package net.nemerosa.ontrack.extension.ldap;

import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import net.nemerosa.ontrack.model.security.Account;
import net.nemerosa.ontrack.model.security.AccountInput;
import net.nemerosa.ontrack.model.security.AccountService;
import net.nemerosa.ontrack.model.security.AccountUserDetails;
import net.nemerosa.ontrack.model.security.AuthenticatedAccount;
import net.nemerosa.ontrack.model.security.SecurityRole;
import net.nemerosa.ontrack.model.security.SecurityService;
import net.nemerosa.ontrack.model.security.UserSource;
import net.nemerosa.ontrack.model.structure.NameDescription;
import net.nemerosa.ontrack.model.support.ApplicationLogEntry;
import net.nemerosa.ontrack.model.support.ApplicationLogService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.stereotype.Component;

@Component
@Qualifier("ldap")
/* loaded from: input_file:net/nemerosa/ontrack/extension/ldap/LDAPAuthenticationProvider.class */
public class LDAPAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserSource {
    private final AccountService accountService;
    private final LDAPProviderFactory ldapProviderFactory;
    private final LDAPAuthenticationSourceProvider ldapAuthenticationSourceProvider;
    private final SecurityService securityService;
    private final ApplicationLogService applicationLogService;
    private final Map<String, AccountUserDetails> cache = new ConcurrentHashMap();

    @Autowired
    public LDAPAuthenticationProvider(AccountService accountService, LDAPProviderFactory lDAPProviderFactory, LDAPAuthenticationSourceProvider lDAPAuthenticationSourceProvider, SecurityService securityService, ApplicationLogService applicationLogService) {
        this.accountService = accountService;
        this.ldapProviderFactory = lDAPProviderFactory;
        this.ldapAuthenticationSourceProvider = lDAPAuthenticationSourceProvider;
        this.securityService = securityService;
        this.applicationLogService = applicationLogService;
    }

    protected Optional<AuthenticatedAccount> findUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        LdapAuthenticationProvider provider = this.ldapProviderFactory.getProvider();
        if (provider == null) {
            return Optional.empty();
        }
        try {
            Authentication authenticate = provider.authenticate(usernamePasswordAuthenticationToken);
            if (authenticate == null || !authenticate.isAuthenticated()) {
                return Optional.empty();
            }
            String name = authenticate.getName();
            Object principal = authenticate.getPrincipal();
            ExtendedLDAPUserDetails extendedLDAPUserDetails = principal instanceof ExtendedLDAPUserDetails ? (ExtendedLDAPUserDetails) principal : null;
            Optional optional = (Optional) this.securityService.asAdmin(() -> {
                return this.accountService.findUserByNameAndSource(str, this.ldapAuthenticationSourceProvider);
            });
            if (optional.isPresent()) {
                ExtendedLDAPUserDetails extendedLDAPUserDetails2 = extendedLDAPUserDetails;
                return optional.map(account -> {
                    return new AuthenticatedAccount(account, extendedLDAPUserDetails2);
                });
            }
            if (extendedLDAPUserDetails == null) {
                return Optional.of(AuthenticatedAccount.of(Account.of(name, name, "", SecurityRole.USER, this.ldapAuthenticationSourceProvider.getSource())));
            }
            if (!StringUtils.isNotBlank(extendedLDAPUserDetails.getEmail())) {
                return Optional.of(AuthenticatedAccount.of(Account.of(name, extendedLDAPUserDetails.getFullName(), "", SecurityRole.USER, this.ldapAuthenticationSourceProvider.getSource())));
            }
            ExtendedLDAPUserDetails extendedLDAPUserDetails3 = extendedLDAPUserDetails;
            return (Optional) this.securityService.asAdmin(() -> {
                return Optional.of(new AuthenticatedAccount(this.accountService.create(new AccountInput(name, extendedLDAPUserDetails3.getFullName(), extendedLDAPUserDetails3.getEmail(), "", Collections.emptyList()), "ldap"), extendedLDAPUserDetails3));
            });
        } catch (Exception e) {
            this.applicationLogService.log(ApplicationLogEntry.error(e, NameDescription.nd("ldap-authentication", "LDAP Authentication problem"), usernamePasswordAuthenticationToken.getName()));
            return Optional.empty();
        }
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        Optional<AuthenticatedAccount> findUser = findUser(str, usernamePasswordAuthenticationToken);
        AccountService accountService = this.accountService;
        accountService.getClass();
        AccountUserDetails accountUserDetails = (AccountUserDetails) findUser.map(accountService::withACL).map(AccountUserDetails::new).orElseThrow(() -> {
            return new UsernameNotFoundException(String.format("User %s cannot be found", str));
        });
        this.cache.put(str, accountUserDetails);
        return accountUserDetails;
    }

    public Optional<AccountUserDetails> loadUser(String str) {
        return Optional.ofNullable(this.cache.get(str));
    }

    public void onLogout(String str) {
        this.cache.remove(str);
    }
}
