package cronapp.framework.authentication.external;

import cronapi.AppConfig;
import cronapp.framework.api.ApiManager;
import cronapp.framework.authentication.security.CronappUserDetails;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

/* loaded from: input_file:cronapp/framework/authentication/external/ActiveDirectoryUserDetailsMapper.class */
public class ActiveDirectoryUserDetailsMapper implements UserDetailsContextMapper {
    private static final Logger logger = Logger.getLogger(UserDetailsContextMapper.class.getName());
    private final String domain;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

    public ActiveDirectoryUserDetailsMapper(String str) {
        this.domain = str;
    }

    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        if (StringUtils.isNotEmpty(AppConfig.groupName())) {
            List asList = Arrays.asList(AppConfig.groupName().split(","));
            if (collection.stream().noneMatch(grantedAuthority -> {
                return asList.stream().anyMatch(str2 -> {
                    return ApiManager.normalize(grantedAuthority.getAuthority()).equals(ApiManager.normalize(str2));
                });
            })) {
                throw new BadCredentialsException(this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
        Attributes attributes = dirContextOperations.getAttributes();
        String attributeString = getAttributeString(attributes, "sAMAccountName");
        String normalize = ApiManager.normalize(attributeString);
        String attributeString2 = getAttributeString(attributes, "mail");
        if (attributeString2 == null) {
            attributeString2 = normalize + "@" + this.domain;
        }
        String normalize2 = ApiManager.normalize(attributeString2);
        Set set = (Set) collection.stream().flatMap(grantedAuthority2 -> {
            return ApiManager.getRoleSecurables(grantedAuthority2.getAuthority()).stream();
        }).map(var -> {
            return var.getStringField(ApiManager.SECURABLE_ATTRIBUTE_NAME);
        }).collect(Collectors.toSet());
        set.addAll((Collection) ApiManager.getUserSecurables(str).stream().map(var2 -> {
            return var2.getStringField(ApiManager.SECURABLE_ATTRIBUTE_NAME);
        }).collect(Collectors.toList()));
        set.addAll((Collection) ApiManager.getAuthenticatedSecurables().stream().map(var3 -> {
            return var3.getStringField(ApiManager.SECURABLE_ATTRIBUTE_NAME);
        }).collect(Collectors.toList()));
        set.addAll((Collection) ApiManager.getPublicSecurables().stream().map(var4 -> {
            return var4.getStringField(ApiManager.SECURABLE_ATTRIBUTE_NAME);
        }).collect(Collectors.toList()));
        Set<GrantedAuthority> set2 = (Set) set.stream().distinct().sorted().map(SimpleGrantedAuthority::new).collect(Collectors.toSet());
        return CronappUserDetails.newBuilder().setName(getAttributeString(attributes, "displayName")).setUserName(attributeString).setNormalizedUserName(normalize).setEmail(attributeString2).setNormalizedEmail(normalize2).setEmailConfirmed(true).setSecurityStamp(UUID.randomUUID().toString()).setPhoneNumber(getAttributeString(attributes, "telephoneNumber")).setPhoneNumberConfirmed(true).setTwoFactorEnabled(false).setLockoutEnd(OffsetDateTime.MIN).setLockoutEnabled(false).setAccessFailedCount(0).setAuthorities(set2).setPayload((Map) Collections.list(attributes.getAll()).stream().collect(Collectors.toMap((v0) -> {
            return v0.getID();
        }, this::getAttributeValue))).build();
    }

    private Object getAttributeValue(Attribute attribute) {
        try {
            return attribute.get();
        } catch (NamingException e) {
            logger.log(Level.SEVERE, String.format("Error reading attribute %s", attribute.getID()), e);
            return null;
        }
    }

    private static String getAttributeString(Attributes attributes, String str) {
        Object attribute = getAttribute(attributes, str);
        if (attribute == null) {
            return null;
        }
        return attribute.toString();
    }

    private static Object getAttribute(Attributes attributes, String str) {
        try {
            Attribute attribute = attributes.get(str);
            if (attribute != null) {
                return attribute.get();
            }
            return null;
        } catch (NamingException e) {
            logger.log(Level.SEVERE, String.format("Error reading attribute %s", str), e);
            return null;
        }
    }

    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
    }
}
