package org.linagora.linshare.auth.dao;

import java.io.IOException;
import java.util.Iterator;
import javax.naming.NamingException;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.linagora.linshare.core.domain.entities.AbstractDomain;
import org.linagora.linshare.core.domain.entities.Internal;
import org.linagora.linshare.core.domain.entities.User;
import org.linagora.linshare.core.exception.BusinessException;
import org.linagora.linshare.core.facade.auth.AuthentificationFacade;
import org.linagora.linshare.core.repository.InternalRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/auth/dao/LdapUserDetailsProvider.class */
public class LdapUserDetailsProvider extends UserDetailsProvider {
    private static final Logger logger = LoggerFactory.getLogger(LdapUserDetailsProvider.class);
    private InternalRepository internalRepository;

    public LdapUserDetailsProvider(AuthentificationFacade authentificationFacade, InternalRepository internalRepository) {
        super(authentificationFacade);
        this.internalRepository = internalRepository;
    }

    @Override // org.linagora.linshare.auth.dao.UserDetailsProvider
    public User retrieveUser(String str, String str2) {
        try {
            User findUserInDomainAndSubdomains = str != null ? findUserInDomainAndSubdomains(str2, str) : findUserInAllDomain(str2);
            if (findUserInDomainAndSubdomains.isInternal()) {
                if (findUserInDomainAndSubdomains.getDomain() != null) {
                    return findUserInDomainAndSubdomains;
                }
                logAuthError(findUserInDomainAndSubdomains, str, "Bad credentials");
                logger.error("The user found in the database contain a null domain reference.");
                throw new BadCredentialsException("Could not authenticate user: " + str2);
            }
            logger.debug("Guest found during ldap authentification process.");
            logAuthError(findUserInDomainAndSubdomains, str, "User not found.");
            String str3 = "Guest found : " + findUserInDomainAndSubdomains.getAccountReprentation() + " in domain : '" + str + "'";
            logAuthError(str2, str, str3);
            throw new UsernameNotFoundException(str3);
        } catch (BusinessException e) {
            logger.error("Couldn't find user during authentication process : " + e.getMessage());
            logAuthError(str2, (String) null, e.getMessage());
            throw new AuthenticationServiceException("Could not authenticate user: " + str2);
        }
    }

    private User findUserInDomainAndSubdomains(String str, String str2) throws BusinessException {
        User ldapSearchForAuth;
        logger.debug("The domain was specified at the connection time : " + str2);
        AbstractDomain retrieveDomain = retrieveDomain(str, str2);
        Internal findByLoginAndDomain = this.internalRepository.findByLoginAndDomain(str2, str);
        if (findByLoginAndDomain == null) {
            logger.debug("Can't find the user in the DB. Searching in LDAP.");
            ldapSearchForAuth = this.authentificationFacade.ldapSearchForAuth(retrieveDomain.getIdentifier(), str);
            if (ldapSearchForAuth == null) {
                Iterator<AbstractDomain> it2 = retrieveDomain.getSubdomain().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    AbstractDomain next = it2.next();
                    ldapSearchForAuth = this.authentificationFacade.ldapSearchForAuth(next.getIdentifier(), str);
                    if (ldapSearchForAuth != null) {
                        ldapSearchForAuth.setDomain(next);
                        logger.debug("User found and authenticated in domain " + next.getIdentifier());
                        break;
                    }
                }
            } else {
                ldapSearchForAuth.setDomain(retrieveDomain);
            }
        } else {
            ldapSearchForAuth = checkStillInLdap(str, findByLoginAndDomain);
        }
        if (ldapSearchForAuth != null) {
            logger.debug("User found in ldap : " + ldapSearchForAuth.getAccountReprentation() + " (domain:" + ldapSearchForAuth.getDomainId() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            return ldapSearchForAuth;
        }
        String str3 = "User not found ! Login : '" + str + "' in domain : '" + str2 + "'";
        logAuthError(str, str2, str3);
        throw new UsernameNotFoundException(str3);
    }

    private User findUserInAllDomain(String str) throws BusinessException {
        try {
            User findByLogin = this.internalRepository.findByLogin(str);
            if (findByLogin == null) {
                logger.debug("Can't find the user in DB. Searching user in all LDAP domains.");
                Iterator<AbstractDomain> it2 = this.authentificationFacade.getAllDomains().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    AbstractDomain next = it2.next();
                    findByLogin = this.authentificationFacade.ldapSearchForAuth(next.getIdentifier(), str);
                    if (findByLogin != null) {
                        findByLogin.setDomain(next);
                        logger.debug("User found in domain " + next.getIdentifier());
                        break;
                    }
                }
            } else {
                findByLogin = checkStillInLdap(str, findByLogin);
            }
            if (findByLogin != null) {
                logger.debug("User found in ldap : " + findByLogin.getAccountReprentation() + " (domain:" + findByLogin.getDomainId() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                return findByLogin;
            }
            String str2 = "User not found ! Login : " + str;
            logAuthError(str, (String) null, str2);
            throw new UsernameNotFoundException("No user found for login: " + str2);
        } catch (IllegalStateException e) {
            throw new AuthenticationServiceException("Could not authenticate user: " + str);
        }
    }

    private User checkStillInLdap(String str, User user) throws BusinessException {
        logger.debug("User found in DB : " + user.getAccountReprentation());
        logger.debug("The user domain stored in DB was : " + user.getDomainId());
        if (this.authentificationFacade.ldapSearchForAuth(user.getDomainId(), str) == null) {
            logger.warn("authentication process : the current user does not exist anymore into the LDAP directory : " + user.getAccountReprentation());
            user = null;
        }
        return user;
    }

    public User auth(String str, String str2, String str3) throws NamingException, IOException, BusinessException {
        return this.authentificationFacade.ldapAuth(str, str2, str3);
    }

    public User findOrCreateUser(String str, String str2) throws BusinessException {
        return this.authentificationFacade.findOrCreateUser(str, str2);
    }
}
