package it.geosolutions.geostore.services.rest.security;

import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.GroupReservedNames;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.core.security.UserMapper;
import it.geosolutions.geostore.services.UserGroupService;
import it.geosolutions.geostore.services.UserService;
import it.geosolutions.geostore.services.exception.BadRequestServiceEx;
import it.geosolutions.geostore.services.exception.NotFoundServiceEx;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapUserDetails;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/security/UserLdapAuthenticationProvider.class */
public class UserLdapAuthenticationProvider extends LdapAuthenticationProvider {
    private static final Logger LOGGER = Logger.getLogger(UserLdapAuthenticationProvider.class);

    @Autowired
    UserService userService;

    @Autowired
    UserGroupService userGroupService;
    private UserMapper userMapper;
    private static final String UNAUTHORIZED_MSG = "Bad credentials";
    public static final String USER_NOT_FOUND_MSG = "User not found. Please check your credentials";
    public static final String USER_NOT_ENABLED = "The user present but not enabled";

    public UserLdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        super(ldapAuthenticator, ldapAuthoritiesPopulator);
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    public void setUserGroupService(UserGroupService userGroupService) {
        this.userGroupService = userGroupService;
    }

    public void setUserMapper(UserMapper userMapper) {
        this.userMapper = userMapper;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        User user;
        try {
            Authentication authenticate = super.authenticate(authentication);
            if (!authenticate.isAuthenticated()) {
                throw new BadCredentialsException(UNAUTHORIZED_MSG);
            }
            LdapUserDetails ldapUserDetails = (LdapUserDetails) authenticate.getPrincipal();
            if (!ldapUserDetails.isAccountNonExpired() || !ldapUserDetails.isAccountNonLocked() || !ldapUserDetails.isCredentialsNonExpired() || !ldapUserDetails.isEnabled()) {
                throw new DisabledException("User not found. Please check your credentials");
            }
            Collection<GrantedAuthority> authorities = ldapUserDetails.getAuthorities();
            String str = (String) authenticate.getCredentials();
            String username = ldapUserDetails.getUsername();
            try {
                user = this.userService.get(username);
                LOGGER.info("US: " + username);
            } catch (Exception e) {
                LOGGER.info("User not found. Please check your credentials");
                user = null;
            }
            if (!user.isEnabled()) {
                throw new DisabledException("User not found. Please check your credentials");
            }
            if (user != null) {
                try {
                    HashSet hashSet = new HashSet();
                    Role extractUserRoleAndGroups = extractUserRoleAndGroups(user.getRole(), authorities, hashSet);
                    user.setRole(extractUserRoleAndGroups);
                    user.setGroups(GroupReservedNames.checkReservedGroups(hashSet));
                    if (this.userService != null) {
                        this.userService.update(user);
                    }
                    return prepareAuthentication(str, user, extractUserRoleAndGroups);
                } catch (NotFoundServiceEx e2) {
                    LOGGER.log(Level.ERROR, e2.getMessage(), e2);
                    throw new UsernameNotFoundException("User not found. Please check your credentials");
                } catch (BadRequestServiceEx e3) {
                    LOGGER.log(Level.ERROR, e3.getMessage(), e3);
                    throw new UsernameNotFoundException("User not found. Please check your credentials");
                }
            }
            try {
                User user2 = new User();
                user2.setName(username);
                user2.setNewPassword((String) null);
                user2.setEnabled(true);
                HashSet hashSet2 = new HashSet();
                Role extractUserRoleAndGroups2 = extractUserRoleAndGroups(null, authorities, hashSet2);
                user2.setRole(extractUserRoleAndGroups2);
                user2.setGroups(GroupReservedNames.checkReservedGroups(hashSet2));
                if (this.userMapper != null) {
                    this.userMapper.mapUser(ldapUserDetails, user2);
                }
                if (this.userService != null) {
                    this.userService.insert(user2);
                }
                return prepareAuthentication(str, user2, extractUserRoleAndGroups2);
            } catch (NotFoundServiceEx e4) {
                LOGGER.log(Level.ERROR, e4.getMessage(), e4);
                throw new UsernameNotFoundException("User not found. Please check your credentials");
            } catch (BadRequestServiceEx e5) {
                LOGGER.log(Level.ERROR, e5.getMessage(), e5);
                throw new UsernameNotFoundException("User not found. Please check your credentials");
            }
        } catch (Exception e6) {
            LOGGER.log(Level.ERROR, e6.getMessage(), e6);
            throw new BadCredentialsException(UNAUTHORIZED_MSG);
        }
    }

    protected Authentication prepareAuthentication(String str, User user, Role role) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GrantedAuthorityImpl("ROLE_" + role));
        return new UsernamePasswordAuthenticationToken(user, str, arrayList);
    }

    protected Role extractUserRoleAndGroups(Role role, Collection<GrantedAuthority> collection, Set<UserGroup> set) throws BadRequestServiceEx {
        Role role2 = role != null ? role : Role.USER;
        for (GrantedAuthority grantedAuthority : collection) {
            if (!grantedAuthority.getAuthority().startsWith("ROLE_")) {
                set.add(synchronizeGroup(grantedAuthority));
            } else if (grantedAuthority.getAuthority().toUpperCase().endsWith("ADMIN") && (role2 == Role.GUEST || role2 == Role.USER)) {
                role2 = Role.ADMIN;
            } else if (grantedAuthority.getAuthority().toUpperCase().endsWith("USER") && role2 == Role.GUEST) {
                role2 = Role.USER;
            }
        }
        return role2;
    }

    public void synchronizeGroups() throws BadRequestServiceEx {
        if (getAuthoritiesPopulator() instanceof GroupsRolesService) {
            Iterator<GrantedAuthority> it2 = getAuthoritiesPopulator().getAllGroups().iterator();
            while (it2.hasNext()) {
                synchronizeGroup(it2.next());
            }
        }
    }

    private UserGroup synchronizeGroup(GrantedAuthority grantedAuthority) throws BadRequestServiceEx {
        UserGroup userGroup = new UserGroup();
        userGroup.setGroupName(grantedAuthority.getAuthority());
        if (this.userGroupService == null) {
            return userGroup;
        }
        UserGroup userGroup2 = this.userGroupService.get(userGroup.getGroupName());
        if (userGroup2 == null) {
            LOGGER.log(Level.INFO, "Creating new group from LDAP: " + userGroup.getGroupName());
            userGroup2 = this.userGroupService.get(this.userGroupService.insert(userGroup));
        }
        return userGroup2;
    }
}
