package net.nemerosa.ontrack.extension.ldap;

import java.util.Set;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import net.nemerosa.ontrack.model.security.Account;
import net.nemerosa.ontrack.model.security.AccountInput;
import net.nemerosa.ontrack.model.security.AccountOntrackUser;
import net.nemerosa.ontrack.model.security.AccountService;
import net.nemerosa.ontrack.model.security.OntrackAuthenticatedUser;
import net.nemerosa.ontrack.model.security.OntrackUser;
import net.nemerosa.ontrack.model.security.ProvidedGroupsService;
import net.nemerosa.ontrack.model.security.SecurityService;
import net.nemerosa.ontrack.model.structure.NameDescription;
import net.nemerosa.ontrack.model.support.ApplicationLogEntry;
import net.nemerosa.ontrack.model.support.ApplicationLogService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.stereotype.Component;

/* compiled from: LDAPCachedAuthenticationProvider.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\b\u0017\u0018��2\u00020\u0001B-\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0014J\u0018\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u000f\u001a\u00020\u0017H\u0012J\u001f\u0010\u0018\u001a\u0004\u0018\u00010\u00142\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0011\u001a\u00020\u0012H\u0010¢\u0006\u0002\b\u001bJ\u001a\u0010\u001c\u001a\u0004\u0018\u00010\u00142\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u000f\u001a\u00020\u0017H\u0012J\u0018\u0010\u001d\u001a\u00020\u00102\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0011\u001a\u00020\u0012H\u0014R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\tX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"Lnet/nemerosa/ontrack/extension/ldap/LDAPCachedAuthenticationProvider;", "Lorg/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider;", "accountService", "Lnet/nemerosa/ontrack/model/security/AccountService;", "ldapProviderFactory", "Lnet/nemerosa/ontrack/extension/ldap/LDAPProviderFactory;", "securityService", "Lnet/nemerosa/ontrack/model/security/SecurityService;", "applicationLogService", "Lnet/nemerosa/ontrack/model/support/ApplicationLogService;", "providedGroupsService", "Lnet/nemerosa/ontrack/model/security/ProvidedGroupsService;", "(Lnet/nemerosa/ontrack/model/security/AccountService;Lnet/nemerosa/ontrack/extension/ldap/LDAPProviderFactory;Lnet/nemerosa/ontrack/model/security/SecurityService;Lnet/nemerosa/ontrack/model/support/ApplicationLogService;Lnet/nemerosa/ontrack/model/security/ProvidedGroupsService;)V", "additionalAuthenticationChecks", LDAPSettings.DEFAULT_GROUP_SEARCH_BASE, "userDetails", "Lorg/springframework/security/core/userdetails/UserDetails;", "authentication", "Lorg/springframework/security/authentication/UsernamePasswordAuthenticationToken;", "createOntrackAuthenticatedUser", "Lnet/nemerosa/ontrack/model/security/OntrackAuthenticatedUser;", "account", "Lnet/nemerosa/ontrack/model/security/Account;", "Lnet/nemerosa/ontrack/extension/ldap/ExtendedLDAPUserDetails;", "findUser", "username", LDAPSettings.DEFAULT_GROUP_SEARCH_BASE, "findUser$ontrack_extension_ldap", "getOrCreateAccount", "retrieveUser", "ontrack-extension-ldap"})
@Component
/* loaded from: input_file:net/nemerosa/ontrack/extension/ldap/LDAPCachedAuthenticationProvider.class */
public class LDAPCachedAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

    @NotNull
    private final AccountService accountService;

    @NotNull
    private final LDAPProviderFactory ldapProviderFactory;

    @NotNull
    private final SecurityService securityService;

    @NotNull
    private final ApplicationLogService applicationLogService;

    @NotNull
    private final ProvidedGroupsService providedGroupsService;

    public LDAPCachedAuthenticationProvider(@NotNull AccountService accountService, @NotNull LDAPProviderFactory lDAPProviderFactory, @NotNull SecurityService securityService, @NotNull ApplicationLogService applicationLogService, @NotNull ProvidedGroupsService providedGroupsService) {
        Intrinsics.checkNotNullParameter(accountService, "accountService");
        Intrinsics.checkNotNullParameter(lDAPProviderFactory, "ldapProviderFactory");
        Intrinsics.checkNotNullParameter(securityService, "securityService");
        Intrinsics.checkNotNullParameter(applicationLogService, "applicationLogService");
        Intrinsics.checkNotNullParameter(providedGroupsService, "providedGroupsService");
        this.accountService = accountService;
        this.ldapProviderFactory = lDAPProviderFactory;
        this.securityService = securityService;
        this.applicationLogService = applicationLogService;
        this.providedGroupsService = providedGroupsService;
    }

    @Nullable
    public OntrackAuthenticatedUser findUser$ontrack_extension_ldap(@NotNull String str, @NotNull UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        Authentication authentication;
        Intrinsics.checkNotNullParameter(str, "username");
        Intrinsics.checkNotNullParameter(usernamePasswordAuthenticationToken, "authentication");
        LdapAuthenticationProvider provider = this.ldapProviderFactory.getProvider();
        if (provider == null) {
            return (OntrackAuthenticatedUser) null;
        }
        try {
            authentication = provider.authenticate((Authentication) usernamePasswordAuthenticationToken);
        } catch (Exception e) {
            this.applicationLogService.log(ApplicationLogEntry.error(e, NameDescription.Companion.nd("ldap-authentication", "LDAP Authentication problem"), usernamePasswordAuthenticationToken.getName()));
            authentication = (Authentication) null;
        }
        Authentication authentication2 = authentication;
        if (authentication2 == null || !authentication2.isAuthenticated()) {
            return (OntrackAuthenticatedUser) null;
        }
        String name = authentication2.getName();
        Object principal = authentication2.getPrincipal();
        if (!(principal instanceof ExtendedLDAPUserDetails)) {
            throw new LDAPMissingDetailsException();
        }
        ExtendedLDAPUserDetails extendedLDAPUserDetails = (ExtendedLDAPUserDetails) principal;
        Intrinsics.checkNotNullExpressionValue(name, "name");
        return getOrCreateAccount(name, extendedLDAPUserDetails);
    }

    private OntrackAuthenticatedUser getOrCreateAccount(final String str, final ExtendedLDAPUserDetails extendedLDAPUserDetails) {
        Account account = (Account) this.securityService.asAdmin(new Function0<Account>() { // from class: net.nemerosa.ontrack.extension.ldap.LDAPCachedAuthenticationProvider$getOrCreateAccount$existingAccount$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Nullable
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final Account m4invoke() {
                AccountService accountService;
                accountService = LDAPCachedAuthenticationProvider.this.accountService;
                return accountService.findAccountByName(str);
            }
        });
        if (account != null) {
            if (Intrinsics.areEqual(account.getAuthenticationSource(), LDAPAuthenticationSourceProvider.Companion.getSOURCE())) {
                return createOntrackAuthenticatedUser(account, extendedLDAPUserDetails);
            }
            throw new LDAPNotALDAPAccountException(str);
        }
        if (!(!StringsKt.isBlank(extendedLDAPUserDetails.getEmail()))) {
            throw new LDAPEmailRequiredException();
        }
        Account account2 = (Account) this.securityService.asAdmin(new Function0<Account>() { // from class: net.nemerosa.ontrack.extension.ldap.LDAPCachedAuthenticationProvider$getOrCreateAccount$account$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final Account m3invoke() {
                AccountService accountService;
                accountService = LDAPCachedAuthenticationProvider.this.accountService;
                return accountService.create(new AccountInput(str, extendedLDAPUserDetails.getFullName(), extendedLDAPUserDetails.getEmail(), LDAPSettings.DEFAULT_GROUP_SEARCH_BASE, CollectionsKt.emptyList(), false, false), LDAPAuthenticationSourceProvider.Companion.getSOURCE());
            }
        });
        Intrinsics.checkNotNullExpressionValue(account2, "account");
        return createOntrackAuthenticatedUser(account2, extendedLDAPUserDetails);
    }

    private OntrackAuthenticatedUser createOntrackAuthenticatedUser(final Account account, ExtendedLDAPUserDetails extendedLDAPUserDetails) {
        OntrackUser accountOntrackUser = new AccountOntrackUser(account);
        final Set set = CollectionsKt.toSet(extendedLDAPUserDetails.getGroups());
        this.securityService.asAdmin(new Function0<Unit>() { // from class: net.nemerosa.ontrack.extension.ldap.LDAPCachedAuthenticationProvider$createOntrackAuthenticatedUser$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            public final void invoke() {
                ProvidedGroupsService providedGroupsService;
                providedGroupsService = LDAPCachedAuthenticationProvider.this.providedGroupsService;
                providedGroupsService.saveProvidedGroups(account.id(), LDAPAuthenticationSourceProvider.Companion.getSOURCE(), set);
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m2invoke() {
                invoke();
                return Unit.INSTANCE;
            }
        });
        OntrackAuthenticatedUser withACL = this.accountService.withACL(accountOntrackUser);
        Intrinsics.checkNotNullExpressionValue(withACL, "accountService.withACL(user)");
        return withACL;
    }

    protected void additionalAuthenticationChecks(@NotNull UserDetails userDetails, @NotNull UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        Intrinsics.checkNotNullParameter(userDetails, "userDetails");
        Intrinsics.checkNotNullParameter(usernamePasswordAuthenticationToken, "authentication");
    }

    @NotNull
    protected UserDetails retrieveUser(@NotNull String str, @NotNull UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        Intrinsics.checkNotNullParameter(str, "username");
        Intrinsics.checkNotNullParameter(usernamePasswordAuthenticationToken, "authentication");
        UserDetails findUser$ontrack_extension_ldap = findUser$ontrack_extension_ldap(str, usernamePasswordAuthenticationToken);
        if (findUser$ontrack_extension_ldap != null) {
            return findUser$ontrack_extension_ldap;
        }
        throw new AuthenticationServiceException("Cannot authenticate against LDAP");
    }
}
