package org.geoserver.security.ldap;

import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.security.DelegatingAuthenticationProvider;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.RoleCalculator;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/security/ldap/LDAPAuthenticationProvider.class */
public class LDAPAuthenticationProvider extends DelegatingAuthenticationProvider {
    private String adminRole;
    private String groupAdminRole;

    public LDAPAuthenticationProvider(AuthenticationProvider authenticationProvider, String str, String str2) {
        super(authenticationProvider);
        this.adminRole = str;
        this.groupAdminRole = str2;
    }

    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
    }

    protected Authentication doAuthenticate(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        UsernamePasswordAuthenticationToken doAuthenticate = super.doAuthenticate(authentication, httpServletRequest);
        if (doAuthenticate == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(doAuthenticate.getAuthorities());
        if (getSecurityManager() != null) {
            try {
                hashSet.addAll(new RoleCalculator(getSecurityManager().getActiveRoleService()).calculateRoles(new GeoServerUser(doAuthenticate.getName())));
            } catch (IOException e) {
                throw new AuthenticationServiceException(e.getLocalizedMessage(), e);
            }
        }
        if (!doAuthenticate.getAuthorities().contains(GeoServerRole.AUTHENTICATED_ROLE)) {
            hashSet.add(GeoServerRole.AUTHENTICATED_ROLE);
        }
        if (this.adminRole != null && !this.adminRole.equals("") && !hashSet.contains(GeoServerRole.ADMIN_ROLE)) {
            Iterator it = doAuthenticate.getAuthorities().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (((GrantedAuthority) it.next()).getAuthority().equalsIgnoreCase(LDAPBaseSecurityServiceConfig.ROLE_PREFIX_DEFAULT + this.adminRole)) {
                    hashSet.add(GeoServerRole.ADMIN_ROLE);
                    break;
                }
            }
        }
        if (this.groupAdminRole != null && !this.groupAdminRole.equals("") && !hashSet.contains(GeoServerRole.GROUP_ADMIN_ROLE)) {
            Iterator it2 = doAuthenticate.getAuthorities().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (((GrantedAuthority) it2.next()).getAuthority().equalsIgnoreCase(LDAPBaseSecurityServiceConfig.ROLE_PREFIX_DEFAULT + this.groupAdminRole)) {
                    hashSet.add(GeoServerRole.GROUP_ADMIN_ROLE);
                    break;
                }
            }
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(doAuthenticate.getPrincipal(), doAuthenticate.getCredentials(), hashSet);
        usernamePasswordAuthenticationToken.setDetails(doAuthenticate.getDetails());
        return usernamePasswordAuthenticationToken;
    }
}
