package com.netsync.smp.web.security;

import com.netsync.smp.domain.User;
import com.netsync.smp.logic.ApplicationUserPermissionsDataFacade;
import com.netsync.smp.logic.UserDataFacade;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:WEB-INF/classes/com/netsync/smp/web/security/SmpAuthenticationManager.class */
public class SmpAuthenticationManager implements AuthenticationManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SmpAuthenticationManager.class);

    @Value("${users.system_admin.username}")
    protected String username;

    @Value("${users.system_admin.password}")
    protected String password;

    @Value("${ldap.domain}")
    protected String ldapDomain;

    @Value("${ldap.hostname}")
    protected String ldapHostname;

    @Value("${ldap.port}")
    protected String ldapPort;

    @Value("${ldap.searchFilter:}")
    protected String ldapSearchFilter;

    @Value("${ldap.useFqdnForSearch:}")
    protected String useFqdnForSearch;

    @Value("${ldap.disabled:false}")
    protected boolean ldapDisabled;
    protected UserDataFacade userFacade;
    protected ApplicationUserPermissionsDataFacade permissionFacade;
    protected SmpActiveDirectoryLdapAuthenticationProvider provider;

    @Autowired
    public SmpAuthenticationManager(UserDataFacade userDataFacade, ApplicationUserPermissionsDataFacade applicationUserPermissionsDataFacade) {
        this.userFacade = userDataFacade;
        this.permissionFacade = applicationUserPermissionsDataFacade;
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        log.info("User trying auth: " + authentication.getPrincipal().toString());
        User findOneByUserId = this.userFacade.findOneByUserId(authentication.getPrincipal().toString());
        if (null == findOneByUserId || (!isValidSmpUser(authentication, findOneByUserId) && (this.ldapDisabled || !isValidLdapUser(authentication)))) {
            throw new BadCredentialsException("Invalid username / password");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleGrantedAuthority(SmpRoles.User.toString()));
        if (findOneByUserId.isAdmin()) {
            arrayList.add(new SimpleGrantedAuthority(SmpRoles.Admin.toString()));
        }
        if (this.permissionFacade.getHasEditPermissions(findOneByUserId)) {
            arrayList.add(new SimpleGrantedAuthority(SmpRoles.Supervisor.toString()));
        }
        return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), arrayList);
    }

    public SmpActiveDirectoryLdapAuthenticationProvider authProvider() {
        if (null == this.provider) {
            if (this.ldapDisabled) {
                log.debug("authProvider: LDAP is disabled.");
                return null;
            }
            log.debug("User finding in authProvider " + this.useFqdnForSearch + "search filter:" + this.ldapSearchFilter);
            this.provider = new SmpActiveDirectoryLdapAuthenticationProvider(this.ldapDomain, "ldap://" + this.ldapHostname + ":" + this.ldapPort.toString() + "/", !"false".equalsIgnoreCase(this.useFqdnForSearch));
            this.provider.setUseAuthenticationRequestCredentials(true);
            if (StringUtils.hasText(this.ldapSearchFilter)) {
                log.info("Overriding default AD search filter with " + this.ldapSearchFilter);
                this.provider.setSearchFilter(this.ldapSearchFilter);
            }
        }
        return this.provider;
    }

    public boolean isValidLdapUser(Authentication authentication) {
        try {
            if (this.ldapDisabled) {
                log.debug("isValidLdapUser: LDAP is disabled.");
                return false;
            }
            log.debug("User trying to authenticate ldap " + authentication.getPrincipal().toString());
            return authProvider().authenticate(authentication).isAuthenticated();
        } catch (Exception e) {
            log.error("isValidLdapUser: authenticate threw exception: ", (Throwable) e);
            return false;
        }
    }

    protected boolean isValidSmpUser(Authentication authentication, User user) {
        if (null == authentication || null == user || null == authentication.getPrincipal() || !StringUtils.hasText(authentication.getPrincipal().toString()) || null == authentication.getCredentials() || !StringUtils.hasText(authentication.getCredentials().toString()) || null == user.getHashedPassword() || !StringUtils.hasText(user.getHashedPassword().getHash())) {
            log.info("Person is not a smp internal db user: " + authentication.getPrincipal().toString());
            return false;
        }
        log.info("User fund in smp db: " + authentication.getPrincipal().toString());
        return authentication.getPrincipal().toString().equals(user.getUserId()) && PasswordEncoder.matches(authentication.getCredentials().toString(), user.getHashedPassword());
    }
}
