package com.erudika.para.security.filters;

import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.security.AuthenticatedUserDetails;
import com.erudika.para.security.LDAPAuthentication;
import com.erudika.para.security.SecurityUtils;
import com.erudika.para.security.UserAuthentication;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.ldap.userdetails.InetOrgPerson;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/security/filters/LdapAuthFilter.class */
public class LdapAuthFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthFilter.class);
    private static final String PASSWORD = Config.getConfigParam("security.ldap.password_param", "password");
    private static final String USERNAME = Config.getConfigParam("security.ldap.username_param", "username");
    public static final String LDAP_ACTION = "ldap_auth";

    public LdapAuthFilter(String str) {
        super(str);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        UserAuthentication userAuthentication = null;
        String parameter = httpServletRequest.getParameter(USERNAME);
        String parameter2 = httpServletRequest.getParameter(PASSWORD);
        String parameter3 = httpServletRequest.getParameter("appid");
        if (requestURI.endsWith(LDAP_ACTION) && !StringUtils.isBlank(parameter) && !StringUtils.isBlank(parameter2)) {
            try {
                App app = (App) Para.getDAO().read(App.id(parameter3 == null ? Config.getRootAppIdentifier() : parameter3));
                LDAPAuthentication withApp = new LDAPAuthentication(parameter, parameter2).withApp(app);
                SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"})));
                Authentication authenticate = getAuthenticationManager().authenticate(withApp);
                if (authenticate != null) {
                    userAuthentication = getOrCreateUser(app, authenticate);
                }
            } catch (Exception e) {
                LOG.info("Failed to authenticate '{}' with LDAP server: {}", parameter, e.getMessage());
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    private UserAuthentication getOrCreateUser(App app, Authentication authentication) {
        if (authentication == null) {
            return null;
        }
        UserAuthentication userAuthentication = null;
        User user = new User();
        InetOrgPerson inetOrgPerson = (InetOrgPerson) authentication.getPrincipal();
        if (inetOrgPerson != null && inetOrgPerson.isEnabled() && inetOrgPerson.isAccountNonLocked() && inetOrgPerson.isAccountNonExpired()) {
            String username = inetOrgPerson.getUsername();
            String mail = inetOrgPerson.getMail();
            String join = StringUtils.join(inetOrgPerson.getCn(), ", ");
            if (StringUtils.isBlank(mail)) {
                LOG.warn("Failed to create LDAP user '{}' with blank email.", username);
                return null;
            }
            user.setAppid(getAppid(app));
            user.setIdentifier(Config.LDAP_PREFIX.concat(username));
            user.setEmail(mail);
            User readUserForIdentifier = User.readUserForIdentifier(user);
            if (readUserForIdentifier == null) {
                readUserForIdentifier = new User();
                readUserForIdentifier.setActive(true);
                readUserForIdentifier.setAppid(getAppid(app));
                readUserForIdentifier.setEmail(StringUtils.isBlank(mail) ? username + "@ldap.com" : mail);
                readUserForIdentifier.setName(StringUtils.isBlank(join) ? "No Name" : join);
                readUserForIdentifier.setPassword(Utils.generateSecurityToken());
                readUserForIdentifier.setIdentifier(Config.LDAP_PREFIX.concat(username));
                if (readUserForIdentifier.create() == null) {
                    throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                }
            } else {
                boolean z = false;
                if (!StringUtils.isBlank(mail) && !StringUtils.equals(readUserForIdentifier.getEmail(), mail)) {
                    readUserForIdentifier.setEmail(mail);
                    z = true;
                }
                if (z) {
                    readUserForIdentifier.update();
                }
            }
            userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(readUserForIdentifier));
        }
        return userAuthentication;
    }

    public UserAuthentication getOrCreateUser(App app, String str) throws IOException {
        UserAuthentication userAuthentication = null;
        if (str != null && str.contains(Config.SEPARATOR)) {
            String[] split = str.split(Config.SEPARATOR, 2);
            String str2 = split[0];
            try {
                LDAPAuthentication withApp = new LDAPAuthentication(str2, split[1]).withApp(app);
                SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"})));
                Authentication authenticate = getAuthenticationManager().authenticate(withApp);
                if (authenticate != null) {
                    userAuthentication = getOrCreateUser(app, authenticate);
                }
            } catch (Exception e) {
                LOG.info("Failed to authenticate '{}' with LDAP server: {}", str2, e.getMessage());
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), false);
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }
}
