package org.linagora.linshare.auth.dao;

import java.util.Collection;
import org.linagora.linshare.auth.RoleProvider;
import org.linagora.linshare.core.domain.entities.User;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/auth/dao/DatabaseAuthenticationProvider.class */
public class DatabaseAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
    private DatabaseUserDetailsProvider userDetailsProvider;

    public DatabaseAuthenticationProvider(DatabaseUserDetailsProvider databaseUserDetailsProvider) {
        this.userDetailsProvider = databaseUserDetailsProvider;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        this.userDetailsProvider.logAuthSuccess(userDetails.getUsername());
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void doAfterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsProvider, "A userDetailsProvider must be set");
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected final UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (str == null || str.length() == 0) {
            throw new UsernameNotFoundException("username must not be null");
        }
        this.logger.debug("Trying to load '" + str + "' account detail ...");
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        try {
            String str2 = null;
            String str3 = null;
            if (usernamePasswordAuthenticationToken.getDetails() != null && (usernamePasswordAuthenticationToken.getDetails() instanceof String)) {
                str3 = (String) usernamePasswordAuthenticationToken.getDetails();
            }
            User retrieveUser = this.userDetailsProvider.retrieveUser(str3, str);
            if (retrieveUser != null) {
                this.logger.debug("Account in database found : " + retrieveUser.getAccountReprentation());
                str2 = retrieveUser.getPassword();
                if (str2 != null && str2.equals("")) {
                    str2 = null;
                }
                if (retrieveUser.isInternal()) {
                    this.logger.debug("Can not authenticate this user with the current provider : Internal user found");
                    throw new UsernameNotFoundException("Account not found");
                }
            }
            if (retrieveUser == null || str2 == null || retrieveUser.hasSystemAccountRole()) {
                this.logger.debug("Account not found");
                throw new UsernameNotFoundException("Account not found");
            }
            if (this.passwordEncoder.isPasswordValid(str2, usernamePasswordAuthenticationToken.getCredentials().toString(), null)) {
                return new org.springframework.security.core.userdetails.User(retrieveUser.getLsUuid(), "", true, true, true, true, (Collection<? extends GrantedAuthority>) RoleProvider.getRoles(retrieveUser));
            }
            this.logger.debug("Authentication failed: password does not match stored value");
            this.userDetailsProvider.logAuthError(retrieveUser, retrieveUser.getDomainId(), "Bad credentials.");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), retrieveUser);
        } catch (DataAccessException e) {
            throw new AuthenticationServiceException(e.getMessage(), e);
        }
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
}
