package org.pentaho.platform.plugin.services.security.userrole.ldap;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.security.IAuthenticationRoleMapper;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;

/* loaded from: input_file:org/pentaho/platform/plugin/services/security/userrole/ldap/DefaultLdapAuthenticationProvider.class */
public class DefaultLdapAuthenticationProvider extends LdapAuthenticationProvider {
    private IAuthenticationRoleMapper roleMapper;
    private String authenticatedRole;

    public DefaultLdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, IAuthenticationRoleMapper iAuthenticationRoleMapper) {
        super(ldapAuthenticator);
        this.roleMapper = iAuthenticationRoleMapper;
        setAuthenticatedRole(null);
    }

    public DefaultLdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, IAuthenticationRoleMapper iAuthenticationRoleMapper) {
        super(ldapAuthenticator, ldapAuthoritiesPopulator);
        this.roleMapper = iAuthenticationRoleMapper;
        setAuthenticatedRole(null);
    }

    public DefaultLdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, IAuthenticationRoleMapper iAuthenticationRoleMapper, String str) {
        super(ldapAuthenticator, ldapAuthoritiesPopulator);
        this.roleMapper = iAuthenticationRoleMapper;
        setAuthenticatedRole(str);
    }

    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations dirContextOperations, String str, String str2) {
        GrantedAuthority[] grantedAuthorityArr = (GrantedAuthority[]) super.loadUserAuthorities(dirContextOperations, str, str2).toArray(new GrantedAuthority[0]);
        if (this.roleMapper != null) {
            for (int i = 0; i < grantedAuthorityArr.length; i++) {
                if (grantedAuthorityArr[i] != null) {
                    grantedAuthorityArr[i] = new SimpleGrantedAuthority(this.roleMapper.toPentahoRole(grantedAuthorityArr[i].getAuthority()));
                }
            }
        }
        return Arrays.asList(grantedAuthorityArr);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication authenticate = super.authenticate(authentication);
        Iterator it = authenticate.getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equals(this.authenticatedRole)) {
                return authenticate;
            }
        }
        throw new AuthenticationServiceException("The user doesn't have '" + this.authenticatedRole + "' role.");
    }

    private void setAuthenticatedRole(String str) {
        this.authenticatedRole = str == null ? (String) PentahoSystem.get(String.class, "singleTenantAuthenticatedAuthorityName", (IPentahoSession) null) : str;
    }
}
