package org.linagora.linshare.auth;

import java.io.IOException;
import javax.naming.NamingException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linagora.linshare.auth.exceptions.BadDomainException;
import org.linagora.linshare.core.domain.constants.AccountType;
import org.linagora.linshare.core.domain.entities.AbstractDomain;
import org.linagora.linshare.core.domain.entities.User;
import org.linagora.linshare.core.exception.BusinessException;
import org.linagora.linshare.core.service.AbstractDomainService;
import org.linagora.linshare.core.service.UserService;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/auth/DomainAuthProviderDao.class */
public class DomainAuthProviderDao extends AbstractUserDetailsAuthenticationProvider {
    private UserService userService;
    private AbstractDomainService abstractDomainService;
    private static final Log logger = LogFactory.getLog(DomainAuthProviderDao.class);

    public AbstractDomainService getAbstractDomainService() {
        return this.abstractDomainService;
    }

    public void setAbstractDomainService(AbstractDomainService abstractDomainService) {
        this.abstractDomainService = abstractDomainService;
    }

    public UserService getUserService() {
        return this.userService;
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        logger.debug("Retrieving user detail for ldap authentication : " + str);
        String str2 = (String) usernamePasswordAuthenticationToken.getCredentials();
        if (str2.isEmpty()) {
            logger.debug("User password is empty, authentification failed");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String str3 = null;
        if (usernamePasswordAuthenticationToken.getDetails() != null && (usernamePasswordAuthenticationToken.getDetails() instanceof String)) {
            str3 = (String) usernamePasswordAuthenticationToken.getDetails();
        }
        User user = null;
        if (str3 != null) {
            logger.debug("The domain was specified at the connection time : " + str3);
            try {
                user = this.abstractDomainService.auth(this.abstractDomainService.retrieveDomain(str3), str, str2);
                if (user == null) {
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), str3);
                }
            } catch (NameNotFoundException e) {
                logger.debug("Can't find the user in the directory. Search in DB.");
                User findUserInDB = this.userService.findUserInDB(str3, str);
                if (findUserInDB == null || findUserInDB.getAccountType().equals(AccountType.INTERNAL) || !str3.equals(findUserInDB.getDomainId())) {
                    logger.debug("Can't find the user in DB, BadDomainException for : " + str3);
                    throw new BadDomainException(e.getMessage(), str3);
                }
                logger.debug("User found in DB but authentification failed");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), str3);
            } catch (Exception e2) {
                throw new AuthenticationServiceException("Could not authenticate user: " + str, e2);
            }
        }
        if (str3 == null && str.indexOf("@") != -1) {
            try {
                user = this.userService.findUnkownUserInDB(str);
                if (user == null) {
                    logger.debug("Can't find the user in DB. Searching user in all domains.");
                    for (AbstractDomain abstractDomain : this.abstractDomainService.getAllDomains()) {
                        try {
                            user = this.abstractDomainService.auth(abstractDomain, str, str2);
                        } catch (IOException e3) {
                            logger.error(e3);
                        } catch (NameNotFoundException e4) {
                            logger.error(e4);
                        } catch (NamingException e5) {
                            logger.error(e5);
                        }
                        if (user != null) {
                            str3 = abstractDomain.getIdentifier();
                            logger.debug("User found in domain " + str3);
                            break;
                        }
                    }
                } else {
                    logger.debug("User found in DB : " + user.getMail());
                    if (user.getDomain() == null) {
                        logger.error("The user found in the database contain a null domain reference.");
                        throw new BadCredentialsException("Could not retrieve user : " + str);
                    }
                    str3 = user.getDomain().getIdentifier();
                    try {
                        logger.debug("The user domain stored in DB was : " + str3);
                        user = this.abstractDomainService.auth(user.getDomain(), str, str2);
                    } catch (NameNotFoundException e6) {
                        throw new BadDomainException("Could not retrieve user : " + str + " in domain : " + str3, (Throwable) e6);
                    } catch (NamingException e7) {
                        throw new BadCredentialsException("Could not retrieve user : " + str + " in domain : " + str3, (Throwable) e7);
                    } catch (IOException e8) {
                        throw new AuthenticationServiceException("Could not retrieve user : " + str + " in domain : " + str3, e8);
                    }
                }
            } catch (BusinessException e9) {
                throw new AuthenticationServiceException("Could not retrieve user : " + str + " in domain : " + str3, e9);
            }
        }
        if (user == null || str3 == null) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials, no domain specified and user found in no domain"), str3);
        }
        try {
            User findOrCreateUser = this.userService.findOrCreateUser(user.getMail(), str3);
            if (!str3.equals(findOrCreateUser.getDomainId())) {
                throw new BadDomainException("User " + findOrCreateUser.getMail() + " was found but not in the domain referenced in DB (DB: " + findOrCreateUser.getDomainId() + ", found: " + str3);
            }
            return new org.springframework.security.core.userdetails.User(findOrCreateUser.getLsUuid(), "", true, true, true, true, (GrantedAuthority[]) RoleProvider.getRoles(findOrCreateUser).toArray(new GrantedAuthority[0]));
        } catch (BusinessException e10) {
            logger.error(e10);
            throw new AuthenticationServiceException("Could not create user account: " + user.getMail(), e10);
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider, org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported"));
        String name = authentication.getPrincipal() == null ? "NONE_PROVIDED" : authentication.getName();
        boolean z = true;
        UserDetails userFromCache = getUserCache().getUserFromCache(name);
        if (userFromCache == null) {
            z = false;
            try {
                userFromCache = retrieveUser(name, (UsernamePasswordAuthenticationToken) authentication);
                Assert.notNull(userFromCache, "retrieveUser returned null - a violation of the interface contract");
            } catch (UsernameNotFoundException e) {
                if (this.hideUserNotFoundExceptions) {
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                throw e;
            }
        }
        getPreAuthenticationChecks().check(userFromCache);
        try {
            additionalAuthenticationChecks(userFromCache, (UsernamePasswordAuthenticationToken) authentication);
        } catch (AuthenticationException e2) {
            if (!z) {
                throw e2;
            }
            z = false;
            userFromCache = retrieveUser(name, (UsernamePasswordAuthenticationToken) authentication);
            additionalAuthenticationChecks(userFromCache, (UsernamePasswordAuthenticationToken) authentication);
        }
        getPostAuthenticationChecks().check(userFromCache);
        if (!z) {
            getUserCache().putUserInCache(userFromCache);
        }
        UserDetails userDetails = userFromCache;
        if (isForcePrincipalAsString()) {
            userDetails = userFromCache.getUsername();
        }
        return createSuccessAuthentication(userDetails, authentication, userFromCache);
    }
}
