package com.appiancorp.security.auth.piee;

import com.appiancorp.security.auth.ConditionalAuthenticatorWrapper;
import com.appiancorp.security.auth.piee.persistence.PieeSettings;
import com.appiancorp.security.auth.piee.persistence.PieeSettingsDaoService;
import com.appiancorp.suite.cfg.PieeConfiguration;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.appiancorp.suiteapi.security.auth.AppianUserDetailsService;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/appiancorp/security/auth/piee/PieeAuthenticatorWrapper.class */
public class PieeAuthenticatorWrapper extends ConditionalAuthenticatorWrapper {
    private static final int AUTH_PRIORITY = 400;
    private static final String PIEE_FRIENDLY_NAME = "piee";
    private static Logger LOG = LoggerFactory.getLogger(PieeAuthenticatorWrapper.class);
    private final PieeAuthenticator pieeAuthenticator;
    private final PieeConfiguration pieeConfiguration;
    private final PieeSettingsSelector pieeSettingsSelector;
    private final PieeSettingsDaoService pieeSettingsDaoService;

    public PieeAuthenticatorWrapper(AppianUserDetailsService appianUserDetailsService, PieeConfiguration pieeConfiguration, PieeAuthenticator pieeAuthenticator, PieeSettingsSelector pieeSettingsSelector, PieeSettingsDaoService pieeSettingsDaoService) {
        super(appianUserDetailsService);
        this.pieeAuthenticator = pieeAuthenticator;
        this.pieeConfiguration = pieeConfiguration;
        this.pieeSettingsDaoService = pieeSettingsDaoService;
        this.pieeSettingsSelector = pieeSettingsSelector;
    }

    @Override // com.appiancorp.security.auth.ConditionalAuthenticatorWrapper
    protected boolean shouldUseAuthenticator(Authentication authentication) {
        if (!this.pieeConfiguration.isEnabled()) {
            return false;
        }
        String name = authentication.getName();
        Class<?> cls = authentication.getClass();
        boolean supports = supports(cls);
        try {
            Optional<PieeSettings> pieeSettings = getPieeSettings(name);
            if (!supports && pieeSettings.isPresent()) {
                throw new BadCredentialsException(String.format("Failed to authenticate using %s. Expected PieeAuthToken.", cls.getSimpleName()));
            }
            if (!supports || pieeSettings.isPresent()) {
                return supports;
            }
            throw new BadCredentialsException("Missing Piee settings for " + cls.getSimpleName());
        } catch (Exception e) {
            LOG.error("Unexpected exception processing authentication request for user {}.", name, e);
            throw new InternalAuthenticationServiceException("Failed to process authentication request", e);
        } catch (AuthenticationException e2) {
            LOG.error("Received AuthenticationException for user {}.", name, e2);
            throw e2;
        } catch (InvalidUserException e3) {
            LOG.error("Received InvalidUserException for user {}.", name, e3);
            return shouldAutoCreateUser(supports);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.appiancorp.security.auth.ConditionalAuthenticatorWrapper
    public boolean supports(Class<?> cls) {
        return PieeAuthToken.class.isAssignableFrom(cls) && this.pieeConfiguration.isEnabled();
    }

    @Override // com.appiancorp.security.auth.ConditionalAuthenticatorWrapper
    protected UserProfile authenticate(Authentication authentication) throws Exception {
        return this.pieeAuthenticator.authenticateUser((PieeAuthToken) authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.appiancorp.security.auth.ConditionalAuthenticatorWrapper
    public void postAuthenticate(AppianUserDetails appianUserDetails, Authentication authentication) {
        super.postAuthenticate(appianUserDetails, authentication);
        appianUserDetails.setAppianLoginContext(new PieeAppianLoginContext());
    }

    @Override // com.appiancorp.security.auth.ConditionalAuthenticatorWrapper
    public int getPriority() {
        return 400;
    }

    private boolean shouldAutoCreateUser(boolean z) {
        if (!z) {
            return false;
        }
        Optional<PieeSettings> pieeSettingsByFriendlyName = this.pieeSettingsDaoService.getPieeSettingsByFriendlyName(PIEE_FRIENDLY_NAME);
        if (pieeSettingsByFriendlyName.isPresent()) {
            return pieeSettingsByFriendlyName.get().isAutoCreateUsers();
        }
        LOG.error("No PIEE settings found while checking for auto user creation.");
        throw new PieeAuthenticationException("No PIEE settings found while checking for auto user creation.");
    }

    private Optional<PieeSettings> getPieeSettings(String str) throws InvalidUserException {
        return this.pieeSettingsSelector.selectSettingsForUser(this.pieeSettingsDaoService.getAllPieeSettings(), str);
    }
}
