package org.artifactory.security;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.text.ParseException;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.artifactory.addon.oauth.OAuthHandler;
import org.artifactory.api.context.ContextHelper;
import org.artifactory.api.security.UserGroupService;
import org.artifactory.api.security.access.UserTokenSpec;
import org.artifactory.common.ConstantValues;
import org.artifactory.security.access.AccessService;
import org.artifactory.security.props.auth.OauthManager;
import org.artifactory.security.props.auth.model.AuthenticationModel;
import org.artifactory.security.props.auth.model.OauthModel;
import org.artifactory.security.props.auth.model.TokenKeyValue;
import org.artifactory.util.CollectionUtils;
import org.artifactory.util.date.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/artifactory/security/LoginHandlerImpl.class */
public class LoginHandlerImpl implements LoginHandler {
    private static final Logger log;

    @Autowired
    private OauthManager oauthManager;

    @Autowired
    private UserGroupService userGroupService;

    @Autowired
    private AccessService accessService;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.artifactory.security.LoginHandler
    public OauthModel doBasicAuthWithDb(String[] strArr, AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) throws IOException, ParseException {
        if (!$assertionsDisabled && strArr.length != 2) {
            throw new AssertionError();
        }
        AuthenticationManager authenticationManager = (AuthenticationManager) ContextHelper.get().beanForType(AuthenticationManager.class);
        String str = strArr[0];
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, strArr[1]);
        usernamePasswordAuthenticationToken.setDetails(authenticationDetailsSource);
        Authentication authenticate = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        TokenKeyValue token = this.oauthManager.getToken(str);
        if (token == null) {
            token = this.oauthManager.createToken(str);
        }
        boolean z = false;
        if (token == null) {
            log.debug("could not create and persist token for authenticated user {}, storing generated token in shared cache.", str);
            token = generateToken(((UserDetails) authenticate.getPrincipal()).getUsername());
            if (token == null) {
                throw new RuntimeException("failed to generate token for authenticated user: " + str);
            }
            z = true;
        }
        AuthenticationModel authenticationModel = new AuthenticationModel(token.getToken(), DateUtils.formatBuildDate(System.currentTimeMillis()));
        if (z) {
            authenticationModel.setExpiresIn(Integer.valueOf(ConstantValues.genericTokensCacheIdleTimeSecs.getInt()));
        }
        return authenticationModel;
    }

    public TokenKeyValue generateToken(String str) {
        TokenKeyValue tokenKeyValue = null;
        try {
            tokenKeyValue = new TokenKeyValue("accesstoken", this.accessService.createToken((UserTokenSpec) UserTokenSpec.create(str).expiresIn(Long.valueOf(ConstantValues.genericTokensCacheIdleTimeSecs.getLong())).refreshable(false).scope(Lists.newArrayList(new String[]{getScope(this.userGroupService.currentUser())}))).getTokenValue());
        } catch (Exception e) {
            log.debug("Failed generating token for user '{}' with key '{}'. {}", new Object[]{str, "accesstoken", e.getMessage()});
            log.trace("Failed generating token.", e);
        }
        return tokenKeyValue;
    }

    private String getScope(UserInfo userInfo) {
        StringBuilder sb = new StringBuilder("member-of-groups:");
        Set groups = userInfo.getGroups();
        if (CollectionUtils.isNullOrEmpty(groups)) {
            sb.append("*");
        } else {
            Iterator it = groups.iterator();
            boolean hasNext = it.hasNext();
            while (hasNext) {
                sb.append(it.next());
                boolean hasNext2 = it.hasNext();
                hasNext = hasNext2;
                if (hasNext2) {
                    sb.append(",");
                }
            }
        }
        return sb.toString();
    }

    @Override // org.artifactory.security.LoginHandler
    public OauthModel doBasicAuthWithProvider(String str, String str2) {
        return ((OAuthHandler) ContextHelper.get().beanForType(OAuthHandler.class)).getCreateToken(ContextHelper.get().getCentralConfig().getDescriptor().getSecurity().getOauthSettings().getDefaultNpm(), str2, str);
    }

    @Override // org.artifactory.security.LoginHandler
    public String[] extractAndDecodeHeader(String str) throws IOException {
        try {
            String str2 = new String(Base64.decode(str.substring(6).getBytes("UTF-8")), "UTF-8");
            int indexOf = str2.indexOf(":");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid basic authentication token");
            }
            return new String[]{str2.substring(0, indexOf), str2.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }

    static {
        $assertionsDisabled = !LoginHandlerImpl.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(LoginHandlerImpl.class);
    }
}
