package com.payneteasy.superfly.security;

import com.payneteasy.superfly.api.SSOAction;
import com.payneteasy.superfly.api.SSORole;
import com.payneteasy.superfly.api.SSOUser;
import com.payneteasy.superfly.security.authentication.CheckOTPToken;
import com.payneteasy.superfly.security.authentication.CompoundAuthentication;
import com.payneteasy.superfly.security.authentication.OTPCheckedToken;
import com.payneteasy.superfly.security.authentication.SSOUserAndSelectedRoleAuthenticationToken;
import com.payneteasy.superfly.security.authentication.SSOUserAuthenticationToken;
import com.payneteasy.superfly.security.authentication.UsernamePasswordAuthRequestInfoAuthenticationToken;
import com.payneteasy.superfly.security.authentication.UsernamePasswordCheckedToken;
import com.payneteasy.superfly.security.exception.BadOTPValueException;
import com.payneteasy.superfly.security.mapbuilder.ActionsMapBuilder;
import com.payneteasy.superfly.security.processor.AuthenticationPostProcessor;
import com.payneteasy.superfly.security.processor.IdAuthenticationPostProcessor;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/payneteasy/superfly/security/SuperflyMultiMockAuthenticationProvider.class */
public class SuperflyMultiMockAuthenticationProvider extends AbstractRoleTransformingAuthenticationProvider {
    private String hotp;
    private ActionsMapBuilder actionsMapBuilder;
    private final Map<String, String> usernamesToPasswords = new HashMap();
    private boolean enabled = true;
    private AuthenticationPostProcessor authenticationPostProcessor = new IdAuthenticationPostProcessor();
    private Map<SSORole, SSOAction[]> cachedMap = null;

    public void addUsernameAndPassword(String str, String str2) {
        this.usernamesToPasswords.put(str, str2);
    }

    public void setHotp(String str) {
        this.hotp = str;
    }

    @Required
    public void setActionsMapBuilder(ActionsMapBuilder actionsMapBuilder) {
        this.actionsMapBuilder = actionsMapBuilder;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public void setAuthenticationPostProcessor(AuthenticationPostProcessor authenticationPostProcessor) {
        this.authenticationPostProcessor = authenticationPostProcessor;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication authentication2;
        if (!this.enabled) {
            return null;
        }
        CompoundAuthentication compoundAuthentication = null;
        if (authentication instanceof CompoundAuthentication) {
            compoundAuthentication = (CompoundAuthentication) authentication;
            authentication2 = compoundAuthentication.getCurrentAuthenticationRequest();
        } else {
            authentication2 = authentication;
        }
        if (authentication2 instanceof UsernamePasswordAuthRequestInfoAuthenticationToken) {
            return processUsernamePasswordAuth(authentication2);
        }
        if (!(authentication2 instanceof CheckOTPToken)) {
            if (!(authentication2 instanceof SSOUserAndSelectedRoleAuthenticationToken)) {
                return null;
            }
            SSOUserAndSelectedRoleAuthenticationToken sSOUserAndSelectedRoleAuthenticationToken = (SSOUserAndSelectedRoleAuthenticationToken) authentication2;
            return this.authenticationPostProcessor.postProcess(new SSOUserAuthenticationToken(sSOUserAndSelectedRoleAuthenticationToken.getSsoUser(), sSOUserAndSelectedRoleAuthenticationToken.getSsoRole(), sSOUserAndSelectedRoleAuthenticationToken.getCredentials(), sSOUserAndSelectedRoleAuthenticationToken.getDetails(), this.roleNameTransformers, this.roleSource));
        }
        CheckOTPToken checkOTPToken = (CheckOTPToken) authentication2;
        if (!this.hotp.equals(checkOTPToken.getCredentials())) {
            throw new BadOTPValueException("Bad HOTP");
        }
        if (checkOTPToken.getSsoUser().getActionsMap().size() == 1) {
            return new SSOUserAuthenticationToken(checkOTPToken.getSsoUser(), (SSORole) checkOTPToken.getSsoUser().getActionsMap().keySet().iterator().next(), checkOTPToken.getCredentials(), checkOTPToken.getDetails(), this.roleNameTransformers, this.roleSource);
        }
        if (compoundAuthentication == null) {
            throw new IllegalStateException("CompoundAuthentication cannot be null here");
        }
        CompoundAuthentication compoundAuthentication2 = new CompoundAuthentication(compoundAuthentication.getReadyAuthentications(), authentication2);
        compoundAuthentication2.addReadyAuthentication(new OTPCheckedToken(checkOTPToken.getSsoUser()));
        return compoundAuthentication2;
    }

    protected Authentication processUsernamePasswordAuth(Authentication authentication) {
        String name = authentication.getName();
        if (!checkUsernamePassword(name, authentication.getCredentials() == null ? null : authentication.getCredentials().toString())) {
            throw new BadCredentialsException("Bad username/password");
        }
        CompoundAuthentication compoundAuthentication = new CompoundAuthentication();
        compoundAuthentication.addReadyAuthentication(new UsernamePasswordCheckedToken(createSSOUser(name)));
        return compoundAuthentication;
    }

    protected boolean checkUsernamePassword(String str, String str2) {
        return Objects.equals(this.usernamesToPasswords.get(str), str2);
    }

    protected SSOUser createSSOUser(String str) {
        return new SSOUser(str, getActionsMap(str), Collections.emptyMap());
    }

    protected Map<SSORole, SSOAction[]> getActionsMap(String str) {
        if (this.cachedMap == null) {
            try {
                this.cachedMap = this.actionsMapBuilder.build();
            } catch (Exception e) {
                throw new AuthenticationServiceException("Could not obtain roles and actions", e);
            }
        }
        return this.cachedMap;
    }

    public boolean supports(Class<?> cls) {
        if (this.enabled) {
            return UsernamePasswordAuthRequestInfoAuthenticationToken.class.isAssignableFrom(cls) || CheckOTPToken.class.isAssignableFrom(cls) || SSOUserAndSelectedRoleAuthenticationToken.class.isAssignableFrom(cls) || CompoundAuthentication.class.isAssignableFrom(cls);
        }
        return false;
    }
}
