package org.craftercms.studio.impl.v2.security.authentication.ldap;

import java.beans.ConstructorProperties;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.site.SiteService;
import org.craftercms.studio.api.v2.dal.AuditLog;
import org.craftercms.studio.api.v2.dal.AuditLogConstants;
import org.craftercms.studio.api.v2.dal.Group;
import org.craftercms.studio.api.v2.dal.GroupDAO;
import org.craftercms.studio.api.v2.dal.QueryParameterNames;
import org.craftercms.studio.api.v2.dal.RetryingDatabaseOperationFacade;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.dal.UserDAO;
import org.craftercms.studio.api.v2.dal.UserGroup;
import org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal;
import org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

/* loaded from: input_file:org/craftercms/studio/impl/v2/security/authentication/ldap/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(LdapAuthenticationProvider.class);
    private String ldapUrl;
    private String ldapPassword;
    private String ldapUsername;
    private String ldapBaseContext;
    private String usernameLdapAttribute;
    private String firstNameLdapAttribute;
    private String lastNameLdapAttribute;
    private String groupNameLdapAttribute;
    private String groupNameLdapAttributeRegex;
    private int groupNameLdapAttributeMatchIndex;
    private String emailLdapAttribute;
    protected StudioConfiguration studioConfiguration;
    protected SiteService siteService;
    protected AuditServiceInternal auditServiceInternal;
    protected UserServiceInternal userServiceInternal;
    protected UserDAO userDao;
    protected GroupDAO groupDao;
    protected RetryingDatabaseOperationFacade retryingDatabaseOperationFacade;

    @ConstructorProperties({"studioConfiguration", "siteService", "auditServiceInternal", "userServiceInternal", "userDao", "groupDao", "retryingDatabaseOperationFacade"})
    public LdapAuthenticationProvider(StudioConfiguration studioConfiguration, SiteService siteService, AuditServiceInternal auditServiceInternal, UserServiceInternal userServiceInternal, UserDAO userDAO, GroupDAO groupDAO, RetryingDatabaseOperationFacade retryingDatabaseOperationFacade) {
        this.studioConfiguration = studioConfiguration;
        this.siteService = siteService;
        this.auditServiceInternal = auditServiceInternal;
        this.userServiceInternal = userServiceInternal;
        this.userDao = userDAO;
        this.groupDao = groupDAO;
        this.retryingDatabaseOperationFacade = retryingDatabaseOperationFacade;
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0237 A[LOOP:0: B:16:0x022d->B:18:0x0237, LOOP_END] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication r8) throws org.springframework.security.core.AuthenticationException {
        /*
            Method dump skipped, instructions count: 684
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.craftercms.studio.impl.v2.security.authentication.ldap.LdapAuthenticationProvider.authenticate(org.springframework.security.core.Authentication):org.springframework.security.core.Authentication");
    }

    private void extractGroupsFromAttribute(User user, String str, Attribute attribute) throws NamingException {
        if (attribute == null || attribute.size() <= 0) {
            logger.debug("No LDAP attribute " + str + " found for username " + user.getUsername(), new Object[0]);
            return;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            Object next = all.next();
            if (next != null) {
                String extractGroupNameFromAttributeValue = extractGroupNameFromAttributeValue(next.toString());
                if (StringUtils.isNotEmpty(extractGroupNameFromAttributeValue)) {
                    addGroupToUser(user, extractGroupNameFromAttributeValue);
                }
            }
        }
    }

    private String extractGroupNameFromAttributeValue(String str) {
        Matcher matcher = Pattern.compile(this.groupNameLdapAttributeRegex).matcher(str);
        return matcher.matches() ? matcher.group(this.groupNameLdapAttributeMatchIndex) : "";
    }

    private void addGroupToUser(User user, String str) {
        Group group = new Group();
        group.setGroupName(str);
        group.setGroupDescription("Externally managed group");
        group.setOrganization(null);
        UserGroup userGroup = new UserGroup();
        userGroup.setGroup(group);
        if (user.getGroups() == null) {
            user.setGroups(new ArrayList());
        }
        user.getGroups().add(userGroup);
    }

    protected void upsertUserGroup(String str, String str2) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(QueryParameterNames.ORG_ID, 1);
            hashMap.put(QueryParameterNames.GROUP_NAME, str);
            hashMap.put(QueryParameterNames.GROUP_DESCRIPTION, "Externally managed group - " + str);
            this.retryingDatabaseOperationFacade.createGroup(hashMap);
        } catch (Exception e) {
            logger.warn("Error creating group", e);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(QueryParameterNames.GROUP_NAME, str);
        Group groupByName = this.groupDao.getGroupByName(hashMap2);
        if (groupByName != null) {
            HashMap hashMap3 = new HashMap();
            hashMap3.put("userId", -1);
            hashMap3.put("username", str2);
            User userByIdOrUsername = this.userDao.getUserByIdOrUsername(hashMap3);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Long.valueOf(userByIdOrUsername.getId()));
            HashMap hashMap4 = new HashMap();
            hashMap4.put(QueryParameterNames.USER_IDS, arrayList);
            hashMap4.put(QueryParameterNames.GROUP_ID, Long.valueOf(groupByName.getId()));
            try {
                this.retryingDatabaseOperationFacade.addGroupMembers(hashMap4);
                SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
                AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
                createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_ADD_MEMBERS);
                createAuditLogEntry.setActorId(userByIdOrUsername.getUsername());
                createAuditLogEntry.setSiteId(site.getId());
                createAuditLogEntry.setPrimaryTargetId(groupByName.getGroupName() + ":" + userByIdOrUsername.getUsername());
                createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
                createAuditLogEntry.setPrimaryTargetValue(userByIdOrUsername.getUsername());
                this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
            } catch (Exception e2) {
                logger.debug("Unknown database error", e2, new Object[0]);
            }
        }
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void setLdapUrl(String str) {
        this.ldapUrl = str;
    }

    public void setLdapPassword(String str) {
        this.ldapPassword = str;
    }

    public void setLdapUsername(String str) {
        this.ldapUsername = str;
    }

    public void setLdapBaseContext(String str) {
        this.ldapBaseContext = str;
    }

    public void setUsernameLdapAttribute(String str) {
        this.usernameLdapAttribute = str;
    }

    public void setFirstNameLdapAttribute(String str) {
        this.firstNameLdapAttribute = str;
    }

    public void setLastNameLdapAttribute(String str) {
        this.lastNameLdapAttribute = str;
    }

    public void setGroupNameLdapAttribute(String str) {
        this.groupNameLdapAttribute = str;
    }

    public void setGroupNameLdapAttributeRegex(String str) {
        this.groupNameLdapAttributeRegex = str;
    }

    public void setGroupNameLdapAttributeMatchIndex(int i) {
        this.groupNameLdapAttributeMatchIndex = i;
    }

    public void setEmailLdapAttribute(String str) {
        this.emailLdapAttribute = str;
    }
}
