package org.onebusaway.users.impl.authentication;

import java.util.Collection;
import org.onebusaway.users.impl.authentication.LegacyMessageDigestPasswordEncoder;
import org.onebusaway.users.model.IndexedUserDetails;
import org.onebusaway.users.services.CurrentUserService;
import org.onebusaway.users.services.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/onebusaway/users/impl/authentication/SaltedDaoAuthenticationProvider.class */
public class SaltedDaoAuthenticationProvider extends DaoAuthenticationProvider {
    private static final Logger _log = LoggerFactory.getLogger(SaltedDaoAuthenticationProvider.class);
    private static final String DEFAULT_VERSION_PREFIX = "v1|";
    private UserService userService;
    private CurrentUserService currentUserService;
    private LegacyPasswordEncoder passwordEncoder = new LegacyPasswordEncoder("SHA-256", true);
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
    private String versionPrefix = DEFAULT_VERSION_PREFIX;

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Autowired
    public void setCurrentUserService(CurrentUserService currentUserService) {
        this.currentUserService = currentUserService;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        super.setAuthoritiesMapper(grantedAuthoritiesMapper);
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public void setVersionPrefix(String str) {
        this.versionPrefix = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    public Authentication createSuccessAuthentication(Object obj, Authentication authentication, UserDetails userDetails) {
        SaltedUsernamePasswordAuthenticationToken saltedUsernamePasswordAuthenticationToken = new SaltedUsernamePasswordAuthenticationToken(obj, authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
        saltedUsernamePasswordAuthenticationToken.setDetails(authentication.getDetails());
        return saltedUsernamePasswordAuthenticationToken;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider, org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (!supports(authentication.getClass())) {
            return null;
        }
        SaltedUsernamePasswordAuthenticationToken authenticateNow = authenticateNow(authentication);
        if (principal instanceof IndexedUserDetails) {
            authenticateNow.setDetails(principal);
        } else if ((principal instanceof String) && authenticateNow.getDetails() == null) {
            authenticateNow.setDetails(getUserDetailsService().loadUserByUsername((String) principal));
        }
        return authenticateNow;
    }

    private SaltedUsernamePasswordAuthenticationToken authenticateNow(Authentication authentication) {
        Object details;
        UserDetails userDetails = null;
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        if ((authorities == null || authorities.isEmpty()) && (details = authentication.getDetails()) != null) {
            if (details instanceof UserDetails) {
                userDetails = (UserDetails) details;
                authorities = userDetails.getAuthorities();
            } else {
                userDetails = getUserDetailsService().loadUserByUsername((String) authentication.getPrincipal());
                authorities = userDetails.getAuthorities();
            }
        }
        if (userDetails == null) {
            _log.error("unable to retrieve user details for user ", authentication.getName());
            return null;
        }
        String value = ((IndexedUserDetails) userDetails).getUserIndexKey().getValue();
        if (LegacyMessageDigestPasswordEncoder.PasswordEncoderUtils.equals(this.versionPrefix + this.passwordEncoder.encodePassword(value, (String) authentication.getCredentials()), userDetails.getPassword())) {
            return new SaltedUsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(authorities));
        }
        throw new BadCredentialsException("authentication failed for " + value);
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider, org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class cls) {
        return cls == SaltedUsernamePasswordAuthenticationToken.class || cls == UsernamePasswordAuthenticationToken.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    public void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        super.additionalAuthenticationChecks(userDetails, usernamePasswordAuthenticationToken);
    }
}
