package com.appiancorp.security.auth.ldap;

import com.appiancorp.common.monitoring.AggregatedDataCollectorProvider;
import com.appiancorp.common.monitoring.AggregatedDataCollectorType;
import com.appiancorp.common.monitoring.ldap.LdapLoggingData;
import com.appiancorp.security.auth.AutoSyncUserData;
import com.appiancorp.security.auth.ExternalAuthUserSyncer;
import com.appiancorp.security.auth.GroupServiceHelper;
import com.appiancorp.suite.cfg.LdapConfiguration;
import com.appiancorp.suiteapi.common.exceptions.InvalidLoginException;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Stopwatch;
import com.google.common.base.Strings;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.ldap.authentication.BindAuthenticator;

/* loaded from: input_file:com/appiancorp/security/auth/ldap/LdapAuthenticator.class */
public class LdapAuthenticator {
    private static final String AUTHENTICATE_OP = "authenticate";
    private final BindAuthenticator authenticator;
    private final UserProfileService adminUserProfileService;
    private final ExternalAuthUserSyncer appianUserSyncer;
    private final LdapConfiguration ldapConfig;
    private final LdapMetricsCollector metricsCollector;

    LdapAuthenticator(BindAuthenticator bindAuthenticator, UserProfileService userProfileService, ExternalAuthUserSyncer externalAuthUserSyncer, LdapConfiguration ldapConfiguration, LdapMetricsCollector ldapMetricsCollector) {
        this.authenticator = (BindAuthenticator) Objects.requireNonNull(bindAuthenticator);
        this.adminUserProfileService = (UserProfileService) Objects.requireNonNull(userProfileService);
        this.appianUserSyncer = externalAuthUserSyncer;
        this.ldapConfig = ldapConfiguration;
        this.metricsCollector = ldapMetricsCollector;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapAuthenticator(BindAuthenticator bindAuthenticator, UserProfileService userProfileService, ExternalAuthUserSyncer externalAuthUserSyncer, LdapConfiguration ldapConfiguration) {
        this(bindAuthenticator, userProfileService, externalAuthUserSyncer, ldapConfiguration, new LdapMetricsCollector());
    }

    public UserProfile authenticateUser(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws InvalidLoginException, AutoSyncUserData.UserDataMissingException {
        String name = usernamePasswordAuthenticationToken.getName();
        if (Strings.isNullOrEmpty(name)) {
            throw new InvalidLoginException("No username provided.");
        }
        Optional<UserProfile> appianUserProfile = getAppianUserProfile(name, Boolean.valueOf(this.ldapConfig.isLowercaseUsername()));
        Stopwatch createStarted = Stopwatch.createStarted();
        Optional empty = Optional.empty();
        try {
            empty = Optional.ofNullable(this.authenticator.authenticate(usernamePasswordAuthenticationToken));
            createStarted.stop();
            boolean isPresent = empty.isPresent();
            this.metricsCollector.observeLdapAuthDuration(isPresent, createStarted.elapsed(TimeUnit.MILLISECONDS) / 1000.0d);
            logLdapAuthenticationData(AUTHENTICATE_OP, name, createStarted, isPresent);
            if (!isPresent) {
                throw new InvalidLoginException("Ldap authentication failed.");
            }
            LdapAutoSyncUserData ldapAutoSyncUserData = this.ldapConfig.isAutoCreateUsersEnabled() ? new LdapAutoSyncUserData((DirContextOperations) empty.get(), this.ldapConfig) : null;
            return appianUserProfile.orElseGet(() -> {
                return this.appianUserSyncer.createAppianUser(ldapAutoSyncUserData, this.ldapConfig.getGroupUuid(), null, null);
            });
        } catch (Throwable th) {
            createStarted.stop();
            boolean isPresent2 = empty.isPresent();
            this.metricsCollector.observeLdapAuthDuration(isPresent2, createStarted.elapsed(TimeUnit.MILLISECONDS) / 1000.0d);
            logLdapAuthenticationData(AUTHENTICATE_OP, name, createStarted, isPresent2);
            throw th;
        }
    }

    @VisibleForTesting
    Optional<UserProfile> getAppianUserProfile(String str, Boolean bool) throws InvalidLoginException {
        InvalidLoginException invalidLoginException = null;
        Iterator<String> it = GroupServiceHelper.getUsernamesToCheck(str, bool).iterator();
        while (it.hasNext()) {
            try {
                return Optional.of(getActiveUserProfile(it.next()));
            } catch (InvalidUserException e) {
                if (invalidLoginException == null) {
                    invalidLoginException = new InvalidLoginException(e);
                }
            }
        }
        if (this.ldapConfig.isAutoCreateUsersEnabled()) {
            return Optional.empty();
        }
        throw invalidLoginException;
    }

    private UserProfile getActiveUserProfile(String str) throws InvalidLoginException {
        UserProfile user = this.adminUserProfileService.getUser(str);
        if (user.getStatus() == 0) {
            throw new InvalidLoginException("User " + str + " deactivated.");
        }
        return user;
    }

    private void logLdapAuthenticationData(String str, String str2, Stopwatch stopwatch, boolean z) {
        AggregatedDataCollectorProvider.getAggregatedDataCollector(AggregatedDataCollectorType.LDAP).recordData(LdapLoggingData.builder().operation(str).username(str2).executionTimeInMs(stopwatch.elapsed(TimeUnit.MILLISECONDS)).authSuccessful(z).build());
    }
}
