package com.atlassian.crowd.plugin.application.springsecurity;

import com.atlassian.crowd.integration.authentication.PasswordCredential;
import com.atlassian.crowd.integration.authentication.UserAuthenticationContext;
import com.atlassian.crowd.integration.authentication.ValidationFactor;
import com.atlassian.crowd.integration.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.integration.exception.DirectoryAccessException;
import com.atlassian.crowd.integration.exception.ExpiredCredentialException;
import com.atlassian.crowd.integration.exception.InactiveAccountException;
import com.atlassian.crowd.integration.exception.InvalidAuthenticationException;
import com.atlassian.crowd.integration.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.integration.exception.InvalidTokenException;
import com.atlassian.crowd.integration.exception.ObjectNotFoundException;
import com.atlassian.crowd.integration.model.group.GroupType;
import com.atlassian.crowd.integration.service.soap.ObjectTranslator;
import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider;
import com.atlassian.crowd.integration.springsecurity.CrowdSSOTokenInvalidException;
import com.atlassian.crowd.integration.springsecurity.user.CrowdDataAccessException;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/atlassian/crowd/plugin/application/springsecurity/LocalCrowdAuthenticationProvider.class */
public class LocalCrowdAuthenticationProvider extends CrowdAuthenticationProvider {
    private static final Log logger = LogFactory.getLog(LocalCrowdAuthenticationProvider.class);
    private static final String ROLE_PREFIX = "ROLE_";
    private final ApplicationManager applicationManager;
    private final ApplicationService applicationService;
    private final DirectoryManager directoryManager;

    public LocalCrowdAuthenticationProvider(Application application, ApplicationService applicationService, ApplicationManager applicationManager, DirectoryManager directoryManager) {
        super(application.getName());
        this.applicationService = applicationService;
        this.applicationManager = applicationManager;
        this.directoryManager = directoryManager;
    }

    protected boolean isAuthenticated(String str, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, ApplicationAccessDeniedException, RemoteException {
        try {
            this.applicationService.validateUserToken(str, validationFactorArr, this.applicationName);
            return true;
        } catch (com.atlassian.crowd.manager.application.ApplicationAccessDeniedException e) {
            throw new ApplicationAccessDeniedException(e);
        } catch (DirectoryAccessException e2) {
            throw new RemoteException(e2.getMessage(), e2);
        } catch (InvalidTokenException e3) {
            return false;
        }
    }

    protected String authenticate(String str, String str2, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, RemoteException, ExpiredCredentialException {
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setName(str);
        userAuthenticationContext.setCredential(new PasswordCredential(str2));
        userAuthenticationContext.setApplication(this.applicationName);
        userAuthenticationContext.setValidationFactors(validationFactorArr);
        try {
            return this.applicationService.authenticateUser(userAuthenticationContext).getRandomHash();
        } catch (com.atlassian.crowd.manager.application.ApplicationAccessDeniedException e) {
            throw new ApplicationAccessDeniedException(e);
        } catch (DirectoryAccessException e2) {
            throw new RemoteException(e2.getMessage(), e2);
        }
    }

    protected CrowdUserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        try {
            Application application = getApplication();
            SOAPPrincipal processUser = ObjectTranslator.processUser(this.applicationService.findUserByName(application, str), application.isLowerCaseOutput());
            return new CrowdUserDetails(processUser, findGrantedAuthorities(processUser.getName()));
        } catch (ObjectNotFoundException e) {
            throw new UsernameNotFoundException("User " + str + " not found under application: " + this.applicationName, e);
        } catch (DirectoryAccessException e2) {
            throw new CrowdDataAccessException(e2);
        }
    }

    protected CrowdUserDetails loadUserByToken(String str) throws CrowdSSOTokenInvalidException, DataAccessException {
        try {
            SOAPPrincipal processUser = ObjectTranslator.processUser(this.directoryManager.findUserByToken(str), isLowerCaseOutput());
            return new CrowdUserDetails(processUser, findGrantedAuthorities(processUser.getName()));
        } catch (InvalidTokenException e) {
            throw new CrowdSSOTokenInvalidException("Invalid token: " + str, e);
        } catch (DirectoryAccessException e2) {
            throw new CrowdDataAccessException(e2);
        }
    }

    private GrantedAuthority[] findGrantedAuthorities(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = this.applicationService.searchNestedGroupRelationships(getApplication(), QueryBuilder.queryFor(EntityDescriptor.user()).membersOf(EntityDescriptor.group(GroupType.GROUP)).withName(str).returningAtMost(-1).asNames()).iterator();
            while (it.hasNext()) {
                arrayList.add(new GrantedAuthorityImpl(ROLE_PREFIX + ObjectTranslator.processDirectoryEntityName((String) it.next(), isLowerCaseOutput())));
            }
        } catch (DirectoryAccessException e) {
            logger.info("Could not find group memberships for user " + str + " as application: " + this.applicationName, e);
        } catch (ObjectNotFoundException e2) {
            logger.info("Could not find group memberships for user " + str + " as application: " + this.applicationName, e2);
        }
        return (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]);
    }

    protected boolean isLowerCaseOutput() {
        boolean z = false;
        try {
            z = this.applicationManager.findByName(this.applicationName).isLowerCaseOutput();
        } catch (ObjectNotFoundException e) {
        }
        return z;
    }

    protected Application getApplication() throws ObjectNotFoundException {
        return this.applicationManager.findByName(this.applicationName);
    }
}
