package com.netflix.genie.web.security.x509;

import com.google.common.collect.Sets;
import com.netflix.genie.web.security.SecurityConditions;
import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.stereotype.Component;

@Conditional({SecurityConditions.AnySecurityEnabled.class})
@Component
/* loaded from: input_file:WEB-INF/lib/genie-web-3.3.5.jar:com/netflix/genie/web/security/x509/X509UserDetailsService.class */
public class X509UserDetailsService implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
    private static final String ROLE_PREFIX = "ROLE_";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509UserDetailsService.class);
    private static final GrantedAuthority USER_AUTHORITY = new SimpleGrantedAuthority("ROLE_USER");

    @Override // org.springframework.security.core.userdetails.AuthenticationUserDetailsService
    public UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken) throws UsernameNotFoundException {
        log.debug("Entering loadUserDetails with token {}", preAuthenticatedAuthenticationToken);
        Object principal = preAuthenticatedAuthenticationToken.getPrincipal();
        if (principal == null || !(principal instanceof String)) {
            throw new UsernameNotFoundException("Expected principal to be a String");
        }
        String[] split = ((String) principal).split(":");
        if (split.length != 2) {
            throw new UsernameNotFoundException("User and roles not found. Must be in format {user}:{role1,role2...}");
        }
        String str = split[0];
        String[] split2 = split[1].split(",");
        if (split2.length == 0) {
            throw new UsernameNotFoundException("No roles found. Unable to authenticate");
        }
        HashSet newHashSet = Sets.newHashSet(USER_AUTHORITY);
        for (String str2 : split2) {
            newHashSet.add(new SimpleGrantedAuthority(ROLE_PREFIX + str2.toUpperCase()));
        }
        User user = new User(str, "NA", newHashSet);
        log.info("User {} authenticated via client certificate", user);
        return user;
    }
}
