package de.terrestris.shogun2.security;

import de.terrestris.shogun2.dao.UserDao;
import de.terrestris.shogun2.model.Role;
import de.terrestris.shogun2.model.User;
import de.terrestris.shogun2.model.UserGroup;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:de/terrestris/shogun2/security/Shogun2AuthenticationProvider.class */
public class Shogun2AuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOG = Logger.getLogger(Shogun2AuthenticationProvider.class);

    @Autowired
    private UserDao<User> userDao;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Transactional(value = "transactionManager", readOnly = true)
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken;
        String name = authentication.getName();
        String str = (String) authentication.getCredentials();
        LOG.debug("Trying to authenticate User '" + name + "'");
        User findByAccountName = this.userDao.findByAccountName(name);
        HashSet hashSet = new HashSet();
        if (findByAccountName == null) {
            LOG.warn("No user for account name '" + name + "' could be found.");
            throw new UsernameNotFoundException("User and password do not match.");
        }
        if (!findByAccountName.isActive()) {
            LOG.warn("The user with the account name '" + name + "' is not active.");
            throw new DisabledException("User and password do not match.");
        }
        String password = findByAccountName.getPassword();
        if (!this.passwordEncoder.matches(str, password)) {
            LOG.warn("The given password for user '" + name + "' does not match.");
            throw new BadCredentialsException("User and password do not match.");
        }
        Iterator<Role> it = getAllUserRoles(findByAccountName).iterator();
        while (it.hasNext()) {
            hashSet.add(new SimpleGrantedAuthority(it.next().getName()));
        }
        if (hashSet.isEmpty()) {
            LOG.warn("The user '" + name + "' has no authorities and will thereby NOT be authenticated.");
            usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(findByAccountName, password);
        } else {
            usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(findByAccountName, password, hashSet);
            LOG.debug("The user '" + name + "' got the following (explicit) roles: " + StringUtils.join(getRawRoleNames(hashSet), ", "));
        }
        LOG.info("The user '" + name + "' " + (usernamePasswordAuthenticationToken.isAuthenticated() ? "has succesfully" : "has NOT") + " been authenticated.");
        return usernamePasswordAuthenticationToken;
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    private Set<Role> getAllUserRoles(User user) {
        HashSet hashSet = new HashSet();
        if (user != null) {
            hashSet.addAll(user.getRoles());
        }
        Set<UserGroup> userGroups = user.getUserGroups();
        if (userGroups != null) {
            Iterator<UserGroup> it = userGroups.iterator();
            while (it.hasNext()) {
                hashSet.addAll(it.next().getRoles());
            }
        }
        return hashSet;
    }

    private Set<String> getRawRoleNames(Set<GrantedAuthority> set) {
        HashSet hashSet = new HashSet();
        Iterator<GrantedAuthority> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getAuthority());
        }
        return hashSet;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
}
