package org.jasig.cas.support.pac4j.authentication.handler.support;

import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.authentication.BasicCredentialMetaData;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.support.pac4j.authentication.principal.ClientCredential;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.profile.UserProfile;

/* loaded from: input_file:org/jasig/cas/support/pac4j/authentication/handler/support/ClientAuthenticationHandler.class */
public final class ClientAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {

    @NotNull
    private final Clients clients;

    public ClientAuthenticationHandler(Clients clients) {
        this.clients = clients;
    }

    public boolean supports(Credential credential) {
        return credential != null && ClientCredential.class.isAssignableFrom(credential.getClass());
    }

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        ClientCredential clientCredential = (ClientCredential) credential;
        this.logger.debug("clientCredentials : {}", clientCredential);
        String clientName = clientCredential.getCredentials().getClientName();
        this.logger.debug("clientName : {}", clientName);
        Client findClient = this.clients.findClient(clientName);
        this.logger.debug("client : {}", findClient);
        UserProfile userProfile = findClient.getUserProfile(clientCredential.getCredentials());
        this.logger.debug("userProfile : {}", userProfile);
        if (userProfile == null || !StringUtils.isNotBlank(userProfile.getId())) {
            throw new FailedLoginException("Provider did not produce profile for " + clientCredential);
        }
        clientCredential.setUserProfile(userProfile);
        return new HandlerResult(this, new BasicCredentialMetaData(credential), new SimplePrincipal(userProfile.getId(), userProfile.getAttributes()));
    }
}
