package org.kuali.rice.kim.client.acegi;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.cas.CasAuthenticationProvider;
import org.acegisecurity.providers.cas.CasAuthenticationToken;
import org.acegisecurity.providers.cas.StatelessTicketCache;
import org.acegisecurity.ui.cas.CasProcessingFilter;
import org.acegisecurity.userdetails.UserDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/rice-impl-1.0.3.3.jar:org/kuali/rice/kim/client/acegi/KualiCasAuthenticationProvider.class */
public class KualiCasAuthenticationProvider extends CasAuthenticationProvider {
    private static final Log logger = LogFactory.getLog(KualiCasAuthenticationProvider.class);

    @Override // org.acegisecurity.providers.cas.CasAuthenticationProvider, org.acegisecurity.providers.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        StatelessTicketCache statelessTicketCache = getStatelessTicketCache();
        String key = getKey();
        if (!supports(authentication.getClass())) {
            return null;
        }
        if ((authentication instanceof UsernamePasswordAuthenticationToken) && !CasProcessingFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString()) && !CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal().toString())) {
            return null;
        }
        if (authentication instanceof CasAuthenticationToken) {
            if (key.hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) {
                return authentication;
            }
            throw new BadCredentialsException(this.messages.getMessage("CasAuthenticationProvider.incorrectKey", "The presented CasAuthenticationToken does not contain the expected key"));
        }
        if (authentication.getCredentials() == null || "".equals(authentication.getCredentials())) {
            throw new BadCredentialsException(this.messages.getMessage("CasAuthenticationProvider.noServiceTicket", "Failed to provide a CAS service ticket to validate"));
        }
        boolean z = false;
        if ((authentication instanceof UsernamePasswordAuthenticationToken) && CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal())) {
            z = true;
        }
        CasAuthenticationToken casAuthenticationToken = null;
        if (z) {
            casAuthenticationToken = statelessTicketCache.getByTicketId(authentication.getCredentials().toString());
        }
        if (casAuthenticationToken == null) {
            casAuthenticationToken = authenticateNow(authentication);
            casAuthenticationToken.setDetails(authentication.getDetails());
        }
        if (z) {
            statelessTicketCache.putTicketInCache(casAuthenticationToken);
        }
        return casAuthenticationToken;
    }

    private CasAuthenticationToken authenticateNow(Authentication authentication) throws AuthenticationException {
        KualiTicketResponse kualiTicketResponse = (KualiTicketResponse) getTicketValidator().confirmTicketValid(authentication.getCredentials().toString());
        getCasProxyDecider().confirmProxyListTrusted(kualiTicketResponse.getProxyList());
        if (logger.isDebugEnabled()) {
            logger.debug("authenticationNOW:" + kualiTicketResponse);
        }
        logger.debug("\n\npopulating authorities\n\n");
        UserDetails userDetails = ((KualiCasAuthoritiesPopulator) getCasAuthoritiesPopulator()).getUserDetails(kualiTicketResponse);
        return new CasAuthenticationToken(getKey(), userDetails, authentication.getCredentials(), userDetails.getAuthorities(), userDetails, kualiTicketResponse.getProxyList(), kualiTicketResponse.getProxyGrantingTicketIou());
    }
}
