package org.alfresco.an2.server.security;

import java.util.ArrayList;
import java.util.Iterator;
import org.alfresco.an2.api.security.UserService;
import org.alfresco.an2.api.tenant.NoSuchTenantException;
import org.alfresco.an2.api.tenant.TenantService;
import org.alfresco.an2.spi.security.UserServiceSPI;
import org.alfresco.an2.util.security.AuthenticationUtil;
import org.alfresco.an2.util.security.SecurityUtil;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/alfresco/an2/server/security/UserServiceAuthenticationProvider.class */
public class UserServiceAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private static final Log logger = LogFactory.getLog(UserServiceAuthenticationProvider.class);
    private final TenantService tenantService;
    private final UserService userService;
    private final UserServiceSPI userServiceSPI;

    public UserServiceAuthenticationProvider(TenantService tenantService, UserService userService, UserServiceSPI userServiceSPI) {
        this.tenantService = tenantService;
        this.userService = userService;
        this.userServiceSPI = userServiceSPI;
    }

    public void afterPropertiesSet() throws Exception {
        PropertyCheck.mandatory(this, "tenantService", this.tenantService);
        PropertyCheck.mandatory(this, "userService", this.userService);
        PropertyCheck.mandatory(this, "userServiceSPI", this.userServiceSPI);
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.equals(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
            return null;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
        if (usernamePasswordAuthenticationToken.getPrincipal() == null || usernamePasswordAuthenticationToken.getCredentials() == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Username or password not supplied.");
            }
            throw new BadCredentialsException("Username or password not supplied.");
        }
        String obj = usernamePasswordAuthenticationToken.getPrincipal().toString();
        String obj2 = usernamePasswordAuthenticationToken.getCredentials().toString();
        String[] tenantAndUser = SecurityUtil.getTenantAndUser(obj);
        final String str = tenantAndUser[0];
        String str2 = tenantAndUser[1];
        ServiceCallContextHolder.push(ServiceCallContext.getSystemContext());
        try {
            String str3 = (String) AuthenticationUtil.runAsSystemAdmin(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.an2.server.security.UserServiceAuthenticationProvider.1
                /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
                public String m11doWork() {
                    try {
                        return UserServiceAuthenticationProvider.this.tenantService.getTenantSchema(str);
                    } catch (NoSuchTenantException e) {
                        return null;
                    }
                }
            });
            if (str3 == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Schema not found for tenant: " + obj + " (split to " + str + " and " + str2 + ").");
                }
                throw new BadCredentialsException("Bad credentials");
            }
            ServiceCallContextHolder.pop();
            UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = this.userServiceSPI.getUserAuthenticationDetails(new ServiceCallContext(str3, str, null), str2);
            if (userAuthenticationDetails == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("User not found: " + obj + " (split to " + str + " and " + str2 + ").");
                }
                throw new BadCredentialsException("Bad credentials");
            }
            if (!this.userService.getPasswordEncoder().matches(obj2, userAuthenticationDetails.getPasswordHash())) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Invalid credentials supplied for " + obj);
                }
                throw new BadCredentialsException("Bad credentials");
            }
            ArrayList arrayList = new ArrayList(5);
            Iterator<String> it = userAuthenticationDetails.getRoles().iterator();
            while (it.hasNext()) {
                arrayList.add(new SimpleGrantedAuthority(it.next()));
            }
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(userAuthenticationDetails.getId(), authentication.getCredentials(), arrayList);
            ServiceCallContext serviceCallContext = new ServiceCallContext(str3, str, userAuthenticationDetails);
            ServiceCallContextHolder.clear();
            ServiceCallContextHolder.push(serviceCallContext);
            if (logger.isDebugEnabled()) {
                logger.debug("Successfully authenticated '" + obj + "' with roles " + userAuthenticationDetails.getRoles());
            }
            return usernamePasswordAuthenticationToken2;
        } catch (Throwable th) {
            ServiceCallContextHolder.pop();
            throw th;
        }
    }
}
