package org.opennms.web.springframework.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.kerberos.authentication.KerberosTicketValidation;
import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.util.Assert;

/* loaded from: input_file:org/opennms/web/springframework/security/KerberosServiceLdapAuthenticationProvider.class */
public class KerberosServiceLdapAuthenticationProvider extends KerberosServiceAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosServiceLdapAuthenticationProvider.class);
    private KerberosTicketValidator m_kerberosTicketValidator;
    private LdapUserSearch m_ldapUserSearch;
    private LdapAuthoritiesPopulator m_ldapAuthoritiesPopulator;
    private UserDetailsChecker m_userDetailsChecker = new AccountStatusUserDetailsChecker();
    private boolean m_trimRealm = true;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        KerberosServiceRequestToken kerberosServiceRequestToken = (KerberosServiceRequestToken) authentication;
        byte[] token = kerberosServiceRequestToken.getToken();
        LOG.debug("Try to validate Kerberos Token");
        KerberosTicketValidation validateTicket = this.m_kerberosTicketValidator.validateTicket(token);
        LOG.debug("Succesfully validated " + validateTicket.username());
        String trimRealmFromUsername = trimRealmFromUsername(validateTicket.username());
        User user = new User(trimRealmFromUsername, "notUsed", true, true, true, true, this.m_ldapAuthoritiesPopulator.getGrantedAuthorities(this.m_ldapUserSearch.searchForUser(trimRealmFromUsername), trimRealmFromUsername));
        this.m_userDetailsChecker.check(user);
        additionalAuthenticationChecks(user, kerberosServiceRequestToken);
        return new KerberosServiceRequestToken(user, validateTicket, user.getAuthorities(), token);
    }

    private String trimRealmFromUsername(String str) {
        return (this.m_trimRealm && str.contains("@")) ? str.substring(0, str.indexOf("@")) : str;
    }

    public void setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        this.m_ldapAuthoritiesPopulator = ldapAuthoritiesPopulator;
    }

    public LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
        return this.m_ldapAuthoritiesPopulator;
    }

    public void setLdapUserSearch(LdapUserSearch ldapUserSearch) {
        this.m_ldapUserSearch = ldapUserSearch;
    }

    public LdapUserSearch getLdapUserSearch() {
        return this.m_ldapUserSearch;
    }

    public void setTrimRealm(boolean z) {
        this.m_trimRealm = z;
    }

    public boolean getTrimRealm() {
        return this.m_trimRealm;
    }

    public void setTicketValidator(KerberosTicketValidator kerberosTicketValidator) {
        this.m_kerberosTicketValidator = kerberosTicketValidator;
    }

    public KerberosTicketValidator getTicketValidator() {
        return this.m_kerberosTicketValidator;
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.m_kerberosTicketValidator, "ticketValidator must be set");
        Assert.notNull(this.m_ldapAuthoritiesPopulator, "ldapAuthoritiesPopulator must be set");
    }
}
