package com.alibaba.nacos.plugin.auth.impl;

import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.User;
import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceImpl;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetails;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.plugin.auth.impl.utils.PasswordEncoderUtil;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

@Deprecated
/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider {
    private final NacosUserDetailsServiceImpl userDetailsService;
    private final NacosRoleServiceImpl nacosRoleService;
    private final LdapTemplate ldapTemplate;
    private final String filterPrefix;
    private final boolean caseSensitive;

    public LdapAuthenticationProvider(LdapTemplate ldapTemplate, NacosUserDetailsServiceImpl nacosUserDetailsServiceImpl, NacosRoleServiceImpl nacosRoleServiceImpl, String str, boolean z) {
        this.ldapTemplate = ldapTemplate;
        this.nacosRoleService = nacosRoleServiceImpl;
        this.userDetailsService = nacosUserDetailsServiceImpl;
        this.filterPrefix = str;
        this.caseSensitive = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23, types: [org.springframework.security.core.userdetails.UserDetails] */
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        NacosUserDetails nacosUserDetails;
        String str = (String) authentication.getPrincipal();
        String str2 = (String) authentication.getCredentials();
        if (isAdmin(str)) {
            UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(str);
            if (PasswordEncoderUtil.matches(str2, loadUserByUsername.getPassword()).booleanValue()) {
                return new UsernamePasswordAuthenticationToken(loadUserByUsername, str2, loadUserByUsername.getAuthorities());
            }
            return null;
        }
        if (!this.caseSensitive) {
            str = StringUtils.lowerCase(str);
        }
        try {
            if (!ldapLogin(str, str2)) {
                return null;
            }
            try {
                nacosUserDetails = this.userDetailsService.loadUserByUsername(AuthConstants.LDAP_PREFIX + str);
            } catch (UsernameNotFoundException e) {
                this.userDetailsService.createUser(AuthConstants.LDAP_PREFIX + str, AuthConstants.LDAP_DEFAULT_ENCODED_PASSWORD);
                User user = new User();
                user.setUsername(AuthConstants.LDAP_PREFIX + str);
                user.setPassword(AuthConstants.LDAP_DEFAULT_ENCODED_PASSWORD);
                nacosUserDetails = new NacosUserDetails(user);
            }
            return new UsernamePasswordAuthenticationToken(nacosUserDetails, str2, nacosUserDetails.getAuthorities());
        } catch (Exception e2) {
            Loggers.AUTH.error("[LDAP-LOGIN] failed", e2);
            return null;
        }
    }

    private boolean isAdmin(String str) {
        List<RoleInfo> roles = this.nacosRoleService.getRoles(str);
        if (CollectionUtils.isEmpty(roles)) {
            return false;
        }
        Iterator<RoleInfo> it = roles.iterator();
        while (it.hasNext()) {
            if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(it.next().getRole())) {
                return true;
            }
        }
        return false;
    }

    private boolean ldapLogin(String str, String str2) throws AuthenticationException {
        return this.ldapTemplate.authenticate(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, "(" + this.filterPrefix + "=" + str + ")", str2);
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
