package org.opennms.web.springframework.security;

import java.util.Collection;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosClient;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;

/* loaded from: input_file:org/opennms/web/springframework/security/KerberosLdapAuthenticationProvider.class */
public class KerberosLdapAuthenticationProvider extends KerberosAuthenticationProvider {
    private KerberosClient m_kerberosClient;
    private LdapUserSearch m_ldapUserSearch;
    private LdapAuthoritiesPopulator m_ldapAuthoritiesPopulator;
    private boolean m_trimRealm = true;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
        String trimRealmFromUsername = trimRealmFromUsername(this.m_kerberosClient.login(usernamePasswordAuthenticationToken.getName(), usernamePasswordAuthenticationToken.getCredentials().toString()));
        Collection grantedAuthorities = this.m_ldapAuthoritiesPopulator.getGrantedAuthorities(this.m_ldapUserSearch.searchForUser(trimRealmFromUsername), trimRealmFromUsername);
        return new UsernamePasswordAuthenticationToken(new User(trimRealmFromUsername, "notUsed", true, true, true, true, grantedAuthorities), usernamePasswordAuthenticationToken.getCredentials(), grantedAuthorities);
    }

    private String trimRealmFromUsername(String str) {
        return (this.m_trimRealm && str.contains("@")) ? str.substring(0, str.indexOf("@")) : str;
    }

    public void setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        this.m_ldapAuthoritiesPopulator = ldapAuthoritiesPopulator;
    }

    public LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
        return this.m_ldapAuthoritiesPopulator;
    }

    public void setLdapUserSearch(LdapUserSearch ldapUserSearch) {
        this.m_ldapUserSearch = ldapUserSearch;
    }

    public LdapUserSearch getLdapUserSearch() {
        return this.m_ldapUserSearch;
    }

    public void setKerberosClient(KerberosClient kerberosClient) {
        this.m_kerberosClient = kerberosClient;
    }

    public KerberosClient getKerberosClient() {
        return this.m_kerberosClient;
    }

    public void setTrimRealm(boolean z) {
        this.m_trimRealm = z;
    }

    public boolean getTrimRealm() {
        return this.m_trimRealm;
    }
}
