package org.craftercms.studio.impl.v1.service.security;

import java.util.ArrayList;
import java.util.HashMap;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import org.craftercms.studio.api.v1.constant.SecurityConstants;
import org.craftercms.studio.api.v1.dal.Group;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.dal.User;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException;
import org.craftercms.studio.api.v1.exception.security.BadCredentialsException;
import org.craftercms.studio.api.v1.exception.security.GroupAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.GroupNotFoundException;
import org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.activity.ActivityService;
import org.craftercms.studio.api.v1.util.StudioConfiguration;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.CommunicationException;
import org.springframework.ldap.core.AuthenticatedLdapEntryContextMapper;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapEntryIdentification;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.query.LdapQueryBuilder;

/* loaded from: input_file:org/craftercms/studio/impl/v1/service/security/DbWithLdapExtensionSecurityProvider.class */
public class DbWithLdapExtensionSecurityProvider extends DbSecurityProvider {
    private static final Logger logger = LoggerFactory.getLogger(DbWithLdapExtensionSecurityProvider.class);
    protected LdapTemplate ldapTemplate;
    protected ActivityService activityService;

    @Override // org.craftercms.studio.impl.v1.service.security.DbSecurityProvider, org.craftercms.studio.api.v1.service.security.SecurityProvider
    public String authenticate(final String str, String str2) throws BadCredentialsException, AuthenticationSystemException {
        try {
            User user = (User) this.ldapTemplate.authenticate(LdapQueryBuilder.query().where(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_USERNAME)).is(str), str2, new AuthenticatedLdapEntryContextMapper<User>() { // from class: org.craftercms.studio.impl.v1.service.security.DbWithLdapExtensionSecurityProvider.1
                /* renamed from: mapWithContext, reason: merged with bridge method [inline-methods] */
                public User m130mapWithContext(DirContext dirContext, LdapEntryIdentification ldapEntryIdentification) {
                    try {
                        Attributes attributes = ((DirContextOperations) dirContext.lookup(ldapEntryIdentification.getRelativeName())).getAttributes();
                        String property = DbWithLdapExtensionSecurityProvider.this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_EMAIL);
                        String property2 = DbWithLdapExtensionSecurityProvider.this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_FIRST_NAME);
                        String property3 = DbWithLdapExtensionSecurityProvider.this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_LAST_NAME);
                        String property4 = DbWithLdapExtensionSecurityProvider.this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_SITE_ID);
                        String property5 = DbWithLdapExtensionSecurityProvider.this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_LDAP_USER_ATTRIBUTE_GROUP_NAME);
                        Attribute attribute = attributes.get(property);
                        Attribute attribute2 = attributes.get(property2);
                        Attribute attribute3 = attributes.get(property3);
                        Attribute attribute4 = attributes.get(property4);
                        Attribute attribute5 = attributes.get(property5);
                        User user2 = new User();
                        user2.setGroups(new ArrayList());
                        user2.setActive(1);
                        user2.setUsername(str);
                        if (attribute == null || attribute.get() == null) {
                            DbWithLdapExtensionSecurityProvider.logger.error("No LDAP attribute " + property + " found for username " + str + ". User will not be imported into DB.", new Object[0]);
                            return null;
                        }
                        user2.setEmail(attribute.get().toString());
                        if (attribute2 == null || attribute2.get() == null) {
                            DbWithLdapExtensionSecurityProvider.logger.warn("No LDAP attribute " + property2 + " found for username " + str, new Object[0]);
                        } else {
                            user2.setFirstname(attribute2.get().toString());
                        }
                        if (attribute3 == null || attribute3.get() == null) {
                            DbWithLdapExtensionSecurityProvider.logger.warn("No LDAP attribute " + property3 + " found for username " + str, new Object[0]);
                        } else {
                            user2.setLastname(attribute3.get().toString());
                        }
                        if (attribute4 == null || attribute4.get() == null) {
                            DbWithLdapExtensionSecurityProvider.logger.warn("No LDAP attribute " + property4 + " found for username " + str, new Object[0]);
                        } else {
                            HashMap hashMap = new HashMap();
                            NamingEnumeration all = attribute4.getAll();
                            while (all.hasMore()) {
                                Object next = all.next();
                                if (next != null) {
                                    hashMap.put("siteId", next.toString());
                                    SiteFeed site = DbWithLdapExtensionSecurityProvider.this.siteFeedMapper.getSite(hashMap);
                                    if (site != null) {
                                        if (attribute5 == null || attribute5.size() <= 0) {
                                            DbWithLdapExtensionSecurityProvider.logger.warn("No LDAP attribute " + property5 + " found for username " + str, new Object[0]);
                                        } else {
                                            NamingEnumeration all2 = attribute5.getAll();
                                            while (all2.hasMore()) {
                                                Object next2 = all2.next();
                                                if (next2 != null) {
                                                    String obj = next2.toString();
                                                    Group group = new Group();
                                                    group.setName(obj);
                                                    group.setExternallyManaged(1);
                                                    group.setDescription("Externally managed group");
                                                    group.setSiteId(site.getId());
                                                    group.setSite(site.getSiteId());
                                                    user2.getGroups().add(group);
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        return user2;
                    } catch (NamingException e) {
                        DbWithLdapExtensionSecurityProvider.logger.error("Error getting details from LDAP for username " + str, e, new Object[0]);
                        return null;
                    }
                }
            });
            if (user == null) {
                logger.error("Failed to retrieve LDAP user details", new Object[0]);
                throw new AuthenticationSystemException("Failed to retrieve LDAP user details");
            }
            if (super.userExists(str)) {
                try {
                    if (updateUserInternal(user.getUsername(), user.getFirstname(), user.getLastname(), user.getEmail())) {
                        ActivityService.ActivityType activityType = ActivityService.ActivityType.UPDATED;
                        HashMap hashMap = new HashMap();
                        hashMap.put("contentType", "user");
                        this.activityService.postActivity(getSystemSite(), user.getUsername(), user.getUsername(), activityType, ActivityService.ActivitySource.UI, hashMap);
                    }
                } catch (UserNotFoundException e) {
                    logger.error("Error updating user " + str + " with data from external authentication provider", e, new Object[0]);
                    throw new AuthenticationSystemException("Error updating user " + str + " with data from external authentication provider", e);
                }
            } else {
                try {
                    if (createUser(user.getUsername(), str2, user.getFirstname(), user.getLastname(), user.getEmail(), true)) {
                        ActivityService.ActivityType activityType2 = ActivityService.ActivityType.CREATED;
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("contentType", "user");
                        this.activityService.postActivity(getSystemSite(), user.getUsername(), user.getUsername(), activityType2, ActivityService.ActivitySource.UI, hashMap2);
                    }
                } catch (UserAlreadyExistsException e2) {
                    logger.error("Error adding user " + str + " from external authentication provider", e2, new Object[0]);
                    throw new AuthenticationSystemException("Error adding user " + str + " from external authentication provider", e2);
                }
            }
            for (Group group : user.getGroups()) {
                try {
                    upsertUserGroup(group.getSite(), group.getName(), user.getUsername());
                } catch (SiteNotFoundException | GroupAlreadyExistsException | GroupNotFoundException | UserAlreadyExistsException | UserNotFoundException e3) {
                    logger.error("Failed to upsert user groups data from LDAP", e3, new Object[0]);
                }
            }
            String createToken = createToken(user);
            storeSessionTicket(createToken);
            storeSessionUsername(str);
            return createToken;
        } catch (CommunicationException e4) {
            logger.info("Failed to connect with external security provider. Trying to authenticate against studio database", new Object[0]);
            return super.authenticate(str, str2);
        } catch (Exception e5) {
            logger.error("Authentication failed with the LDAP system", e5, new Object[0]);
            throw new AuthenticationSystemException("Authentication failed with the LDAP system", e5);
        } catch (EmptyResultDataAccessException e6) {
            logger.info("User " + str + " not found with external security provider. Trying to authenticate against studio database", new Object[0]);
            return super.authenticate(str, str2);
        } catch (AuthenticationException e7) {
            logger.error("Authentication failed with the LDAP system", e7, new Object[0]);
            throw new BadCredentialsException();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean updateUserInternal(String str, String str2, String str3, String str4) throws UserNotFoundException {
        if (!userExists(str)) {
            throw new UserNotFoundException();
        }
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityConstants.KEY_USERNAME, str);
        hashMap.put("firstname", str2);
        hashMap.put("lastname", str3);
        hashMap.put("email", str4);
        hashMap.put("externallyManaged", 1);
        this.securityMapper.updateUser(hashMap);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean upsertUserGroup(String str, String str2, String str3) throws GroupAlreadyExistsException, SiteNotFoundException, UserNotFoundException, UserAlreadyExistsException, GroupNotFoundException {
        if (!groupExists(str, str2)) {
            createGroup(str2, "Externally managed group", str, true);
        }
        if (userExistsInGroup(str, str2, str3) || !addUserToGroup(str, str2, str3)) {
            return true;
        }
        ActivityService.ActivityType activityType = ActivityService.ActivityType.ADD_USER_TO_GROUP;
        HashMap hashMap = new HashMap();
        hashMap.put("contentType", "user");
        this.activityService.postActivity(str, "LDAP", str3 + " > " + str2, activityType, ActivityService.ActivitySource.UI, hashMap);
        return true;
    }

    public String getSystemSite() {
        return this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE);
    }

    public LdapTemplate getLdapTemplate() {
        return this.ldapTemplate;
    }

    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    public ActivityService getActivityService() {
        return this.activityService;
    }

    public void setActivityService(ActivityService activityService) {
        this.activityService = activityService;
    }
}
