package com.gitlab.credit_reference_platform.crp.gateway.customize.cub.security.configuration;

import com.gitlab.credit_reference_platform.crp.gateway.customize.cub.service.ISsoTokenService;
import com.gitlab.credit_reference_platform.crp.gateway.exception.ServiceException;
import com.gitlab.credit_reference_platform.crp.gateway.security.user.service.PortalUserService;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/gitlab/credit_reference_platform/crp/gateway/customize/cub/security/configuration/SsoAuthenticationProvider.class */
public class SsoAuthenticationProvider implements AuthenticationProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SsoAuthenticationProvider.class);

    @Autowired
    private ISsoTokenService ssoTokenService;

    @Autowired
    private PortalUserService userService;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        SsoAuthenticationToken ssoAuthenticationToken = (SsoAuthenticationToken) authentication;
        String originalEmployeeId = ssoAuthenticationToken.getOriginalEmployeeId();
        String employeeId = ssoAuthenticationToken.getEmployeeId();
        String ssoToken = ssoAuthenticationToken.getSsoToken();
        String ip = ssoAuthenticationToken.getIp();
        String appName = ssoAuthenticationToken.getAppName();
        try {
            UserDetails loadUserByUsername = this.userService.loadUserByUsername(employeeId);
            try {
                if (this.ssoTokenService.verifyToken(originalEmployeeId, appName, ssoToken, ip)) {
                    return new SsoAuthenticationToken(loadUserByUsername, originalEmployeeId, employeeId, ssoToken, ip, appName, loadUserByUsername.getAuthorities());
                }
                throw new BadCredentialsException("Credential not valid");
            } catch (ServiceException e) {
                log.error("Failed to connect to SSO service", (Throwable) e);
                throw new InternalAuthenticationServiceException("Failed to connect to SSO service", e);
            }
        } catch (UsernameNotFoundException e2) {
            log.warn("Employee ID [{}] not found in database", employeeId);
            throw e2;
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return SsoAuthenticationToken.class.isAssignableFrom(cls);
    }
}
