package io.gravitee.am.management.handlers.management.api.authentication.provider.security;

import io.gravitee.am.common.exception.authentication.UsernameNotFoundException;
import io.gravitee.am.identityprovider.api.SimpleAuthenticationContext;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.handlers.management.api.authentication.manager.idp.IdentityProviderManager;
import io.gravitee.am.management.handlers.management.api.authentication.web.WebAuthenticationDetails;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.Organization;
import io.gravitee.am.service.OrganizationService;
import io.gravitee.am.service.authentication.crypto.password.bcrypt.BCryptPasswordEncoder;
import io.reactivex.rxjava3.core.Single;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/provider/security/ManagementAuthenticationProvider.class */
public class ManagementAuthenticationProvider implements AuthenticationProvider {
    private static final String SOURCE = "source";

    @Autowired
    private OrganizationService organizationService;
    private IdentityProviderManager identityProviderManager;
    private final Logger logger = LoggerFactory.getLogger(ManagementAuthenticationProvider.class);

    @Value("${http.blockingGet.timeoutMillis:120000}")
    private long blockingGetTimeoutMillis = 120000;
    private BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        WebAuthenticationDetails webAuthenticationDetails = (WebAuthenticationDetails) authentication.getDetails();
        HashMap hashMap = new HashMap();
        if (webAuthenticationDetails != null) {
            hashMap.put("ip_address", webAuthenticationDetails.getRemoteAddress());
            hashMap.put("user_agent", webAuthenticationDetails.getUserAgent());
            hashMap.put("org", webAuthenticationDetails.getOrganizationId());
        }
        hashMap.putIfAbsent("org", "DEFAULT");
        try {
            Single findById = this.organizationService.findById((String) hashMap.get("org"));
            if (this.blockingGetTimeoutMillis > 0) {
                findById = findById.timeout(this.blockingGetTimeoutMillis, TimeUnit.MILLISECONDS);
            }
            Organization organization = (Organization) findById.blockingGet();
            if (organization == null) {
                throw new InternalAuthenticationServiceException("No organization found when trying to authenticate the end-user");
            }
            ArrayList arrayList = organization.getIdentities() == null ? new ArrayList() : new ArrayList(organization.getIdentities());
            arrayList.addAll(this.identityProviderManager.getTransientProviders());
            Iterator it = arrayList.iterator();
            User user = null;
            BadCredentialsException badCredentialsException = null;
            SimpleAuthenticationContext simpleAuthenticationContext = new SimpleAuthenticationContext();
            Objects.requireNonNull(simpleAuthenticationContext);
            hashMap.forEach((v1, v2) -> {
                r1.setAttribute(v1, v2);
            });
            EndUserAuthentication endUserAuthentication = new EndUserAuthentication(authentication.getName(), authentication.getCredentials(), simpleAuthenticationContext);
            int i = 0;
            int i2 = 0;
            while (it.hasNext() && user == null) {
                String str = (String) it.next();
                IdentityProvider identityProvider = this.identityProviderManager.getIdentityProvider(str);
                if (identityProvider != null && !identityProvider.isExternal()) {
                    io.gravitee.am.identityprovider.api.AuthenticationProvider authenticationProvider = this.identityProviderManager.get(str);
                    if (authenticationProvider == null) {
                        badCredentialsException = new BadCredentialsException("Unable to load authentication provider " + str + ", an error occurred during the initialization stage");
                    } else {
                        try {
                            user = (User) authenticationProvider.loadUserByUsername(endUserAuthentication).blockingGet();
                            hashMap.put("source", str);
                            badCredentialsException = null;
                        } catch (Exception e) {
                            i2++;
                            if (e instanceof UsernameNotFoundException) {
                                i++;
                            }
                            this.logger.info("Unable to authenticate user {} with provider {}", new Object[]{authentication.getName(), str, e});
                            badCredentialsException = new BadCredentialsException(e.getMessage(), e);
                        }
                    }
                }
            }
            if (badCredentialsException != null) {
                if (i2 == i) {
                    doFakePasswordEncoding(authentication.getCredentials().toString());
                }
                throw badCredentialsException;
            }
            if (user != null) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, endUserAuthentication.getCredentials(), AuthorityUtils.NO_AUTHORITIES);
                usernamePasswordAuthenticationToken.setDetails(hashMap);
                return usernamePasswordAuthenticationToken;
            }
            if (i2 == i) {
                doFakePasswordEncoding(authentication.getCredentials().toString());
            }
            throw new BadCredentialsException("No user found for providers " + StringUtils.collectionToDelimitedString(arrayList, ","));
        } catch (Exception e2) {
            throw new InternalAuthenticationServiceException("Unable to find organization when trying to authenticate the end-user");
        }
    }

    private void doFakePasswordEncoding(String str) {
        this.bCryptPasswordEncoder.matches(str, "$2a$10$hdjt9YGrSudbIljTqAtcW.KOxNJscq00Nxv088wPy6GDKXCJe0aCm");
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }

    public void setIdentityProviderManager(IdentityProviderManager identityProviderManager) {
        this.identityProviderManager = identityProviderManager;
    }
}
