package org.apereo.cas.support.oauth.authenticator;

import java.util.HashMap;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.token.JwtBuilder;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.5.8.jar:org/apereo/cas/support/oauth/authenticator/OAuth20AccessTokenAuthenticator.class */
public class OAuth20AccessTokenAuthenticator implements Authenticator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20AccessTokenAuthenticator.class);
    private final TicketRegistry ticketRegistry;
    private final JwtBuilder accessTokenJwtBuilder;

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder$OAuth20JwtAccessTokenEncoderBuilder] */
    private String extractAccessTokenFrom(TokenCredentials tokenCredentials) {
        return OAuth20JwtAccessTokenEncoder.builder().accessTokenJwtBuilder(this.accessTokenJwtBuilder).build().decode(tokenCredentials.getToken());
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(Credentials credentials, WebContext webContext, SessionStore sessionStore) {
        TokenCredentials tokenCredentials = (TokenCredentials) credentials;
        String extractAccessTokenFrom = extractAccessTokenFrom(tokenCredentials);
        LOGGER.trace("Received access token [{}] for authentication", extractAccessTokenFrom);
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) this.ticketRegistry.getTicket(extractAccessTokenFrom, OAuth20AccessToken.class);
        if (oAuth20AccessToken == null || oAuth20AccessToken.isExpired()) {
            LOGGER.error("Provided access token [{}] is either not found in the ticket registry or has expired", extractAccessTokenFrom);
            return;
        }
        CommonProfile buildUserProfile = buildUserProfile(tokenCredentials, webContext, oAuth20AccessToken);
        if (buildUserProfile != null) {
            LOGGER.trace("Final user profile based on access token [{}] is [{}]", oAuth20AccessToken, buildUserProfile);
            tokenCredentials.setUserProfile(buildUserProfile);
        }
    }

    protected CommonProfile buildUserProfile(TokenCredentials tokenCredentials, WebContext webContext, OAuth20AccessToken oAuth20AccessToken) {
        CommonProfile commonProfile = new CommonProfile(true);
        Authentication authentication = oAuth20AccessToken.getAuthentication();
        Principal principal = authentication.getPrincipal();
        commonProfile.setId(principal.getId());
        HashMap hashMap = new HashMap(principal.getAttributes());
        hashMap.putAll(authentication.getAttributes());
        commonProfile.addAttributes(hashMap);
        LOGGER.trace("Built user profile based on access token [{}] is [{}]", oAuth20AccessToken, commonProfile);
        return commonProfile;
    }

    @Generated
    public OAuth20AccessTokenAuthenticator(TicketRegistry ticketRegistry, JwtBuilder jwtBuilder) {
        this.ticketRegistry = ticketRegistry;
        this.accessTokenJwtBuilder = jwtBuilder;
    }
}
