package de.iip_ecosphere.platform.support.aas.basyx.security;

import de.iip_ecosphere.platform.support.CollectionUtils;
import de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRoleAuthenticator;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;

/* loaded from: input_file:support.aas.basyx1_0-0.7.1-SNAPSHOT.zip:target/jars/de.iip-ecosphere.platform.support.aas.basyx-0.7.1-SNAPSHOT-core.jar:de/iip_ecosphere/platform/support/aas/basyx/security/AuthenticationDescriptorBasedAuthenticationManager.class */
public class AuthenticationDescriptorBasedAuthenticationManager implements AuthenticationManager {
    public static final IRoleAuthenticator<Authentication> AUTHENTICATOR = new IRoleAuthenticator<Authentication>() { // from class: de.iip_ecosphere.platform.support.aas.basyx.security.AuthenticationDescriptorBasedAuthenticationManager.1
        public List<String> getRoles(Authentication authentication) {
            List<String> list = null;
            Object details = authentication.getDetails();
            if (null != details) {
                list = CollectionUtils.toList(new String[]{details.toString()});
            }
            return list;
        }
    };
    private Map<String, AuthenticationDescriptor.IdentityTokenWithRole> users = new HashMap();

    public AuthenticationDescriptorBasedAuthenticationManager(AuthenticationDescriptor authenticationDescriptor) {
        for (AuthenticationDescriptor.IdentityTokenWithRole identityTokenWithRole : authenticationDescriptor.getServerUsers()) {
            this.users.put(identityTokenWithRole.getUserName(), identityTokenWithRole);
        }
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        AuthenticationDescriptor.IdentityTokenWithRole identityTokenWithRole = this.users.get(name);
        if (null == identityTokenWithRole) {
            throw new UsernameNotFoundException("User " + name + " unknown.");
        }
        String str = (String) authentication.getCredentials();
        Object obj = "";
        String tokenEncryptionAlgorithm = identityTokenWithRole.getTokenEncryptionAlgorithm();
        if ("UTF-8".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
            obj = "{noop}";
        } else if ("BCRYPT".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
            obj = "{bcrypt}";
        } else if ("SHA256".equalsIgnoreCase(tokenEncryptionAlgorithm)) {
            obj = "{sha256}";
        }
        if (!PasswordEncoderFactories.createDelegatingPasswordEncoder().matches(str, obj + identityTokenWithRole.getTokenDataAsString())) {
            throw new BadCredentialsException("Presented password/token for user " + name + " does not match.");
        }
        UsernamePasswordAuthenticationToken authenticated = UsernamePasswordAuthenticationToken.authenticated(identityTokenWithRole, identityTokenWithRole.getTokenDataAsString(), (Collection) null);
        authenticated.setDetails(identityTokenWithRole.getRole());
        return authenticated;
    }
}
