package com.atlassian.crowd.plugin.application.springsecurity;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider;
import com.atlassian.crowd.integration.springsecurity.CrowdSSOTokenInvalidException;
import com.atlassian.crowd.integration.springsecurity.user.CrowdDataAccessException;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.authentication.TokenAuthenticationManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.service.soap.ObjectTranslator;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/atlassian/crowd/plugin/application/springsecurity/LocalCrowdAuthenticationProvider.class */
public class LocalCrowdAuthenticationProvider extends CrowdAuthenticationProvider {
    private static final Log logger = LogFactory.getLog(LocalCrowdAuthenticationProvider.class);
    private static final String ROLE_PREFIX = "ROLE_";
    private final ApplicationManager applicationManager;
    private final ApplicationService applicationService;
    private final TokenAuthenticationManager tokenAuthenticationManager;

    public LocalCrowdAuthenticationProvider(Application application, ApplicationService applicationService, ApplicationManager applicationManager, TokenAuthenticationManager tokenAuthenticationManager) {
        super(application.getName());
        this.applicationService = applicationService;
        this.applicationManager = applicationManager;
        this.tokenAuthenticationManager = tokenAuthenticationManager;
    }

    protected boolean isAuthenticated(String str, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, ApplicationAccessDeniedException, RemoteException {
        try {
            this.tokenAuthenticationManager.validateUserToken(str, validationFactorArr, this.applicationName);
            return true;
        } catch (com.atlassian.crowd.manager.application.ApplicationAccessDeniedException e) {
            throw new ApplicationAccessDeniedException(e);
        } catch (InvalidTokenException e2) {
            return false;
        } catch (OperationFailedException e3) {
            throw new RemoteException(e3.getMessage(), e3);
        }
    }

    protected String authenticate(String str, String str2, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, RemoteException, ExpiredCredentialException {
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setName(str);
        userAuthenticationContext.setCredential(new PasswordCredential(str2));
        userAuthenticationContext.setApplication(this.applicationName);
        userAuthenticationContext.setValidationFactors(validationFactorArr);
        try {
            return this.tokenAuthenticationManager.authenticateUser(userAuthenticationContext).getRandomHash();
        } catch (ApplicationNotFoundException e) {
            throw new InvalidAuthorizationTokenException(e);
        } catch (com.atlassian.crowd.manager.application.ApplicationAccessDeniedException e2) {
            throw new ApplicationAccessDeniedException(e2);
        } catch (OperationFailedException e3) {
            throw new RemoteException(e3.getMessage(), e3);
        }
    }

    protected CrowdUserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        try {
            SOAPPrincipal processUser = ObjectTranslator.processUser(this.applicationService.findUserByName(getApplication(), str));
            return new CrowdUserDetails(processUser, findGrantedAuthorities(processUser.getName()));
        } catch (ApplicationNotFoundException e) {
            throw new CrowdDataAccessException(e);
        } catch (UserNotFoundException e2) {
            throw new UsernameNotFoundException("User " + str + " not found under application: " + this.applicationName, e2);
        }
    }

    protected CrowdUserDetails loadUserByToken(String str) throws CrowdSSOTokenInvalidException, DataAccessException {
        try {
            SOAPPrincipal processUser = ObjectTranslator.processUser(this.tokenAuthenticationManager.findUserByToken(str, getApplication().getName()));
            return new CrowdUserDetails(processUser, findGrantedAuthorities(processUser.getName()));
        } catch (ApplicationNotFoundException e) {
            throw new CrowdDataAccessException(e);
        } catch (InvalidTokenException e2) {
            throw new CrowdSSOTokenInvalidException("Invalid token: " + str, e2);
        } catch (OperationFailedException e3) {
            throw new CrowdDataAccessException(e3);
        }
    }

    private GrantedAuthority[] findGrantedAuthorities(String str) throws ApplicationNotFoundException {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.applicationService.searchNestedGroupRelationships(getApplication(), QueryBuilder.queryFor(String.class, EntityDescriptor.user()).childrenOf(EntityDescriptor.group(GroupType.GROUP)).withName(str).returningAtMost(-1)).iterator();
        while (it.hasNext()) {
            arrayList.add(new GrantedAuthorityImpl(ROLE_PREFIX + ((String) it.next())));
        }
        return (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]);
    }

    private boolean isLowerCaseOutput() {
        boolean z = false;
        try {
            z = getApplication().isLowerCaseOutput();
        } catch (ApplicationNotFoundException e) {
        }
        return z;
    }

    private Application getApplication() throws ApplicationNotFoundException {
        return this.applicationManager.findByName(this.applicationName);
    }
}
