package org.craftercms.studio.impl.v2.security.authentication;

import java.beans.ConstructorProperties;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.craftercms.studio.impl.v2.security.authentication.db.DbAuthenticationProvider;
import org.craftercms.studio.impl.v2.security.authentication.headers.HeadersAuthenticationProvider;
import org.craftercms.studio.impl.v2.security.authentication.ldap.LdapAuthenticationProvider;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/craftercms/studio/impl/v2/security/authentication/ChainAuthenticationProvider.class */
public class ChainAuthenticationProvider implements AuthenticationProvider, ApplicationContextAware, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(ChainAuthenticationProvider.class);
    protected ApplicationContext appContext;
    protected StudioConfiguration studioConfiguration;
    protected List<AuthenticationProvider> providers = new LinkedList();

    @ConstructorProperties({"studioConfiguration"})
    public ChainAuthenticationProvider(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.appContext = applicationContext;
    }

    public void afterPropertiesSet() throws Exception {
        this.studioConfiguration.getSubConfigs(StudioConfiguration.CONFIGURATION_AUTHENTICATION_CHAIN_CONFIG).forEach(hierarchicalConfiguration -> {
            AuthenticationProvider authenticationProvider;
            if (hierarchicalConfiguration.getBoolean("enabled")) {
                String upperCase = hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE).toUpperCase();
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case 2174:
                        if (upperCase.equals(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE_DB)) {
                            z = false;
                            break;
                        }
                        break;
                    case 2331559:
                        if (upperCase.equals(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE_LDAP)) {
                            z = true;
                            break;
                        }
                        break;
                    case 1513290598:
                        if (upperCase.equals(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE_HEADERS)) {
                            z = 2;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        authenticationProvider = (AuthenticationProvider) this.appContext.getBean(DbAuthenticationProvider.class);
                        break;
                    case true:
                        authenticationProvider = initLdapAuthenticationProvider(hierarchicalConfiguration);
                        break;
                    case true:
                        authenticationProvider = initHeadersAuthenticationProvider(hierarchicalConfiguration);
                        break;
                    default:
                        logger.warn("Unsupported authentication provider: {0}", hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE));
                        authenticationProvider = null;
                        break;
                }
                if (authenticationProvider != null) {
                    this.providers.add(authenticationProvider);
                }
            }
        });
    }

    protected AuthenticationProvider initLdapAuthenticationProvider(HierarchicalConfiguration<?> hierarchicalConfiguration) {
        LdapAuthenticationProvider ldapAuthenticationProvider = (LdapAuthenticationProvider) this.appContext.getBean(LdapAuthenticationProvider.class);
        ldapAuthenticationProvider.setLdapUrl(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LDAP_URL));
        ldapAuthenticationProvider.setLdapUsername(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LDAP_USERNAME));
        ldapAuthenticationProvider.setLdapPassword(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LDAP_PASSWORD));
        ldapAuthenticationProvider.setLdapBaseContext(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LDAP_BASE_CONTEXT));
        ldapAuthenticationProvider.setUsernameLdapAttribute(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_USERNAME_LDAP_ATTIBUTE));
        ldapAuthenticationProvider.setFirstNameLdapAttribute(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_FIRST_NAME_LDAP_ATTRIBUTE));
        ldapAuthenticationProvider.setLastNameLdapAttribute(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LAST_NAME_LDAP_ATTRIBUTE));
        ldapAuthenticationProvider.setEmailLdapAttribute(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_EMAIL_LDAP_ATTRIBUTE));
        ldapAuthenticationProvider.setGroupNameLdapAttribute(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_GROUP_NAME_LDAP_ATTRIBUTE));
        ldapAuthenticationProvider.setGroupNameLdapAttributeRegex(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_GROUP_NAME_REGEX_LDAP_ATTRIBUTE));
        ldapAuthenticationProvider.setGroupNameLdapAttributeMatchIndex(Integer.parseInt(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_GROUP_NAME_MATCH_INDEX_LDAP_ATTRIBUTE)));
        return ldapAuthenticationProvider;
    }

    protected AuthenticationProvider initHeadersAuthenticationProvider(HierarchicalConfiguration<?> hierarchicalConfiguration) {
        HeadersAuthenticationProvider headersAuthenticationProvider = (HeadersAuthenticationProvider) this.appContext.getBean(HeadersAuthenticationProvider.class);
        headersAuthenticationProvider.setSecureKeyHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_SECURE_KEY_HEADER));
        headersAuthenticationProvider.setSecureKeyHeaderValue(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_SECURE_KEY_HEADER_VALUE));
        headersAuthenticationProvider.setUsernameHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_USERNAME_HEADER));
        headersAuthenticationProvider.setFirstNameHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_FIRST_NAME_HEADER));
        headersAuthenticationProvider.setLastNameHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_LAST_NAME_HEADER));
        headersAuthenticationProvider.setEmailHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_EMAIL_HEADER));
        headersAuthenticationProvider.setGroupsHeader(hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_GROUPS_HEADER));
        return headersAuthenticationProvider;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.debug("Starting authentication chain for username {0}", authentication.getName());
        Throwable th = null;
        for (AuthenticationProvider authenticationProvider : this.providers) {
            logger.debug("Checking compatibility for username {0} with provider {1}", authentication.getName(), authenticationProvider);
            if (authenticationProvider.supports(authentication.getClass())) {
                try {
                    logger.debug("Attempting authentication for username {0} with provider {1}", authentication.getName(), authenticationProvider);
                    Authentication authenticate = authenticationProvider.authenticate(authentication);
                    if (authenticate != null) {
                        return authenticate;
                    }
                } catch (AuthenticationException e) {
                    logger.debug("Authentication for username {0} failed with provider {1}", e, authentication.getName(), authenticationProvider);
                    th = e;
                } catch (Exception e2) {
                    logger.debug("Authentication for username {0} failed with provider {1}", e2, authentication.getName(), authenticationProvider);
                } catch (AccountStatusException | InternalAuthenticationServiceException e3) {
                    throw e3;
                }
            }
        }
        if (th != null) {
            throw th;
        }
        return null;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
