package org.geoserver.geoserver.authentication.auth;

import java.io.IOException;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.geofence.services.RuleReaderService;
import org.geoserver.geofence.services.dto.AuthUser;
import org.geoserver.security.GeoServerAuthenticationProvider;
import org.geoserver.security.SecurityUtils;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.GeoServerRole;
import org.geotools.util.logging.Logging;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/geoserver/geoserver/authentication/auth/GeoFenceAuthenticationProvider.class */
public class GeoFenceAuthenticationProvider extends GeoServerAuthenticationProvider implements AuthenticationManager {
    private static final Logger LOGGER = Logging.getLogger(GeoFenceAuthenticationProvider.class.getName());
    private RuleReaderService ruleReaderService;

    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        LOGGER.warning("INIT FROM CONFIG");
        super.initializeFromConfig(securityNamedServiceConfig);
    }

    public boolean supports(Class<? extends Object> cls, HttpServletRequest httpServletRequest) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public Authentication authenticate(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = null;
        LOGGER.log(Level.FINE, "Auth request with {0}", authentication);
        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
            return null;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = (UsernamePasswordAuthenticationToken) authentication;
        String username = SecurityUtils.getUsername(usernamePasswordAuthenticationToken2.getPrincipal());
        try {
            AuthUser authorize = this.ruleReaderService.authorize(username, usernamePasswordAuthenticationToken2.getCredentials().toString());
            if (authorize != null) {
                LOGGER.log(Level.FINE, "User {0} authenticated: {1}", new Object[]{username, authorize});
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(usernamePasswordAuthenticationToken2.getAuthorities());
                arrayList.add(GeoServerRole.AUTHENTICATED_ROLE);
                if (authorize.getRole() == AuthUser.Role.ADMIN) {
                    arrayList.add(GeoServerRole.ADMIN_ROLE);
                    arrayList.add(new SimpleGrantedAuthority("ADMIN"));
                }
                usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(username, usernamePasswordAuthenticationToken2.getCredentials(), arrayList);
            } else if ("admin".equals(username) && "geoserver".equals(usernamePasswordAuthenticationToken2.getCredentials())) {
                LOGGER.log(Level.FINE, "Default admin credentials NOT authenticated -- probably a frontend check");
            } else {
                LOGGER.log(Level.INFO, "User {0} NOT authenticated", username);
            }
            return usernamePasswordAuthenticationToken;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Error in authenticating with GeoFence", (Throwable) e);
            throw new AuthenticationException("Error in GeoFence communication", e) { // from class: org.geoserver.geoserver.authentication.auth.GeoFenceAuthenticationProvider.1
            };
        }
    }

    public void setRuleReaderService(RuleReaderService ruleReaderService) {
        this.ruleReaderService = ruleReaderService;
    }
}
