package org.apereo.cas.support.oauth.authenticator;

import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.profile.OAuthClientProfile;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.OAuth20Validator;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.CredentialsException;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-5.1.5.jar:org/apereo/cas/support/oauth/authenticator/OAuthClientAuthenticator.class */
public class OAuthClientAuthenticator implements Authenticator<UsernamePasswordCredentials> {
    private final OAuth20Validator validator;
    private final ServicesManager servicesManager;

    public OAuthClientAuthenticator(OAuth20Validator oAuth20Validator, ServicesManager servicesManager) {
        this.validator = oAuth20Validator;
        this.servicesManager = servicesManager;
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(UsernamePasswordCredentials usernamePasswordCredentials, WebContext webContext) throws CredentialsException {
        String username = usernamePasswordCredentials.getUsername();
        String password = usernamePasswordCredentials.getPassword();
        OAuthRegisteredService registeredOAuthService = OAuth20Utils.getRegisteredOAuthService(this.servicesManager, username);
        if (!this.validator.checkServiceValid(registeredOAuthService)) {
            throw new CredentialsException("Service invalid for client identifier: " + username);
        }
        if (!this.validator.checkClientSecret(registeredOAuthService, password)) {
            throw new CredentialsException("Bad secret for client identifier: " + username);
        }
        OAuthClientProfile oAuthClientProfile = new OAuthClientProfile();
        oAuthClientProfile.setId(username);
        usernamePasswordCredentials.setUserProfile(oAuthClientProfile);
    }
}
