package org.linagora.linshare.auth.dao;

import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linagora.linshare.auth.RoleProvider;
import org.linagora.linshare.core.domain.entities.User;
import org.linagora.linshare.core.exception.BusinessException;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/auth/dao/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final Log logger = LogFactory.getLog(LdapAuthenticationProvider.class);
    private LdapUserDetailsProvider ldapUserDetailsProvider;

    public LdapAuthenticationProvider(LdapUserDetailsProvider ldapUserDetailsProvider) {
        this.ldapUserDetailsProvider = ldapUserDetailsProvider;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        this.ldapUserDetailsProvider.logAuthSuccess(userDetails.getUsername());
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        logger.debug("Retrieving user detail for ldap authentication with login : " + str);
        String str2 = null;
        String str3 = (String) usernamePasswordAuthenticationToken.getCredentials();
        if (str3.isEmpty()) {
            this.ldapUserDetailsProvider.logAuthError(str, (String) null, "User password is empty, authentification failed");
            logger.error("User password is empty, authentification failed");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        try {
            if (usernamePasswordAuthenticationToken.getDetails() != null && (usernamePasswordAuthenticationToken.getDetails() instanceof String)) {
                str2 = (String) usernamePasswordAuthenticationToken.getDetails();
            }
            User retrieveUser = this.ldapUserDetailsProvider.retrieveUser(str2, str);
            try {
                this.ldapUserDetailsProvider.auth(retrieveUser.getDomainId(), retrieveUser.getMail(), str3);
                try {
                    User findOrCreateUser = this.ldapUserDetailsProvider.findOrCreateUser(retrieveUser.getDomainId(), retrieveUser.getMail());
                    return new org.springframework.security.core.userdetails.User(findOrCreateUser.getLsUuid(), "", true, true, true, true, (Collection<? extends GrantedAuthority>) RoleProvider.getRoles(findOrCreateUser));
                } catch (BusinessException e) {
                    logger.error(e);
                    throw new AuthenticationServiceException("Could not create user account : " + retrieveUser.getDomainId() + " : " + retrieveUser.getMail(), e);
                }
            } catch (BadCredentialsException e2) {
                logger.debug("Authentication failed: password does not match stored value");
                this.ldapUserDetailsProvider.logAuthError(retrieveUser, retrieveUser.getDomainId(), "Bad credentials.");
                logger.error("Bad credentials.");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), retrieveUser);
            } catch (Exception e3) {
                logger.error(e3.getMessage());
                throw new AuthenticationServiceException("Could not authenticate user : " + retrieveUser.getDomainId() + " : " + retrieveUser.getMail(), e3);
            }
        } catch (DataAccessException e4) {
            throw new AuthenticationServiceException(e4.getMessage(), e4);
        }
    }
}
