package org.geoserver.security.auth;

import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.security.GeoServerAuthenticationProvider;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationProviderConfig;
import org.geoserver.security.filter.GeoServerWebAuthenticationDetails;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.password.GeoServerMultiplexingPasswordEncoder;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.18.7-georchestra.jar:org/geoserver/security/auth/UsernamePasswordAuthenticationProvider.class */
public class UsernamePasswordAuthenticationProvider extends GeoServerAuthenticationProvider {
    DaoAuthenticationProvider authProvider;
    String userGroupServiceName;

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        UsernamePasswordAuthenticationProviderConfig usernamePasswordAuthenticationProviderConfig = (UsernamePasswordAuthenticationProviderConfig) securityNamedServiceConfig;
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(usernamePasswordAuthenticationProviderConfig.getUserGroupServiceName());
        if (loadUserGroupService == null) {
            throw new IllegalArgumentException("Unable to load user group service " + usernamePasswordAuthenticationProviderConfig.getUserGroupServiceName());
        }
        this.userGroupServiceName = usernamePasswordAuthenticationProviderConfig.getUserGroupServiceName();
        this.authProvider = new DaoAuthenticationProvider();
        this.authProvider.setUserDetailsService(loadUserGroupService);
        this.authProvider.setPasswordEncoder(new GeoServerMultiplexingPasswordEncoder(getSecurityManager(), loadUserGroupService));
        try {
            this.authProvider.afterPropertiesSet();
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Override // org.geoserver.security.GeoServerAuthenticationProvider
    public boolean supports(Class<? extends Object> cls, HttpServletRequest httpServletRequest) {
        return this.authProvider.supports(cls);
    }

    @Override // org.geoserver.security.GeoServerAuthenticationProvider
    public Authentication authenticate(Authentication authentication, HttpServletRequest httpServletRequest) throws AuthenticationException {
        try {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) this.authProvider.authenticate(authentication);
            if (usernamePasswordAuthenticationToken == null) {
                return null;
            }
            if (usernamePasswordAuthenticationToken.getDetails() instanceof GeoServerWebAuthenticationDetails) {
                ((GeoServerWebAuthenticationDetails) usernamePasswordAuthenticationToken.getDetails()).setUserGroupServiceName(this.userGroupServiceName);
            }
            if (usernamePasswordAuthenticationToken.getAuthorities().contains(GeoServerRole.AUTHENTICATED_ROLE)) {
                return usernamePasswordAuthenticationToken;
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(usernamePasswordAuthenticationToken.getAuthorities());
            arrayList.add(GeoServerRole.AUTHENTICATED_ROLE);
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(usernamePasswordAuthenticationToken.getPrincipal(), usernamePasswordAuthenticationToken.getCredentials(), arrayList);
            usernamePasswordAuthenticationToken2.setDetails(usernamePasswordAuthenticationToken.getDetails());
            return usernamePasswordAuthenticationToken2;
        } catch (AuthenticationException e) {
            log(e);
            return null;
        }
    }
}
