package com.baijia;

import com.baijia.authentication.Authentication;
import com.baijia.authentication.AuthenticationManager;
import com.baijia.authentication.MutableAuthentication;
import com.baijia.authentication.handler.AuthenticationException;
import com.baijia.authentication.principal.Credentials;
import com.baijia.authentication.principal.Principal;
import com.baijia.authentication.principal.Service;
import com.baijia.authentication.principal.SimplePrincipal;
import com.baijia.services.RegisteredService;
import com.baijia.services.ServicesManager;
import com.baijia.services.UnauthorizedServiceException;
import com.baijia.ticket.InvalidTicketException;
import com.baijia.ticket.ServiceTicket;
import com.baijia.ticket.TicketCreationException;
import com.baijia.ticket.TicketException;
import com.baijia.ticket.TicketGrantingTicket;
import com.baijia.ticket.TicketGrantingTicketImpl;
import com.baijia.ticket.TicketValidationException;
import com.baijia.ticket.registry.TicketRegistry;
import com.baijia.util.UniqueTicketIdGenerator;
import com.baijia.validation.Assertion;
import com.baijia.validation.ImmutableAssertionImpl;
import java.util.ArrayList;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

@Component
/* loaded from: input_file:WEB-INF/lib/passport-core-1.0-SNAPSHOT.jar:com/baijia/CentralAuthenticationServiceImpl.class */
public final class CentralAuthenticationServiceImpl implements CentralAuthenticationService {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private TicketRegistry ticketRegistry;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator;

    @Autowired
    private ServicesManager servicesManager;

    @Override // com.baijia.CentralAuthenticationService
    public void destroyTicketGrantingTicket(String str) {
        Assert.notNull(str);
        this.logger.debug("Removing ticket [" + str + "] from registry.");
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) this.ticketRegistry.getTicket(str);
        if (ticketGrantingTicket == null) {
            return;
        }
        this.logger.debug("Ticket found.  Expiring and then deleting.");
        ticketGrantingTicket.expire();
        this.ticketRegistry.deleteTicket(str);
    }

    @Override // com.baijia.CentralAuthenticationService
    public String grantServiceTicket(String str, Service service, Credentials credentials) throws TicketException {
        Assert.notNull(str, "ticketGrantingticketId cannot be null");
        Assert.notNull(service, "service cannot be null");
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) this.ticketRegistry.getTicket(str);
        if (ticketGrantingTicket == null) {
            throw new InvalidTicketException();
        }
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        if (findServiceBy == null || !findServiceBy.isEnabled()) {
            this.logger.warn("ServiceManagement: Unauthorized Service Access. Service [" + service.getId() + "] not found in Service Registry.");
            throw new UnauthorizedServiceException();
        }
        if (credentials != null) {
            try {
                Authentication authenticate = this.authenticationManager.authenticate(credentials);
                Authentication authentication = ticketGrantingTicket.getAuthentication();
                if (!authenticate.getPrincipal().equals(authentication.getPrincipal()) || !authenticate.getAttributes().equals(authentication.getAttributes())) {
                    throw new TicketCreationException();
                }
            } catch (AuthenticationException e) {
                throw new TicketCreationException(e);
            }
        }
        ServiceTicket grantServiceTicket = ticketGrantingTicket.grantServiceTicket(this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(ServiceTicket.PREFIX), service, credentials != null);
        this.ticketRegistry.addTicket(grantServiceTicket);
        this.ticketRegistry.updateTicket(ticketGrantingTicket);
        this.logger.info(String.format("Granted %s ticket [%s] for service [%s] for user [%s]", "service", grantServiceTicket.getId(), service.getId(), grantServiceTicket.getGrantingTicket().getAuthentication().getPrincipal().getId()));
        return grantServiceTicket.getId();
    }

    @Override // com.baijia.CentralAuthenticationService
    public String grantServiceTicket(String str, Service service) throws TicketException {
        return grantServiceTicket(str, service, null);
    }

    @Override // com.baijia.CentralAuthenticationService
    public String createTicketGrantingTicket(Credentials credentials) throws TicketCreationException {
        Assert.notNull(credentials, "credentials cannot be null");
        try {
            TicketGrantingTicketImpl ticketGrantingTicketImpl = new TicketGrantingTicketImpl(this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX), this.authenticationManager.authenticate(credentials));
            this.ticketRegistry.addTicket(ticketGrantingTicketImpl);
            return ticketGrantingTicketImpl.getId();
        } catch (AuthenticationException e) {
            throw new TicketCreationException(e);
        }
    }

    @Override // com.baijia.CentralAuthenticationService
    public Assertion validateServiceTicket(String str, Service service) throws TicketException {
        MutableAuthentication mutableAuthentication;
        Assert.notNull(str, "serviceTicketId cannot be null");
        Assert.notNull(service, "service cannot be null");
        ServiceTicket serviceTicket = (ServiceTicket) this.ticketRegistry.getTicket(str);
        this.ticketRegistry.deleteTicket(str);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        if (findServiceBy == null || !findServiceBy.isEnabled()) {
            this.logger.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets.   Service: [" + service.getId() + "]");
            throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
        }
        if (serviceTicket == null) {
            this.logger.info("ServiceTicket [" + str + "] does not exist.");
            throw new InvalidTicketException();
        }
        if (!serviceTicket.isValidFor(service)) {
            this.logger.warn("ServiceTicket [" + str + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
            throw new TicketValidationException(serviceTicket.getService());
        }
        Authentication authentication = serviceTicket.getGrantingTicket().getAuthentication();
        Principal principal = authentication.getPrincipal();
        String id = principal.getId();
        if (findServiceBy.isIgnoreAttributes()) {
            mutableAuthentication = new MutableAuthentication(new SimplePrincipal(id, principal.getAttributes()), authentication.getAuthenticatedDate());
        } else {
            HashMap hashMap = new HashMap();
            for (String str2 : findServiceBy.getAllowedAttributes()) {
                Object obj = principal.getAttributes().get(str2);
                if (obj != null) {
                    hashMap.put(str2, obj);
                }
            }
            MutableAuthentication mutableAuthentication2 = new MutableAuthentication(new SimplePrincipal(id, hashMap), authentication.getAuthenticatedDate());
            mutableAuthentication2.getAttributes().putAll(authentication.getAttributes());
            mutableAuthentication2.getAuthenticatedDate().setTime(authentication.getAuthenticatedDate().getTime());
            mutableAuthentication = mutableAuthentication2;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(mutableAuthentication);
        return new ImmutableAssertionImpl(arrayList, serviceTicket.getService(), serviceTicket.isFromNewLogin());
    }

    public void setTicketRegistry(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setTicketGrantingTicketUniqueTicketIdGenerator(UniqueTicketIdGenerator uniqueTicketIdGenerator) {
        this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator;
    }

    public void setServicesManager(ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }
}
