package org.springframework.security.kerberos.authentication;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/kerberos/authentication/KerberosServiceAuthenticationProvider.class */
public class KerberosServiceAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private static final Log LOG = LogFactory.getLog((Class<?>) KerberosServiceAuthenticationProvider.class);
    private KerberosTicketValidator ticketValidator;
    private UserDetailsService userDetailsService;
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        KerberosServiceRequestToken kerberosServiceRequestToken = (KerberosServiceRequestToken) authentication;
        byte[] token = kerberosServiceRequestToken.getToken();
        LOG.debug("Try to validate Kerberos Token");
        KerberosTicketValidation validateTicket = this.ticketValidator.validateTicket(token);
        LOG.debug("Succesfully validated " + validateTicket.username());
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(validateTicket.username());
        this.userDetailsChecker.check(loadUserByUsername);
        additionalAuthenticationChecks(loadUserByUsername, kerberosServiceRequestToken);
        KerberosServiceRequestToken kerberosServiceRequestToken2 = new KerberosServiceRequestToken(loadUserByUsername, validateTicket, loadUserByUsername.getAuthorities(), token);
        kerberosServiceRequestToken2.setDetails(authentication.getDetails());
        return kerberosServiceRequestToken2;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<? extends Object> cls) {
        return KerberosServiceRequestToken.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.ticketValidator, "ticketValidator must be specified");
        Assert.notNull(this.userDetailsService, "userDetailsService must be specified");
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setTicketValidator(KerberosTicketValidator kerberosTicketValidator) {
        this.ticketValidator = kerberosTicketValidator;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, KerberosServiceRequestToken kerberosServiceRequestToken) throws AuthenticationException {
    }
}
