package org.zowe.apiml.gateway.security.login.x509;

import java.security.cert.X509Certificate;
import lombok.Generated;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import org.zowe.apiml.gateway.security.service.TokenCreationService;
import org.zowe.apiml.security.common.error.AuthenticationTokenException;
import org.zowe.apiml.security.common.token.TokenAuthentication;
import org.zowe.apiml.security.common.token.X509AuthenticationToken;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/login/x509/X509AuthenticationProvider.class */
public class X509AuthenticationProvider implements AuthenticationProvider {

    @Value("${apiml.security.x509.enabled:false}")
    boolean isClientCertEnabled;
    private final X509AuthenticationMapper x509AuthenticationMapper;
    private final TokenCreationService tokenCreationService;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        String userid;
        if (!(authentication instanceof X509AuthenticationToken)) {
            throw new AuthenticationTokenException("Wrong authentication token. " + authentication.getClass());
        }
        if (!this.isClientCertEnabled || (userid = getUserid(authentication)) == null) {
            return null;
        }
        TokenAuthentication tokenAuthentication = new TokenAuthentication(userid, this.tokenCreationService.createJwtTokenWithoutCredentials(userid));
        tokenAuthentication.setAuthenticated(true);
        return tokenAuthentication;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return X509AuthenticationToken.class.isAssignableFrom(cls);
    }

    private String getUserid(Authentication authentication) {
        return this.x509AuthenticationMapper.mapCertificateToMainframeUserId(((X509Certificate[]) authentication.getCredentials())[0]);
    }

    @Generated
    public X509AuthenticationProvider(X509AuthenticationMapper x509AuthenticationMapper, TokenCreationService tokenCreationService) {
        this.x509AuthenticationMapper = x509AuthenticationMapper;
        this.tokenCreationService = tokenCreationService;
    }
}
