package org.jenkinsci.plugins.reverse_proxy_auth.auth;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm;
import org.jenkinsci.plugins.reverse_proxy_auth.model.ReverseProxyUserDetails;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.InvalidDataAccessApiUsageException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jenkinsci/plugins/reverse_proxy_auth/auth/DefaultReverseProxyAuthenticator.class */
public class DefaultReverseProxyAuthenticator implements ReverseProxyAuthenticator, InitializingBean, MessageSourceAware {
    private static final Logger LOGGER = Logger.getLogger(ReverseProxySecurityRealm.class.getName());

    @SuppressFBWarnings(value = {"URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD"}, justification = "It is a part of public API :(")
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private final String username;
    private final Collection<? extends GrantedAuthority> authorities;

    public DefaultReverseProxyAuthenticator(String str, @CheckForNull Collection<? extends GrantedAuthority> collection) {
        this.username = str;
        this.authorities = collection;
    }

    public void setMessageSource(@NonNull MessageSource messageSource) {
        Assert.notNull(messageSource, "Message source must not be null");
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void afterPropertiesSet() {
    }

    @Override // org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticator
    public ReverseProxyUserDetails authenticate(String str, String str2) throws DataAccessException {
        LOGGER.log(Level.INFO, "DefaultReverseProxyAuthenticator::authenticate ==> {0} to {1}", new Object[]{this.username, this.authorities});
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = new UsernamePasswordAuthenticationToken(this.username, "", this.authorities);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof ReverseProxyUserDetails) {
            return (ReverseProxyUserDetails) principal;
        }
        if (!(principal instanceof String)) {
            throw new InvalidDataAccessApiUsageException("Cannot convert principal " + principal + " to ReverseProxyUserDetails. Principal type is " + (principal == null ? "null" : principal.toString()));
        }
        ReverseProxyUserDetails reverseProxyUserDetails = new ReverseProxyUserDetails();
        reverseProxyUserDetails.setUsername((String) principal);
        reverseProxyUserDetails.setAuthorities(authentication.getAuthorities());
        return reverseProxyUserDetails;
    }
}
