package com.universe.mdm.sso.kerberos.service.security.provider;

import com.universe.mdm.sso.kerberos.configuration.SsoKerberosModuleConstants;
import com.universe.mdm.sso.kerberos.service.KerberosUserDetailsService;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.kerberos.authentication.KerberosTicketValidation;
import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
import org.springframework.stereotype.Component;
import org.unidata.mdm.core.type.security.Right;
import org.unidata.mdm.core.type.security.UserDetails;

@Component(SsoKerberosModuleConstants.BEAN_NAME_KERBEROS_AUTHENTICATION_PROVIDER)
/* loaded from: input_file:com/universe/mdm/sso/kerberos/service/security/provider/KerberosAuthenticationProvider.class */
public class KerberosAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private KerberosTicketValidator ticketValidator;

    @Autowired
    private KerberosUserDetailsService userDetailsService;

    public Authentication authenticate(Authentication authentication) {
        byte[] token = ((KerberosServiceRequestToken) authentication).getToken();
        KerberosTicketValidation validateTicket = this.ticketValidator.validateTicket(token);
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(validateTicket.username());
        KerberosServiceRequestToken kerberosServiceRequestToken = new KerberosServiceRequestToken(loadUserByUsername, validateTicket, toGrantedAuthority(loadUserByUsername.getRights()), token);
        kerberosServiceRequestToken.setDetails(authentication.getDetails());
        return kerberosServiceRequestToken;
    }

    public boolean supports(Class<?> cls) {
        return KerberosServiceRequestToken.class.isAssignableFrom(cls);
    }

    private List<GrantedAuthority> toGrantedAuthority(List<Right> list) {
        return list == null ? Collections.emptyList() : (List) list.stream().map((v0) -> {
            return v0.resourceId();
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }
}
