package org.apache.syncope.core.spring.security;

import javax.annotation.Resource;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.types.AuditElements;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.core.persistence.api.entity.Domain;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.UserProvisioningManager;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;

@Configurable
/* loaded from: input_file:org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.class */
public class UsernamePasswordAuthenticationProvider implements AuthenticationProvider {
    protected static final Logger LOG = LoggerFactory.getLogger(UsernamePasswordAuthenticationProvider.class);
    protected static final Encryptor ENCRYPTOR = Encryptor.getInstance();

    @Autowired
    protected AuthDataAccessor dataAccessor;

    @Autowired
    protected UserProvisioningManager provisioningManager;

    @Autowired
    private DefaultCredentialChecker credentialChecker;

    @Resource(name = "adminUser")
    protected String adminUser;

    @Resource(name = "adminPassword")
    protected String adminPassword;

    @Resource(name = "adminPasswordAlgorithm")
    protected String adminPasswordAlgorithm;

    @Resource(name = "anonymousUser")
    protected String anonymousUser;

    @Resource(name = "anonymousKey")
    protected String anonymousKey;

    public void setAdminPassword(String str) {
        this.adminPassword = str;
    }

    public void setAdminPasswordAlgorithm(String str) {
        this.adminPasswordAlgorithm = str;
    }

    public void setAnonymousKey(String str) {
        this.anonymousKey = str;
    }

    public Authentication authenticate(final Authentication authentication) {
        Boolean bool;
        final String domain = ((SyncopeAuthenticationDetails) SyncopeAuthenticationDetails.class.cast(authentication.getDetails())).getDomain();
        final String[] strArr = new String[1];
        if (this.anonymousUser.equals(authentication.getName())) {
            strArr[0] = this.anonymousUser;
            this.credentialChecker.checkIsDefaultAnonymousKeyInUse();
            bool = Boolean.valueOf(authentication.getCredentials().toString().equals(this.anonymousKey));
        } else if (this.adminUser.equals(authentication.getName())) {
            strArr[0] = this.adminUser;
            if ("Master".equals(domain)) {
                this.credentialChecker.checkIsDefaultAdminPasswordInUse();
                bool = Boolean.valueOf(ENCRYPTOR.verify(authentication.getCredentials().toString(), CipherAlgorithm.valueOf(this.adminPasswordAlgorithm), this.adminPassword));
            } else {
                bool = (Boolean) AuthContextUtils.execWithAuthContext("Master", new AuthContextUtils.Executable<Boolean>() { // from class: org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
                    public Boolean exec() {
                        Domain findDomain = UsernamePasswordAuthenticationProvider.this.dataAccessor.findDomain(domain);
                        return Boolean.valueOf(UsernamePasswordAuthenticationProvider.ENCRYPTOR.verify(authentication.getCredentials().toString(), findDomain.getAdminCipherAlgorithm(), findDomain.getAdminPwd()));
                    }
                });
            }
        } else {
            final Pair pair = (Pair) AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Pair<User, Boolean>>() { // from class: org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
                public Pair<User, Boolean> exec() {
                    return UsernamePasswordAuthenticationProvider.this.dataAccessor.authenticate(authentication);
                }
            });
            bool = (Boolean) pair.getValue();
            if (pair.getLeft() != null && pair.getRight() != null) {
                strArr[0] = ((User) pair.getLeft()).getUsername();
                if (!((Boolean) pair.getRight()).booleanValue()) {
                    AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Void>() { // from class: org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.3
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
                        public Void exec() {
                            UsernamePasswordAuthenticationProvider.this.provisioningManager.internalSuspend(((User) pair.getLeft()).getKey());
                            return null;
                        }
                    });
                }
            }
        }
        if (strArr[0] == null) {
            strArr[0] = authentication.getPrincipal().toString();
        }
        final boolean z = bool != null && bool.booleanValue();
        if (z) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<UsernamePasswordAuthenticationToken>() { // from class: org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
                public UsernamePasswordAuthenticationToken exec() {
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(strArr[0], (Object) null, UsernamePasswordAuthenticationProvider.this.dataAccessor.getAuthorities(strArr[0]));
                    usernamePasswordAuthenticationToken2.setDetails(authentication.getDetails());
                    UsernamePasswordAuthenticationProvider.this.dataAccessor.audit(AuditElements.EventCategoryType.LOGIC, "Authentication", null, "login", AuditElements.Result.SUCCESS, null, Boolean.valueOf(z), authentication, "Successfully authenticated, with entitlements: " + usernamePasswordAuthenticationToken2.getAuthorities());
                    return usernamePasswordAuthenticationToken2;
                }
            });
            LOG.debug("User {} successfully authenticated, with entitlements {}", strArr[0], usernamePasswordAuthenticationToken.getAuthorities());
            return usernamePasswordAuthenticationToken;
        }
        AuthContextUtils.execWithAuthContext(domain, new AuthContextUtils.Executable<Void>() { // from class: org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
            public Void exec() {
                UsernamePasswordAuthenticationProvider.this.dataAccessor.audit(AuditElements.EventCategoryType.LOGIC, "Authentication", null, "login", AuditElements.Result.FAILURE, null, Boolean.valueOf(z), authentication, "User " + strArr[0] + " not authenticated");
                return null;
            }
        });
        LOG.debug("User {} not authenticated", strArr[0]);
        throw new BadCredentialsException("User " + strArr[0] + " not authenticated");
    }

    public boolean supports(Class<? extends Object> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
