package de.sep.sesam.restapi.authentication;

import de.sep.sesam.common.logging.LogGroup;
import de.sep.sesam.common.logging.SepLogLevel;
import de.sep.sesam.common.logging.messages.SimpleMessage;
import de.sep.sesam.model.Credentials;
import de.sep.sesam.model.ExternalGroups;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.type.AuthenticationType;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.restapi.exception.AuthenticationException;
import de.sep.sesam.restapi.exception.ServiceException;
import de.sep.sesam.restapi.v2.auth.dto.LoginDto;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.ldap.CommunicationException;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapUserDetails;

/* loaded from: input_file:de/sep/sesam/restapi/authentication/AbstractExternalCredentialsLogin.class */
public abstract class AbstractExternalCredentialsLogin extends AbstractCredentialsLogin {
    static final /* synthetic */ boolean $assertionsDisabled;

    public AbstractExternalCredentialsLogin(Credentials credentials) {
        if (!$assertionsDisabled && credentials == null) {
            throw new AssertionError();
        }
        setCredentials(credentials);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.sep.sesam.restapi.authentication.AbstractCredentialsLogin
    public SessionContext createAndAuthenticateUser(LoginDto loginDto) throws AuthenticationException {
        getLogger().start("createAndAuthenticateUser", SepLogLevel.INFO, LogGroup.SECURITY, loginDto.getUsername(), loginDto.getIP());
        checkAuthenticationProvider();
        if (getAuthenticationProvider() == null) {
            return null;
        }
        String authenticationProviderDetailsMessage = getAuthenticationProviderDetailsMessage();
        if (StringUtils.isNotBlank(authenticationProviderDetailsMessage)) {
            getLogger().info("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage(authenticationProviderDetailsMessage), new Object[0]);
        }
        try {
            Authentication authenticate = getAuthenticationProvider().authenticate(new UsernamePasswordAuthenticationToken(loginDto.getUsername(), loginDto.getSecret()));
            if (authenticate == null || !authenticate.isAuthenticated()) {
                throw new AuthenticationException(AuthenticationException.AuthMessage.CREDENTIALS_INVALID, new Object[0]);
            }
            LdapUserDetails ldapUserDetails = null;
            if (authenticate.getPrincipal() instanceof LdapUserDetails) {
                ldapUserDetails = (LdapUserDetails) authenticate.getPrincipal();
            }
            if (ldapUserDetails != null && (!ldapUserDetails.isAccountNonExpired() || !ldapUserDetails.isAccountNonLocked())) {
                throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, loginDto.getUsername());
            }
            if (ldapUserDetails != null && !ldapUserDetails.isCredentialsNonExpired()) {
                throw new AuthenticationException(AuthenticationException.AuthMessage.PASSWORD_INVALID, loginDto.getUsername());
            }
            Collection<? extends GrantedAuthority> authorities = ldapUserDetails != null ? ldapUserDetails.getAuthorities() : Collections.emptyList();
            getLogger().info("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("{0} {1} Groups: {2}"), loginDto.getUsername(), getCredentialsType(), authorities);
            ArrayList arrayList = new ArrayList();
            Iterator<? extends GrantedAuthority> it = authorities.iterator();
            while (it.hasNext()) {
                arrayList.add(((GrantedAuthority) it.next()).getAuthority());
            }
            if (arrayList.isEmpty()) {
                getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, AuthenticationException.AuthMessage.NO_AUTHORITIES, loginDto.getUsername());
                return null;
            }
            ArrayList arrayList2 = new ArrayList();
            try {
                List<ExternalGroups> byMapping = getDaos().getExternalGroupsDao().getByMapping(arrayList, true);
                if (byMapping != null) {
                    arrayList2.addAll(byMapping);
                }
            } catch (ServiceException e) {
            }
            if (arrayList2.isEmpty()) {
                getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, AuthenticationException.AuthMessage.NO_MAPPING, loginDto.getUsername());
                return null;
            }
            Users byNameInternal = getDaos().getUsersDao().getByNameInternal(loginDto.getUsername());
            if (byNameInternal == null) {
                Users users = new Users();
                users.setAccountExpired(false);
                users.setEnabled(true);
                users.setLocked(false);
                users.setPasswordExpired(false);
                users.setName(loginDto.getUsername());
                users.setPassword(UUID.randomUUID().toString());
                UserOrigin credentialsOrigin = getCredentialsOrigin();
                if (!$assertionsDisabled && credentialsOrigin == null) {
                    throw new AssertionError();
                }
                users.setOrigin(credentialsOrigin);
                users.setUsercomment(getCredentialsType() + " User");
                try {
                    byNameInternal = (Users) getDaos().getUsersDao().create(users);
                } catch (ServiceException e2) {
                    getLogger().info("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("Failed to auto create account for {0} user {1}."), getCredentialsType(), loginDto.getUsername());
                    throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, loginDto.getUsername());
                }
            }
            if (!Boolean.TRUE.equals(byNameInternal.getEnabled())) {
                getLogger().info("createAndAuthenticateUser", LogGroup.SECURITY, AuthenticationException.AuthMessage.USER_DISABLED, loginDto.getUsername());
                throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, loginDto.getUsername());
            }
            List<Groups> list = null;
            try {
                getDaos().getUserGroupRelationsDao().removeByUser(byNameInternal.getId());
                list = getDaos().getGroupsDao().getGroupsByExternalGroup(arrayList2);
                Iterator<Groups> it2 = list.iterator();
                while (it2.hasNext()) {
                    getDaos().getGroupsDao().persistUsers(byNameInternal.getId(), it2.next().getId());
                }
            } catch (ServiceException e3) {
            }
            getLogger().success("createAndAuthenticateUser", SepLogLevel.INFO, LogGroup.SECURITY, loginDto.getUsername());
            return new SessionContext(getDaos(), loginDto.getType(), AuthenticationType.LDAP, byNameInternal, list, arrayList, loginDto.getIP(), loginDto.getLoginName());
        } catch (CommunicationException e4) {
            getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, AuthenticationException.AuthMessage.COMMUNICATION_FAILED, getExceptionMessage(e4));
            return null;
        } catch (AccountExpiredException | LockedException e5) {
            getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("{0} Authentication Failed. {1}"), loginDto.getUsername(), getExceptionMessage(e5));
            throw new AuthenticationException(AuthenticationException.AuthMessage.ACCOUNT_INVALID, loginDto.getUsername());
        } catch (CredentialsExpiredException e6) {
            getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("{0} Authentication Failed. {1}"), loginDto.getUsername(), getExceptionMessage(e6));
            throw new AuthenticationException(AuthenticationException.AuthMessage.PASSWORD_INVALID, loginDto.getUsername());
        } catch (DisabledException e7) {
            getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("{0} Authentication Failed. {1}"), loginDto.getUsername(), getExceptionMessage(e7));
            throw new AuthenticationException(AuthenticationException.AuthMessage.USER_DISABLED, loginDto.getUsername());
        } catch (org.springframework.security.core.AuthenticationException e8) {
            getLogger().error("createAndAuthenticateUser", LogGroup.SECURITY, new SimpleMessage("{0} Authentication Failed. {1}"), loginDto.getUsername(), getExceptionMessage(e8));
            return null;
        }
    }

    protected String getExceptionMessage(Throwable th) {
        if (th == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(th.getLocalizedMessage());
        Throwable cause = th.getCause();
        if (cause instanceof org.springframework.security.core.AuthenticationException) {
            boolean z = false;
            sb.append(" (");
            do {
                if (z) {
                    sb.append(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR);
                }
                sb.append(cause.getLocalizedMessage());
                z = true;
                cause = cause.getCause();
            } while (cause instanceof org.springframework.security.core.AuthenticationException);
            sb.append(")");
        }
        return sb.toString();
    }

    protected abstract UserOrigin getCredentialsOrigin();

    protected String getAuthenticationProviderDetailsMessage() {
        return "Trying external authentication source with '" + getCredentials() + "'.";
    }

    static {
        $assertionsDisabled = !AbstractExternalCredentialsLogin.class.desiredAssertionStatus();
    }
}
