usernamePasswordCredentials.getPassword());
        try {
            Pair<String, String> clientIdAndClientSecret = getClientIdAndClientSecret(webContext);
            if (clientIdAndClientSecret == null || StringUtils.isBlank((CharSequence) clientIdAndClientSecret.getKey())) {
                throw new CredentialsException("No client credentials could be identified in this request");
            }
            String str = (String) clientIdAndClientSecret.getKey();
            OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, str);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredOAuthServiceByClientId);
            String str2 = (String) clientIdAndClientSecret.getRight();
            if (StringUtils.isNotBlank(str2) && !OAuth20Utils.checkClientSecret(registeredOAuthServiceByClientId, str2)) {
                throw new CredentialsException("Bad secret for client identifier: " + str);
            }
            String requestParameter = webContext.getRequestParameter("redirect_uri");
            Service createService = StringUtils.isNotBlank(requestParameter) ? this.webApplicationServiceFactory.createService(requestParameter) : null;
            AuthenticationResult handleAndFinalizeSingleAuthenticationTransaction = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(createService, new Credential[]{usernamePasswordCredential});
            if (handleAndFinalizeSingleAuthenticationTransaction == null) {
                throw new CredentialsException("Could not authenticate the provided credentials");
            }
            Principal principal = handleAndFinalizeSingleAuthenticationTransaction.getAuthentication().getPrincipal();
            Map attributes = registeredOAuthServiceByClientId.getAttributeReleasePolicy().getAttributes(principal, createService, registeredOAuthServiceByClientId);
            CommonProfile commonProfile = new CommonProfile();
            String resolveUsername = registeredOAuthServiceByClientId.getUsernameAttributeProvider().resolveUsername(principal, createService, registeredOAuthServiceByClientId);
            LOGGER.debug("Created profile id [{}]", resolveUsername);
            commonProfile.setId(resolveUsername);
            commonProfile.addAttributes(attributes);
            LOGGER.debug("Authenticated user profile [{}]", commonProfile);
            usernamePasswordCredentials.setUserProfile(commonProfile);
        } catch (Exception e) {
            throw new CredentialsException("Cannot login user using CAS internal authentication", e);
        }
    }

    protected Pair<String, String> getClientIdAndClientSecret(WebContext webContext) {
        UsernamePasswordCredentials extract = new BasicAuthExtractor().extract(webContext);
        return extract != null ? Pair.of(extract.getUsername(), extract.getPassword()) : Pair.of(webContext.getRequestParameter("client_id"), webContext.getRequestParameter("client_secret"));
    }

    @Generated
    public OAuth20UsernamePasswordAuthenticator(AuthenticationSystemSupport authenticationSystemSupport, ServicesManager servicesManager, ServiceFactory serviceFactory) {
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.servicesManager = servicesManager;
        this.webApplicationServiceFactory = serviceFactory;
    }
}
