package com.payneteasy.superfly.security;

import com.payneteasy.superfly.api.SSOService;
import com.payneteasy.superfly.api.SSOUser;
import com.payneteasy.superfly.security.authentication.SSOAuthenticationRequest;
import com.payneteasy.superfly.security.authentication.UsernamePasswordCheckedToken;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/payneteasy/superfly/security/SuperflySSOAuthenticationProvider.class */
public class SuperflySSOAuthenticationProvider implements AuthenticationProvider {
    private SSOService ssoService;

    @Required
    public void setSsoService(SSOService sSOService) {
        this.ssoService = sSOService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof SSOAuthenticationRequest)) {
            return null;
        }
        SSOAuthenticationRequest sSOAuthenticationRequest = (SSOAuthenticationRequest) authentication;
        if (sSOAuthenticationRequest.getSubsystemToken() == null) {
            throw new BadCredentialsException("Null subsystem token");
        }
        SSOUser exchangeSubsystemToken = this.ssoService.exchangeSubsystemToken(sSOAuthenticationRequest.getSubsystemToken());
        if (exchangeSubsystemToken == null) {
            throw new BadCredentialsException("Bad credentials");
        }
        if (exchangeSubsystemToken.getActionsMap().isEmpty()) {
            throw new BadCredentialsException("No roles");
        }
        return createAuthentication(exchangeSubsystemToken);
    }

    public boolean supports(Class<?> cls) {
        return SSOAuthenticationRequest.class.isAssignableFrom(cls);
    }

    protected Authentication createAuthentication(SSOUser sSOUser) {
        return new UsernamePasswordCheckedToken(sSOUser);
    }
}
