package org.craftercms.studio.impl.v2.security.authentication.headers;

import java.beans.ConstructorProperties;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.site.SiteService;
import org.craftercms.studio.api.v2.dal.AuditLog;
import org.craftercms.studio.api.v2.dal.AuditLogConstants;
import org.craftercms.studio.api.v2.dal.Group;
import org.craftercms.studio.api.v2.dal.GroupDAO;
import org.craftercms.studio.api.v2.dal.QueryParameterNames;
import org.craftercms.studio.api.v2.dal.RetryingDatabaseOperationFacade;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.dal.UserDAO;
import org.craftercms.studio.api.v2.dal.UserGroup;
import org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal;
import org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.craftercms.studio.model.AuthenticatedUser;
import org.craftercms.studio.model.AuthenticationType;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:org/craftercms/studio/impl/v2/security/authentication/headers/HeadersAuthenticationProvider.class */
public class HeadersAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(HeadersAuthenticationProvider.class);
    private String secureKeyHeader;
    private String secureKeyHeaderValue;
    private String usernameHeader;
    private String firstNameHeader;
    private String lastNameHeader;
    private String emailHeader;
    private String groupsHeader;
    protected StudioConfiguration studioConfiguration;
    protected SiteService siteService;
    protected UserServiceInternal userServiceInternal;
    protected AuditServiceInternal auditServiceInternal;
    protected UserDAO userDao;
    protected GroupDAO groupDao;
    protected RetryingDatabaseOperationFacade retryingDatabaseOperationFacade;

    @ConstructorProperties({"studioConfiguration", "siteService", "userServiceInternal", "auditServiceInternal", "userDao", "groupDao", "retryingDatabaseOperationFacade"})
    public HeadersAuthenticationProvider(StudioConfiguration studioConfiguration, SiteService siteService, UserServiceInternal userServiceInternal, AuditServiceInternal auditServiceInternal, UserDAO userDAO, GroupDAO groupDAO, RetryingDatabaseOperationFacade retryingDatabaseOperationFacade) {
        this.studioConfiguration = studioConfiguration;
        this.siteService = siteService;
        this.userServiceInternal = userServiceInternal;
        this.auditServiceInternal = auditServiceInternal;
        this.userDao = userDAO;
        this.groupDao = groupDAO;
        this.retryingDatabaseOperationFacade = retryingDatabaseOperationFacade;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        User user;
        logger.debug("Authenticating user using authentication headers.", new Object[0]);
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            HttpServletRequest request = current.getRequest();
            String header = request.getHeader(this.secureKeyHeader);
            logger.debug("Verifying authentication header secure key.", new Object[0]);
            if (StringUtils.equals(header, this.secureKeyHeaderValue)) {
                String header2 = request.getHeader(this.usernameHeader);
                String header3 = request.getHeader(this.firstNameHeader);
                String header4 = request.getHeader(this.lastNameHeader);
                String header5 = request.getHeader(this.emailHeader);
                String header6 = request.getHeader(this.groupsHeader);
                try {
                    SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
                    if (this.userServiceInternal.userExists(-1L, header2)) {
                        user = this.userServiceInternal.getUserByIdOrUsername(-1L, header2);
                        user.setFirstName(header3);
                        user.setLastName(header4);
                        user.setEmail(header5);
                        if (StringUtils.isNoneEmpty(new CharSequence[]{header3, header4, header5})) {
                            logger.debug("If user already exists in studio DB, update details.", new Object[0]);
                            try {
                                this.userServiceInternal.updateUser(user);
                                AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
                                createAuditLogEntry.setOperation("UPDATE");
                                createAuditLogEntry.setActorId(header2);
                                createAuditLogEntry.setSiteId(site.getId());
                                createAuditLogEntry.setPrimaryTargetId(header2);
                                createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
                                createAuditLogEntry.setPrimaryTargetValue(user.getUsername());
                                this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
                            } catch (Exception e) {
                                logger.debug("Error updating user " + header2 + " with data from authentication headers", e, new Object[0]);
                                throw new AuthenticationServiceException("Error updating user " + header2 + " with data from external authentication provider", e);
                            }
                        }
                    } else {
                        logger.debug("User does not exist in studio db. Adding user " + this.usernameHeader, new Object[0]);
                        try {
                            user = new User();
                            user.setUsername(header2);
                            user.setPassword(UUID.randomUUID().toString());
                            user.setFirstName(header3);
                            user.setLastName(header4);
                            user.setEmail(header5);
                            user.setExternallyManaged(true);
                            user.setEnabled(true);
                            this.userServiceInternal.createUser(user);
                            AuditLog createAuditLogEntry2 = this.auditServiceInternal.createAuditLogEntry();
                            createAuditLogEntry2.setOperation(AuditLogConstants.OPERATION_CREATE);
                            createAuditLogEntry2.setSiteId(site.getId());
                            createAuditLogEntry2.setActorId(header2);
                            createAuditLogEntry2.setPrimaryTargetId(header2);
                            createAuditLogEntry2.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
                            createAuditLogEntry2.setPrimaryTargetValue(user.getUsername());
                            this.auditServiceInternal.insertAuditLog(createAuditLogEntry2);
                        } catch (ServiceLayerException | UserAlreadyExistsException e2) {
                            logger.debug("Error adding user " + header2 + " from authentication headers", e2, new Object[0]);
                            throw new AuthenticationServiceException("Error adding user " + header2 + " from external authentication provider", e2);
                        }
                    }
                    logger.debug("Update user groups in database.", new Object[0]);
                    if (StringUtils.isNoneEmpty(new CharSequence[]{header6})) {
                        for (String str : header6.split(",")) {
                            Group group = new Group();
                            try {
                                group.setGroupName(StringUtils.trim(str));
                                group.setGroupDescription("Externally managed group");
                                group.setOrganization(null);
                                UserGroup userGroup = new UserGroup();
                                userGroup.setGroup(group);
                                user.getGroups().add(userGroup);
                                upsertUserGroup(group.getGroupName(), header2);
                            } catch (Exception e3) {
                                logger.debug("Error updating user group " + group.getGroupName() + " with data from authentication headers", e3, new Object[0]);
                            }
                        }
                    }
                    AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
                    authenticatedUser.setAuthenticationType(AuthenticationType.AUTH_HEADERS);
                    return new HeadersAuthenticationToken(authenticatedUser);
                } catch (ServiceLayerException e4) {
                    logger.debug("Unknown service error", e4, new Object[0]);
                    throw new AuthenticationServiceException("Unknown service error", e4);
                } catch (UserNotFoundException e5) {
                    throw new IllegalStateException("User nor found", e5);
                }
            }
        }
        logger.debug("Unable to authenticate user using authentication headers", new Object[0]);
        return null;
    }

    public boolean supports(Class<?> cls) {
        return cls.isAssignableFrom(PreAuthenticatedAuthenticationToken.class);
    }

    protected boolean upsertUserGroup(String str, String str2) throws SiteNotFoundException {
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(QueryParameterNames.ORG_ID, 1);
            hashMap.put(QueryParameterNames.GROUP_NAME, str);
            hashMap.put(QueryParameterNames.GROUP_DESCRIPTION, "Externally managed group - " + str);
            this.retryingDatabaseOperationFacade.createGroup(hashMap);
        } catch (Exception e) {
            logger.debug("Error creating group", e, new Object[0]);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(QueryParameterNames.GROUP_NAME, str);
        Group groupByName = this.groupDao.getGroupByName(hashMap2);
        if (groupByName == null) {
            return true;
        }
        HashMap hashMap3 = new HashMap();
        hashMap3.put("userId", -1);
        hashMap3.put("username", str2);
        User userByIdOrUsername = this.userDao.getUserByIdOrUsername(hashMap3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(Long.valueOf(userByIdOrUsername.getId()));
        HashMap hashMap4 = new HashMap();
        hashMap4.put(QueryParameterNames.USER_IDS, arrayList);
        hashMap4.put(QueryParameterNames.GROUP_ID, Long.valueOf(groupByName.getId()));
        try {
            this.retryingDatabaseOperationFacade.addGroupMembers(hashMap4);
            AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_ADD_MEMBERS);
            createAuditLogEntry.setSiteId(site.getId());
            createAuditLogEntry.setActorId(str2);
            createAuditLogEntry.setPrimaryTargetId(groupByName.getGroupName() + ":" + userByIdOrUsername.getUsername());
            createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
            createAuditLogEntry.setPrimaryTargetValue(userByIdOrUsername.getUsername());
            this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
            return true;
        } catch (Exception e2) {
            logger.debug("Unknown database error", e2, new Object[0]);
            return true;
        }
    }

    public void setSecureKeyHeader(String str) {
        this.secureKeyHeader = str;
    }

    public void setSecureKeyHeaderValue(String str) {
        this.secureKeyHeaderValue = str;
    }

    public void setUsernameHeader(String str) {
        this.usernameHeader = str;
    }

    public void setFirstNameHeader(String str) {
        this.firstNameHeader = str;
    }

    public void setLastNameHeader(String str) {
        this.lastNameHeader = str;
    }

    public void setEmailHeader(String str) {
        this.emailHeader = str;
    }

    public void setGroupsHeader(String str) {
        this.groupsHeader = str;
    }
}
