package org.n52.sos.web.common.auth;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.inject.Inject;
import org.n52.faroe.ConfigurationError;
import org.n52.iceland.config.AdminUserService;
import org.n52.iceland.config.AdministratorUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

@SuppressFBWarnings({"EI_EXPOSE_REP2"})
/* loaded from: input_file:WEB-INF/lib/sos-common-controller-6.0.0-PR.18.jar:org/n52/sos/web/common/auth/SosAuthenticationProvider.class */
public class SosAuthenticationProvider implements AuthenticationProvider {
    private static final String BAD_CREDENTIALS = "Bad Credentials";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SosAuthenticationProvider.class);
    private static final Set<AdministratorAuthority> ADMIN_AUTHORITIES = Collections.singleton(new AdministratorAuthority());
    private AdminUserService adminUserService;
    private PasswordEncoder passwordEncoder;
    private LimitLoginAttemptService loginAttemptService;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public UsernamePasswordAuthenticationToken authenticate(Authentication authentication) throws AuthenticationException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
        if (this.loginAttemptService.isBlocked(getClientIP(usernamePasswordAuthenticationToken))) {
            throw new LockedException("locked");
        }
        AdministratorUser authenticate = authenticate((String) usernamePasswordAuthenticationToken.getPrincipal(), (String) usernamePasswordAuthenticationToken.getCredentials());
        return new UsernamePasswordAuthenticationToken(new AdministratorUserPrinciple(authenticate, authenticate instanceof DefaultAdministratorUser), null, ADMIN_AUTHORITIES);
    }

    public AdministratorUser authenticate(String str, String str2) throws AuthenticationException {
        if (str == null || str2 == null) {
            throw new BadCredentialsException(BAD_CREDENTIALS);
        }
        if (!this.adminUserService.hasAdminUser()) {
            LOG.warn("No admin user is defined! Use the default credentials '{}:{}' to authenticate and change the password as soon as possible!", "admin", "password");
            if (str.equals("admin") && str2.equals("password")) {
                return new DefaultAdministratorUser();
            }
        }
        AdministratorUser adminUser = this.adminUserService.getAdminUser(str);
        if (adminUser == null) {
            throw new BadCredentialsException(BAD_CREDENTIALS);
        }
        if (str.equals(adminUser.getUsername()) && getPasswordEncoder().matches(str2, adminUser.getPassword())) {
            return adminUser;
        }
        throw new BadCredentialsException(BAD_CREDENTIALS);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public AdministratorUser createAdmin(String str, String str2) {
        return this.adminUserService.createAdminUser(str, getPasswordEncoder().encode(str2));
    }

    public void deleteAdmin(String str) {
        this.adminUserService.deleteAdminUser(str);
    }

    public void deleteAllAdmins() {
        this.adminUserService.deleteAll();
    }

    public void setAdminUserName(AdministratorUser administratorUser, String str) {
        administratorUser.setUsername(str);
        this.adminUserService.saveAdminUser(administratorUser);
    }

    public void setAdminPassword(AdministratorUser administratorUser, String str) {
        administratorUser.setPassword(getPasswordEncoder().encode(str));
        this.adminUserService.saveAdminUser(administratorUser);
    }

    public AdministratorUser getAdmin(String str) throws ConfigurationError {
        return this.adminUserService.getAdminUser(str);
    }

    public AdministratorUser getAdmin(Principal principal) throws ConfigurationError {
        return this.adminUserService.getAdminUser(principal.getName());
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    private String getClientIP(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        return ((WebAuthenticationDetails) usernamePasswordAuthenticationToken.getDetails()).getRemoteAddress();
    }

    @Inject
    public void setLoginAttemptService(LimitLoginAttemptService limitLoginAttemptService) {
        this.loginAttemptService = limitLoginAttemptService;
    }

    @Inject
    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    @Inject
    public void setAdminUserService(AdminUserService adminUserService) {
        this.adminUserService = adminUserService;
    }
}
