package org.mule.galaxy.security.ldap;

import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/mule/galaxy/security/ldap/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
    private static final Log logger = LogFactory.getLog(LdapAuthenticationProvider.class);
    private LdapAuthenticator authenticator;
    private org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator authoritiesPopulator;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private UserDetailsContextMapper userDetailsContextMapper = new LdapUserDetailsMapper();
    private boolean useAuthenticationRequestCredentials = true;
    private boolean hideUserNotFoundExceptions = true;
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();

    public LdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        setAuthenticator(ldapAuthenticator);
        setAuthoritiesPopulator(ldapAuthoritiesPopulator);
    }

    public LdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator) {
        setAuthenticator(ldapAuthenticator);
        setAuthoritiesPopulator(new NullLdapAuthoritiesPopulator());
    }

    private void setAuthenticator(LdapAuthenticator ldapAuthenticator) {
        Assert.notNull(ldapAuthenticator, "An LdapAuthenticator must be supplied");
        this.authenticator = ldapAuthenticator;
    }

    private LdapAuthenticator getAuthenticator() {
        return this.authenticator;
    }

    private void setAuthoritiesPopulator(org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        Assert.notNull(ldapAuthoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
        this.authoritiesPopulator = ldapAuthoritiesPopulator;
    }

    protected org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator getAuthoritiesPopulator() {
        return this.authoritiesPopulator;
    }

    public void setUserDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) {
        Assert.notNull(userDetailsContextMapper, "UserDetailsContextMapper must not be null");
        this.userDetailsContextMapper = userDetailsContextMapper;
    }

    protected UserDetailsContextMapper getUserDetailsContextMapper() {
        return this.userDetailsContextMapper;
    }

    public void setHideUserNotFoundExceptions(boolean z) {
        this.hideUserNotFoundExceptions = z;
    }

    public void setUseAuthenticationRequestCredentials(boolean z) {
        this.useAuthenticationRequestCredentials = z;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported"));
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
        String name = usernamePasswordAuthenticationToken.getName();
        String str = (String) authentication.getCredentials();
        if (logger.isDebugEnabled()) {
            logger.debug("Processing authentication request for user: " + name);
        }
        if (!StringUtils.hasLength(name)) {
            throw new BadCredentialsException(this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
        }
        Assert.notNull(str, "Null password was supplied in authentication token");
        try {
            DirContextOperations authenticate = getAuthenticator().authenticate(authentication);
            return createSuccessfulAuthentication(usernamePasswordAuthenticationToken, this.userDetailsContextMapper.mapUserFromContext(authenticate, name, loadUserAuthorities(authenticate, name, str)), authenticate);
        } catch (PasswordPolicyException e) {
            throw new LockedException(this.messages.getMessage(e.getStatus().getErrorCode(), e.getStatus().getDefaultMessage()));
        } catch (NamingException e2) {
            throw new AuthenticationServiceException(e2.getMessage(), e2);
        } catch (UsernameNotFoundException e3) {
            if (this.hideUserNotFoundExceptions) {
                throw new BadCredentialsException(this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            throw e3;
        }
    }

    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations dirContextOperations, String str, String str2) {
        return getAuthoritiesPopulator().getGrantedAuthorities(dirContextOperations, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, UserDetails userDetails, DirContextOperations dirContextOperations) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(userDetails, this.useAuthenticationRequestCredentials ? usernamePasswordAuthenticationToken.getCredentials() : userDetails.getPassword(), this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
        usernamePasswordAuthenticationToken2.setDetails(usernamePasswordAuthenticationToken.getDetails());
        return usernamePasswordAuthenticationToken2;
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
