package org.dspace.rest.authentication;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.utils.DSpace;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/classes/org/dspace/rest/authentication/DSpaceAuthenticationProvider.class */
public class DSpaceAuthenticationProvider implements AuthenticationProvider {
    private static Logger log = LogManager.getLogger((Class<?>) DSpaceAuthenticationProvider.class);
    protected AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Context context = null;
        try {
            try {
                Context context2 = new Context();
                String name = authentication.getName();
                String obj = authentication.getCredentials().toString();
                HttpServletRequest httpServletRequest = new DSpace().getRequestService().getCurrentRequest().getHttpServletRequest();
                ArrayList arrayList = new ArrayList();
                if (this.authenticationService.authenticateImplicit(context2, null, null, null, httpServletRequest) == 1) {
                    log.info(org.dspace.core.LogManager.getHeader(context2, "login", "type=implicit"));
                    addSpecialGroupsToGrantedAuthorityList(context2, httpServletRequest, arrayList);
                    Authentication createAuthenticationToken = createAuthenticationToken(obj, context2, arrayList);
                    if (context2 != null && context2.isValid()) {
                        try {
                            context2.complete();
                        } catch (SQLException e) {
                            log.error(e.getMessage() + " occurred while trying to close", (Throwable) e);
                        }
                    }
                    return createAuthenticationToken;
                }
                int authenticate = this.authenticationService.authenticate(context2, name, obj, null, httpServletRequest);
                if (1 != authenticate) {
                    log.info(org.dspace.core.LogManager.getHeader(context2, "failed_login", "email=" + name + ", result=" + authenticate));
                    throw new BadCredentialsException("Login failed");
                }
                addSpecialGroupsToGrantedAuthorityList(context2, httpServletRequest, arrayList);
                log.info(org.dspace.core.LogManager.getHeader(context2, "login", "type=explicit"));
                Authentication createAuthenticationToken2 = createAuthenticationToken(obj, context2, arrayList);
                if (context2 != null && context2.isValid()) {
                    try {
                        context2.complete();
                    } catch (SQLException e2) {
                        log.error(e2.getMessage() + " occurred while trying to close", (Throwable) e2);
                    }
                }
                return createAuthenticationToken2;
            } catch (Throwable th) {
                if (0 != 0 && context.isValid()) {
                    try {
                        context.complete();
                    } catch (SQLException e3) {
                        log.error(e3.getMessage() + " occurred while trying to close", (Throwable) e3);
                    }
                }
                throw th;
            }
        } catch (BadCredentialsException e4) {
            throw e4;
        } catch (Exception e5) {
            log.error("Error while authenticating in the rest api", (Throwable) e5);
            if (0 == 0 || !context.isValid()) {
                return null;
            }
            try {
                context.complete();
                return null;
            } catch (SQLException e6) {
                log.error(e6.getMessage() + " occurred while trying to close", (Throwable) e6);
                return null;
            }
        }
    }

    protected void addSpecialGroupsToGrantedAuthorityList(Context context, HttpServletRequest httpServletRequest, List<SimpleGrantedAuthority> list) throws SQLException {
        Iterator<Group> it = this.authenticationService.getSpecialGroups(context, httpServletRequest).iterator();
        while (it.hasNext()) {
            list.add(new SimpleGrantedAuthority(it.next().getName()));
        }
    }

    private Authentication createAuthenticationToken(String str, Context context, List<SimpleGrantedAuthority> list) {
        EPerson currentUser = context.getCurrentUser();
        if (currentUser != null && StringUtils.isNotBlank(currentUser.getEmail())) {
            return new UsernamePasswordAuthenticationToken(currentUser.getEmail(), str, list);
        }
        log.info(org.dspace.core.LogManager.getHeader(context, "failed_login", "No eperson with an non-blank e-mail address found"));
        throw new BadCredentialsException("Login failed");
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
