package org.apache.syncope.core.misc.security;

import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.types.AuditElements;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.core.misc.security.AuthContextUtils;
import org.apache.syncope.core.persistence.api.entity.Domain;
import org.apache.syncope.core.provisioning.api.UserProvisioningManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;

@Configurable
/* loaded from: input_file:org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.class */
public class SyncopeAuthenticationProvider implements AuthenticationProvider {
    protected static final Logger LOG = LoggerFactory.getLogger(SyncopeAuthenticationProvider.class);

    @Autowired
    protected AuthDataAccessor dataAccessor;

    @Autowired
    protected UserProvisioningManager provisioningManager;

    @Resource(name = "adminUser")
    protected String adminUser;

    @Resource(name = "anonymousUser")
    protected String anonymousUser;
    protected String adminPassword;
    protected String adminPasswordAlgorithm;
    protected String anonymousKey;
    protected UserDetailsService userDetailsService;
    protected final Encryptor encryptor = Encryptor.getInstance();

    public void setAdminPassword(String str) {
        this.adminPassword = str;
    }

    public void setAdminPasswordAlgorithm(String str) {
        this.adminPasswordAlgorithm = str;
    }

    public void setAnonymousKey(String str) {
        this.anonymousKey = str;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public Authentication authenticate(final Authentication authentication) {
        Boolean bool;
        String domain = ((SyncopeAuthenticationDetails) SyncopeAuthenticationDetails.class.cast(authentication.getDetails())).getDomain();
        if (StringUtils.isBlank(domain)) {
            domain = "Master";
        }
        ((SyncopeAuthenticationDetails) SyncopeAuthenticationDetails.class.cast(authentication.getDetails())).setDomain(domain);
        if (this.anonymousUser.equals(authentication.getName())) {
            bool = Boolean.valueOf(authentication.getCredentials().toString().equals(this.anonymousKey));
        } else if (!this.adminUser.equals(authentication.getName())) {
            final Pair pair = (Pair) AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Pair<Long, Boolean>>() { // from class: org.apache.syncope.core.misc.security.SyncopeAuthenticationProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.syncope.core.misc.security.AuthContextUtils.Executable
                public Pair<Long, Boolean> exec() {
                    return SyncopeAuthenticationProvider.this.dataAccessor.authenticate(authentication);
                }
            });
            bool = (Boolean) pair.getValue();
            if (bool != null && !bool.booleanValue()) {
                AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Void>() { // from class: org.apache.syncope.core.misc.security.SyncopeAuthenticationProvider.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.apache.syncope.core.misc.security.AuthContextUtils.Executable
                    public Void exec() {
                        SyncopeAuthenticationProvider.this.provisioningManager.internalSuspend((Long) pair.getKey());
                        return null;
                    }
                });
            }
        } else if ("Master".equals(domain)) {
            bool = Boolean.valueOf(this.encryptor.verify(authentication.getCredentials().toString(), CipherAlgorithm.valueOf(this.adminPasswordAlgorithm), this.adminPassword));
        } else {
            final String str = domain;
            bool = (Boolean) AuthContextUtils.execWithAuthContext("Master", new AuthContextUtils.Executable<Boolean>() { // from class: org.apache.syncope.core.misc.security.SyncopeAuthenticationProvider.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.syncope.core.misc.security.AuthContextUtils.Executable
                public Boolean exec() {
                    Domain findDomain = SyncopeAuthenticationProvider.this.dataAccessor.findDomain(str);
                    return Boolean.valueOf(SyncopeAuthenticationProvider.this.encryptor.verify(authentication.getCredentials().toString(), findDomain.getAdminCipherAlgorithm(), findDomain.getAdminPwd()));
                }
            });
        }
        final boolean z = bool != null && bool.booleanValue();
        if (z) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<UsernamePasswordAuthenticationToken>() { // from class: org.apache.syncope.core.misc.security.SyncopeAuthenticationProvider.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.syncope.core.misc.security.AuthContextUtils.Executable
                public UsernamePasswordAuthenticationToken exec() {
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), (Object) null, SyncopeAuthenticationProvider.this.userDetailsService.loadUserByUsername(authentication.getPrincipal().toString()).getAuthorities());
                    usernamePasswordAuthenticationToken2.setDetails(authentication.getDetails());
                    SyncopeAuthenticationProvider.this.dataAccessor.audit(AuditElements.EventCategoryType.REST, "Authentication", null, "login", AuditElements.Result.SUCCESS, null, Boolean.valueOf(z), authentication, "Successfully authenticated, with entitlements: " + usernamePasswordAuthenticationToken2.getAuthorities());
                    return usernamePasswordAuthenticationToken2;
                }
            });
            LOG.debug("User {} successfully authenticated, with entitlements {}", authentication.getPrincipal(), usernamePasswordAuthenticationToken.getAuthorities());
            return usernamePasswordAuthenticationToken;
        }
        AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Void>() { // from class: org.apache.syncope.core.misc.security.SyncopeAuthenticationProvider.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.syncope.core.misc.security.AuthContextUtils.Executable
            public Void exec() {
                SyncopeAuthenticationProvider.this.dataAccessor.audit(AuditElements.EventCategoryType.REST, "Authentication", null, "login", AuditElements.Result.FAILURE, null, Boolean.valueOf(z), authentication, "User " + authentication.getPrincipal() + " not authenticated");
                return null;
            }
        });
        LOG.debug("User {} not authenticated", authentication.getPrincipal());
        throw new BadCredentialsException("User " + authentication.getPrincipal() + " not authenticated");
    }

    public boolean supports(Class<? extends Object> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
