package org.geoserver.security.ldap;

import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.security.DelegatingAuthenticationProvider;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.GeoServerRole;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/security/ldap/LDAPAuthenticationProvider.class */
public class LDAPAuthenticationProvider extends DelegatingAuthenticationProvider {
    private String adminRole;
    private String groupAdminRole;

    public LDAPAuthenticationProvider(AuthenticationProvider authenticationProvider, String str, String str2) {
        super(authenticationProvider);
        this.adminRole = str;
        this.groupAdminRole = str2;
    }

    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
    }

    protected Authentication doAuthenticate(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        UsernamePasswordAuthenticationToken doAuthenticate = super.doAuthenticate(authentication, httpServletRequest);
        if (doAuthenticate == null) {
            return null;
        }
        boolean z = !doAuthenticate.getAuthorities().contains(GeoServerRole.AUTHENTICATED_ROLE);
        boolean z2 = (this.adminRole == null || this.adminRole.equals("") || doAuthenticate.getAuthorities().contains(GeoServerRole.ADMIN_ROLE)) ? false : true;
        boolean z3 = (this.groupAdminRole == null || this.groupAdminRole.equals("") || doAuthenticate.getAuthorities().contains(GeoServerRole.GROUP_ADMIN_ROLE)) ? false : true;
        if (!z && !z2 && !z3) {
            return doAuthenticate;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(doAuthenticate.getAuthorities());
        if (z) {
            arrayList.add(GeoServerRole.AUTHENTICATED_ROLE);
        }
        if (z2 || z3) {
            for (GrantedAuthority grantedAuthority : doAuthenticate.getAuthorities()) {
                if (grantedAuthority.getAuthority().equalsIgnoreCase("ROLE_" + this.adminRole)) {
                    arrayList.add(GeoServerRole.ADMIN_ROLE);
                }
                if (grantedAuthority.getAuthority().equalsIgnoreCase("ROLE_" + this.groupAdminRole)) {
                    arrayList.add(GeoServerRole.GROUP_ADMIN_ROLE);
                }
            }
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(doAuthenticate.getPrincipal(), doAuthenticate.getCredentials(), arrayList);
        usernamePasswordAuthenticationToken.setDetails(doAuthenticate.getDetails());
        return usernamePasswordAuthenticationToken;
    }
}
