package org.gridgain.internal.security.ldap;

import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.ignite3.internal.security.authentication.AuthenticationRequest;
import org.apache.ignite3.internal.security.authentication.Authenticator;
import org.apache.ignite3.internal.security.authentication.UserDetails;
import org.apache.ignite3.internal.security.authentication.UsernamePasswordRequest;
import org.apache.ignite3.security.exception.UnsupportedAuthenticationTypeException;
import org.gridgain.internal.security.ldap.client.LdapClient;
import org.gridgain.internal.security.ldap.configuration.LdapAuthenticationProviderView;
import org.gridgain.internal.security.ldap.configuration.LdapRoleMappingView;

/* loaded from: input_file:org/gridgain/internal/security/ldap/LdapAuthenticator.class */
public class LdapAuthenticator implements Authenticator {
    private final LdapClient client;
    private final LdapAuthenticationProviderView ldapAuthenticationProviderView;

    public LdapAuthenticator(LdapClient ldapClient, LdapAuthenticationProviderView ldapAuthenticationProviderView) {
        this.client = ldapClient;
        this.ldapAuthenticationProviderView = ldapAuthenticationProviderView;
    }

    @Override // org.apache.ignite3.internal.security.authentication.Authenticator
    public UserDetails authenticate(AuthenticationRequest<?, ?> authenticationRequest) {
        if (authenticationRequest instanceof UsernamePasswordRequest) {
            return mapUserContextToUserDetails(this.client.authenticate((String) authenticationRequest.getIdentity(), (String) authenticationRequest.getSecret()));
        }
        throw new UnsupportedAuthenticationTypeException("Unsupported authentication type: " + authenticationRequest.getClass().getName());
    }

    private UserDetails mapUserContextToUserDetails(LdapUserContext ldapUserContext) {
        return new UserDetails(ldapUserContext.username(), this.ldapAuthenticationProviderView.name(), (Set) ldapUserContext.getGroups().stream().flatMap(str -> {
            LdapRoleMappingView ldapRoleMappingView = this.ldapAuthenticationProviderView.roleMapping().get(str);
            return ldapRoleMappingView == null ? Stream.of(str) : Stream.of((Object[]) ldapRoleMappingView.roles());
        }).collect(Collectors.toSet()));
    }
}
