package org.zowe.apiml.zaas.security.login.zosmf;

import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
import org.zowe.apiml.security.common.login.LoginRequest;
import org.zowe.apiml.security.common.token.InvalidTokenTypeException;
import org.zowe.apiml.security.common.token.TokenAuthentication;
import org.zowe.apiml.security.common.token.TokenNotValidException;
import org.zowe.apiml.zaas.security.service.AuthenticationService;
import org.zowe.apiml.zaas.security.service.zosmf.ZosmfService;

@ConditionalOnProperty(value = {"apiml.security.auth.provider"}, havingValue = "zosmf", matchIfMissing = true)
@Component
/* loaded from: input_file:org/zowe/apiml/zaas/security/login/zosmf/ZosmfAuthenticationProvider.class */
public class ZosmfAuthenticationProvider implements AuthenticationProvider {
    private final AuthenticationService authenticationService;
    private final ZosmfService zosmfService;
    private final AuthConfigurationProperties authConfigurationProperties;

    public Authentication authenticate(Authentication authentication) {
        String obj = authentication.getPrincipal().toString();
        char[] newPassword = LoginRequest.getNewPassword(authentication);
        if (ArrayUtils.isNotEmpty(newPassword)) {
            this.zosmfService.changePassword(authentication);
            authentication = new UsernamePasswordAuthenticationToken(obj, newPassword);
        }
        try {
            ZosmfService.AuthenticationResponse authenticate = this.zosmfService.authenticate(authentication);
            if (this.authConfigurationProperties.getZosmf().getJwtAutoconfiguration() != AuthConfigurationProperties.JWT_AUTOCONFIGURATION_MODE.LTPA) {
                if (authenticate.getTokens().containsKey(ZosmfService.TokenType.JWT)) {
                    return getZosmfJwtToken(obj, authenticate);
                }
                if (authenticate.getTokens().containsKey(ZosmfService.TokenType.LTPA)) {
                    throw new InvalidTokenTypeException("LTPA token in z/OSMF response but configured to expect JWT");
                }
            } else {
                if (authenticate.getTokens().containsKey(ZosmfService.TokenType.LTPA)) {
                    return getApimlJwtToken(obj, authenticate);
                }
                if (authenticate.getTokens().containsKey(ZosmfService.TokenType.JWT)) {
                    throw new InvalidTokenTypeException("JWT token in z/OSMF response but configured to expect LTPA");
                }
            }
            throw new BadCredentialsException("Invalid Credentials");
        } catch (TokenNotValidException e) {
            throw new BadCredentialsException("Invalid Credentials");
        }
    }

    public TokenAuthentication getZosmfJwtToken(String str, ZosmfService.AuthenticationResponse authenticationResponse) {
        return this.authenticationService.createTokenAuthentication(str, authenticationResponse.getTokens().get(ZosmfService.TokenType.JWT));
    }

    private TokenAuthentication getApimlJwtToken(String str, ZosmfService.AuthenticationResponse authenticationResponse) {
        return this.authenticationService.createTokenAuthentication(str, this.authenticationService.createJwtToken(str, authenticationResponse.getDomain(), authenticationResponse.getTokens().get(ZosmfService.TokenType.LTPA)));
    }

    public boolean supports(Class<?> cls) {
        return cls == UsernamePasswordAuthenticationToken.class;
    }

    @Generated
    public ZosmfAuthenticationProvider(AuthenticationService authenticationService, ZosmfService zosmfService, AuthConfigurationProperties authConfigurationProperties) {
        this.authenticationService = authenticationService;
        this.zosmfService = zosmfService;
        this.authConfigurationProperties = authConfigurationProperties;
    }
}
