package ch.admin.smclient2.web.application;

import ch.admin.smclient.model.User;
import ch.admin.smclient.service.LDAPProperties;
import ch.admin.smclient.service.MandantRepository;
import ch.admin.smclient.service.postfach.AdminService;
import ch.admin.smclient.service.repository.FileRepository;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.Spliterators;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.quartz.impl.StdSchedulerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/ch/admin/smclient2/web/application/SmcAuthenticationProvider.class */
public class SmcAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SmcAuthenticationProvider.class);

    @Autowired
    private FileRepository fileRepository;

    @Autowired
    private AdminService adminService;

    @Autowired
    private MandantRepository mandantRepository;

    @Value("${mandant.name:#{null}}")
    private String defaultMandantName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/classes/ch/admin/smclient2/web/application/SmcAuthenticationProvider$AutoClosableInitialLdapContext.class */
    public static class AutoClosableInitialLdapContext extends InitialLdapContext implements AutoCloseable {
        AutoClosableInitialLdapContext(Hashtable<?, ?> hashtable) throws NamingException {
            super(hashtable, (Control[]) null);
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            try {
                super.close();
            } catch (Exception e) {
            }
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (userDetails instanceof SmcUserPrincipal) {
            SmcUserPrincipal smcUserPrincipal = (SmcUserPrincipal) userDetails;
            if (!smcUserPrincipal.getIsLdap().booleanValue() && !smcUserPrincipal.getUser().equalsPassword(usernamePasswordAuthenticationToken.getCredentials().toString())) {
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!(usernamePasswordAuthenticationToken instanceof SmcAuthenticationToken)) {
            return null;
        }
        SmcAuthenticationToken smcAuthenticationToken = (SmcAuthenticationToken) usernamePasswordAuthenticationToken;
        String mandant = smcAuthenticationToken.getMandant();
        if (!StringUtils.isEmpty(mandant) || !str.equals("SuperUser")) {
            String mandant2 = getMandant(mandant);
            LDAPProperties lDAPProperties = this.fileRepository.getLDAPProperties(mandant2);
            return lDAPProperties.isLdapEnabled() ? authWithLDAP(smcAuthenticationToken, mandant2, lDAPProperties) : authWithDB(str, mandant2);
        }
        User superUser = this.adminService.getSuperUser(str);
        if (superUser == null) {
            throw new UsernameNotFoundException("Super user not found");
        }
        return new SmcUserPrincipal(superUser, new Locale(superUser.getDefaultLanguage()), (List) superUser.getRole().stream().map(role -> {
            return new SimpleGrantedAuthority("ROLE_" + role.getName());
        }).collect(Collectors.toList()), false);
    }

    private String getMandant(String str) {
        String str2 = str;
        if (StringUtils.isEmpty(str2)) {
            if (this.defaultMandantName != null) {
                str2 = this.defaultMandantName;
            } else {
                List list = this.mandantRepository.findAllActive().stream().map((v0) -> {
                    return v0.getSedexId();
                }).toList();
                if (list.size() != 1) {
                    throw new RuntimeException("No default mandant found");
                }
                str2 = (String) list.get(0);
            }
        }
        return str2;
    }

    private UserDetails authWithDB(String str, String str2) {
        log.debug("authenticating {} using DB", str);
        User userByName = this.adminService.getUserByName(str, str2);
        if (userByName != null) {
            return new SmcUserPrincipal(userByName, new Locale(userByName.getDefaultLanguage()), (List) userByName.getRole().stream().map(role -> {
                return getAuthority(role.getName());
            }).collect(Collectors.toList()), false);
        }
        User user = new User();
        user.setPassword("password");
        user.equalsPassword("usernameNotFound");
        throw new UsernameNotFoundException(str);
    }

    private UserDetails authWithLDAP(SmcAuthenticationToken smcAuthenticationToken, String str, LDAPProperties lDAPProperties) {
        String obj = smcAuthenticationToken.getPrincipal().toString();
        String obj2 = smcAuthenticationToken.getCredentials().toString();
        log.info("authenticating {} using LDAP", obj);
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PROVDER, lDAPProperties.getProviderURL());
        hashtable.put("java.naming.security.authentication", lDAPProperties.getAuthenticationType());
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PRINCIPAL, String.format("%s=%s,%s", lDAPProperties.getBaseFilter(), obj, lDAPProperties.getBaseCtxDN()));
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_CREDENTIALS, obj2);
        try {
            AutoClosableInitialLdapContext autoClosableInitialLdapContext = new AutoClosableInitialLdapContext(hashtable);
            try {
                User buildLdapUser = buildLdapUser(autoClosableInitialLdapContext, smcAuthenticationToken, str, lDAPProperties);
                SmcUserPrincipal smcUserPrincipal = new SmcUserPrincipal(buildLdapUser, new Locale(buildLdapUser.getDefaultLanguage()), getLdapRoles(obj, hashtable, lDAPProperties), true);
                autoClosableInitialLdapContext.close();
                return smcUserPrincipal;
            } finally {
            }
        } catch (NamingException e) {
            UserDetails superUser = getSuperUser(obj);
            if (superUser != null) {
                return superUser;
            }
            log.info("i-0430 | login failed", e);
            throw new UsernameNotFoundException(obj);
        }
    }

    private GrantedAuthority getAuthority(String str) {
        return new SimpleGrantedAuthority(String.format("ROLE_%s", str));
    }

    private User buildLdapUser(AutoClosableInitialLdapContext autoClosableInitialLdapContext, SmcAuthenticationToken smcAuthenticationToken, String str, LDAPProperties lDAPProperties) {
        String obj = smcAuthenticationToken.getPrincipal().toString();
        Locale preferredLocale = smcAuthenticationToken.getPreferredLocale();
        User user = new User();
        user.setUsername(obj);
        user.setMandant(this.mandantRepository.findById(str));
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(0);
            String obj2 = ((SearchResult) autoClosableInitialLdapContext.search(String.format("%s=%s,%s", lDAPProperties.getBaseFilter(), obj, lDAPProperties.getBaseCtxDN()), String.format("(%s=%s)", lDAPProperties.getBaseFilter(), obj), searchControls).next()).getAttributes().get(lDAPProperties.getLanguageAttributeID()).get().toString();
            String orElseGet = fromSupportedLanguage(obj2, smcAuthenticationToken.getLocales()).orElseGet(() -> {
                String language = preferredLocale.getLanguage();
                log.warn("w-0432 | Unable to set user's language: '{}'. Probably not a supported language. Default '{}' will be used.", obj2, language);
                return language;
            });
            log.info("Set language {}", orElseGet);
            user.setDefaultLanguage(orElseGet);
        } catch (Exception e) {
            String language = preferredLocale.getLanguage();
            user.setDefaultLanguage(language);
            log.warn("w-0432 | Unable to read user's language {} {} will be used", e.getMessage(), language);
        }
        return user;
    }

    private List<GrantedAuthority> getLdapRoles(String str, Hashtable<String, String> hashtable, LDAPProperties lDAPProperties) {
        ArrayList arrayList = new ArrayList();
        if (lDAPProperties.getBindDN() != null) {
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PRINCIPAL, lDAPProperties.getBindDN());
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_CREDENTIALS, lDAPProperties.getBindCredential());
        }
        try {
            AutoClosableInitialLdapContext autoClosableInitialLdapContext = new AutoClosableInitialLdapContext(hashtable);
            try {
                SearchControls searchControls = new SearchControls();
                String rolesCtxDN = lDAPProperties.getRolesCtxDN();
                String roleFilter = lDAPProperties.getRoleFilter();
                String roleAttributeID = lDAPProperties.getRoleAttributeID();
                searchControls.setReturningAttributes(new String[]{roleAttributeID});
                searchControls.setSearchScope(1);
                NamingEnumeration search = autoClosableInitialLdapContext.search(rolesCtxDN, roleFilter.replaceAll("'username'", str), searchControls);
                while (search != null) {
                    if (!search.hasMore()) {
                        break;
                    }
                    NamingEnumeration all = ((SearchResult) search.next()).getAttributes().get(roleAttributeID).getAll();
                    while (all.hasMoreElements()) {
                        String obj = all.nextElement().toString();
                        log.debug("Role {}", obj);
                        if (obj.equals(lDAPProperties.getAdminRoleMapper())) {
                            log.info("Mapping role {} to {}", obj, LDAPProperties.DEFAULT_ADMIN_ROLE);
                            arrayList.add(getAuthority(LDAPProperties.DEFAULT_ADMIN_ROLE));
                        }
                        if (obj.equals(lDAPProperties.getActiveUserRoleMapper())) {
                            log.info("Mapping role {} to {}", obj, LDAPProperties.DEFAULT_ACTIVEUSER_ROLE);
                            arrayList.add(getAuthority(LDAPProperties.DEFAULT_ACTIVEUSER_ROLE));
                        }
                        if (obj.equals(lDAPProperties.getPassiveUserRoleMapper())) {
                            log.info("Mapping role {} to {}", obj, LDAPProperties.DEFAULT_PASSIVEUSER_ROLE);
                            arrayList.add(getAuthority(LDAPProperties.DEFAULT_PASSIVEUSER_ROLE));
                        }
                        if (obj.equals(lDAPProperties.getSuperUserRoleMapper())) {
                            log.info("Mapping role {} to {}", obj, LDAPProperties.DEFAULT_SUPERUSER_ROLE);
                            arrayList.add(getAuthority(LDAPProperties.DEFAULT_SUPERUSER_ROLE));
                        }
                    }
                }
                autoClosableInitialLdapContext.close();
                return arrayList;
            } finally {
            }
        } catch (Exception e) {
            log.warn("w-0431 | unable to read user's roles", (Throwable) e);
            throw new UsernameNotFoundException(str);
        }
    }

    private UserDetails getSuperUser(String str) {
        User superUser = this.adminService.getSuperUser(str);
        if (superUser == null) {
            return null;
        }
        return new SmcUserPrincipal(superUser, new Locale(superUser.getDefaultLanguage()), (List) superUser.getRole().stream().map(role -> {
            return new SimpleGrantedAuthority("ROLE_" + role.getName());
        }).collect(Collectors.toList()), false);
    }

    private Optional<String> fromSupportedLanguage(String str, Enumeration<Locale> enumeration) {
        Stream map = StreamSupport.stream(Spliterators.spliteratorUnknownSize(enumeration.asIterator(), 16), false).map(locale -> {
            return locale.getDisplayName(locale);
        });
        Objects.requireNonNull(str);
        return map.filter(str::startsWith).findAny();
    }
}
