package org.mule.galaxy.security.ldap;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mule.galaxy.NotFoundException;
import org.mule.galaxy.impl.jcr.UserDetailsWrapper;
import org.mule.galaxy.security.AccessControlManager;
import org.mule.galaxy.security.User;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticator;

/* loaded from: input_file:org/mule/galaxy/security/ldap/GalaxyAuthenticationProvider.class */
public class GalaxyAuthenticationProvider extends LdapAuthenticationProvider {
    private final Log log;
    private AccessControlManager accessControlManager;
    private ContextMapper userMapper;
    private List<String> requiredAuthorities;

    public GalaxyAuthenticationProvider(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        super(ldapAuthenticator, ldapAuthoritiesPopulator);
        this.log = LogFactory.getLog(getClass());
    }

    public void setAccessControlManager(AccessControlManager accessControlManager) {
        this.accessControlManager = accessControlManager;
    }

    public void setUserMapper(ContextMapper contextMapper) {
        this.userMapper = contextMapper;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (this.requiredAuthorities == null || this.requiredAuthorities.isEmpty()) {
            return;
        }
        Collection<GrantedAuthority> authorities = userDetails.getAuthorities();
        boolean z = false;
        if (authorities != null) {
            for (GrantedAuthority grantedAuthority : authorities) {
                Iterator<String> it = this.requiredAuthorities.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (grantedAuthority.getAuthority().equals(it.next())) {
                            z = true;
                            break;
                        }
                    }
                }
            }
        }
        if (!z) {
            throw new AuthenticationCredentialsNotFoundException("User does not have sufficient authority.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mule.galaxy.security.ldap.LdapAuthenticationProvider
    public Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, UserDetails userDetails, DirContextOperations dirContextOperations) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = (UsernamePasswordAuthenticationToken) super.createSuccessfulAuthentication(usernamePasswordAuthenticationToken, userDetails, dirContextOperations);
        User user = (User) this.userMapper.mapFromContext(dirContextOperations);
        UserDetailsWrapper userDetailsWrapper = new UserDetailsWrapper(user, (Set) null, usernamePasswordAuthenticationToken2.getCredentials().toString());
        userDetailsWrapper.setAuthorities((GrantedAuthority[]) usernamePasswordAuthenticationToken2.getAuthorities().toArray(new GrantedAuthority[usernamePasswordAuthenticationToken2.getAuthorities().size()]));
        HashSet hashSet = new HashSet();
        for (GrantedAuthority grantedAuthority : usernamePasswordAuthenticationToken2.getAuthorities()) {
            try {
                hashSet.add(this.accessControlManager.getGroupByName(grantedAuthority.toString()));
            } catch (NotFoundException e) {
                this.log.warn("Galaxy group not found " + grantedAuthority.toString());
            }
        }
        userDetailsWrapper.getUser().setGroups(hashSet);
        userDetailsWrapper.setPermissions(this.accessControlManager.getGrantedPermissions(user));
        additionalAuthenticationChecks(userDetailsWrapper, usernamePasswordAuthenticationToken2);
        return new AuthenticationWrapper(usernamePasswordAuthenticationToken2, userDetailsWrapper);
    }

    public void setRequiredAuthorities(List<String> list) {
        this.requiredAuthorities = list;
    }
}
