package org.dspace.app.rest.security;

import java.sql.SQLException;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.dspace.app.rest.login.PostLoggedInAction;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.core.Context;
import org.dspace.core.LogHelper;
import org.dspace.eperson.EPerson;
import org.dspace.services.RequestService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/dspace/app/rest/security/EPersonRestAuthenticationProvider.class */
public class EPersonRestAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(EPersonRestAuthenticationProvider.class);
    public static final String MANAGE_ACCESS_GROUP = "MANAGE_ACCESS_GROUP";

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private AuthorizeService authorizeService;

    @Autowired
    private RequestService requestService;

    @Autowired
    private HttpServletRequest request;

    @Autowired(required = false)
    private List<PostLoggedInAction> postLoggedInActions;

    @PostConstruct
    public void postConstruct() {
        if (this.postLoggedInActions == null) {
            this.postLoggedInActions = Collections.emptyList();
        }
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Context obtainContext = ContextUtil.obtainContext(this.request);
        if (obtainContext == null || obtainContext.getCurrentUser() == null) {
            log.debug("Request to authenticate new login");
            return authenticateNewLogin(authentication);
        }
        log.debug("Request to refresh auth token");
        return authenticateRefreshTokenRequest(obtainContext);
    }

    private Authentication authenticateRefreshTokenRequest(Context context) {
        this.authenticationService.updateLastActiveDate(context);
        return createAuthentication(context);
    }

    private Authentication authenticateNewLogin(Authentication authentication) {
        Context context = null;
        Authentication authentication2 = null;
        if (authentication != null) {
            try {
                context = new Context();
                String name = authentication.getName();
                String objects = Objects.toString(authentication.getCredentials(), null);
                if (this.authenticationService.authenticateImplicit(context, (String) null, (String) null, (String) null, this.request) == 1) {
                    log.info(LogHelper.getHeader(context, "login", "type=implicit"));
                    authentication2 = createAuthentication(context);
                } else {
                    int authenticate = this.authenticationService.authenticate(context, name, objects, (String) null, this.request);
                    if (1 != authenticate) {
                        log.info(LogHelper.getHeader(context, "failed_login", "email=" + name + ", result=" + authenticate));
                        throw new BadCredentialsException("Login failed");
                    }
                    log.info(LogHelper.getHeader(context, "login", "type=explicit"));
                    authentication2 = createAuthentication(context);
                    Iterator<PostLoggedInAction> it = this.postLoggedInActions.iterator();
                    while (it.hasNext()) {
                        try {
                            it.next().loggedIn(context);
                        } catch (Exception e) {
                            log.error("An error occurs performing post logged in action", e);
                        }
                    }
                }
                if (context != null && context.isValid()) {
                    try {
                        context.complete();
                    } catch (SQLException e2) {
                        log.error(e2.getMessage() + " occurred while trying to close", e2);
                    }
                }
            } catch (Throwable th) {
                if (context != null && context.isValid()) {
                    try {
                        context.complete();
                    } catch (SQLException e3) {
                        log.error(e3.getMessage() + " occurred while trying to close", e3);
                    }
                }
                throw th;
            }
        }
        return authentication2;
    }

    private Authentication createAuthentication(Context context) {
        EPerson currentUser = context.getCurrentUser();
        if (currentUser == null || !StringUtils.isNotBlank(currentUser.getEmail())) {
            log.info(LogHelper.getHeader(context, "failed_login", "No eperson with an non-blank e-mail address found"));
            throw new BadCredentialsException("Login failed");
        }
        this.requestService.setCurrentUserId(currentUser.getID());
        return new DSpaceAuthentication(currentUser, getGrantedAuthorities(context));
    }

    public List<GrantedAuthority> getGrantedAuthorities(Context context) {
        LinkedList linkedList = new LinkedList();
        EPerson currentUser = context.getCurrentUser();
        if (currentUser != null) {
            boolean z = false;
            try {
                z = this.authorizeService.isAdmin(context, currentUser);
            } catch (SQLException e) {
                log.error("SQL error while checking for admin rights", e);
            }
            if (z) {
                linkedList.add(new SimpleGrantedAuthority(WebSecurityConfiguration.ADMIN_GRANT));
            } else if (this.authorizeService.isAccountManager(context)) {
                linkedList.add(new SimpleGrantedAuthority(MANAGE_ACCESS_GROUP));
            }
            linkedList.add(new SimpleGrantedAuthority(WebSecurityConfiguration.AUTHENTICATED_GRANT));
        }
        return linkedList;
    }

    public boolean supports(Class<?> cls) {
        return DSpaceAuthentication.class.isAssignableFrom(cls);
    }
}
