package org.apache.atlas.web.security;

import java.util.List;
import javax.annotation.PostConstruct;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.web.model.User;
import org.apache.commons.configuration.Configuration;
import org.apache.log4j.Logger;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.class */
public class AtlasLdapAuthenticationProvider extends AtlasAbstractAuthenticationProvider {
    private static Logger LOG = Logger.getLogger(AtlasLdapAuthenticationProvider.class);
    private String ldapURL;
    private String ldapUserDNPattern;
    private String ldapGroupSearchBase;
    private String ldapGroupSearchFilter;
    private String ldapGroupRoleAttribute;
    private String ldapBindDN;
    private String ldapBindPassword;
    private String ldapDefaultRole;
    private String ldapUserSearchFilter;
    private String ldapReferral;
    private String ldapBase;
    private boolean groupsFromUGI;

    @PostConstruct
    public void setup() {
        setLdapProperties();
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            return getLdapBindAuthentication(authentication);
        } catch (Exception e) {
            throw new AtlasAuthenticationException(e.getMessage(), e.getCause());
        }
    }

    private Authentication getLdapBindAuthentication(Authentication authentication) throws Exception {
        try {
            String name = authentication.getName();
            String obj = authentication.getCredentials() != null ? authentication.getCredentials().toString() : "";
            LdapContextSource ldapContextSource = getLdapContextSource();
            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = getDefaultLdapAuthoritiesPopulator(ldapContextSource);
            if (this.ldapUserSearchFilter == null || this.ldapUserSearchFilter.trim().isEmpty()) {
                this.ldapUserSearchFilter = "(uid={0})";
            }
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(this.ldapBase, this.ldapUserSearchFilter, ldapContextSource);
            filterBasedLdapUserSearch.setSearchSubtree(true);
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(getBindAuthenticator(filterBasedLdapUserSearch, ldapContextSource), defaultLdapAuthoritiesPopulator);
            if (name == null || obj == null || name.trim().isEmpty() || obj.trim().isEmpty()) {
                throw new AtlasAuthenticationException("LDAP Authentication::userName or userPassword is null or empty for userName " + name);
            }
            List<GrantedAuthority> authorities = getAuthorities(name);
            Authentication authenticate = ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(new User(name, obj, authorities), obj, authorities));
            if (this.groupsFromUGI) {
                authenticate = getAuthenticationWithGrantedAuthorityFromUGI(authenticate);
            }
            return authenticate;
        } catch (Exception e) {
            LOG.error("LDAP Authentication Failed:", e);
            throw new AtlasAuthenticationException("LDAP Authentication Failed", e);
        }
    }

    private void setLdapProperties() {
        try {
            Configuration configuration = ApplicationProperties.get();
            this.ldapURL = configuration.getString("atlas.authentication.method.ldap.url");
            this.ldapUserDNPattern = configuration.getString("atlas.authentication.method.ldap.userDNpattern");
            this.ldapGroupSearchBase = configuration.getString("atlas.authentication.method.ldap.groupSearchBase");
            this.ldapGroupSearchFilter = configuration.getString("atlas.authentication.method.ldap.groupSearchFilter");
            this.ldapGroupRoleAttribute = configuration.getString("atlas.authentication.method.ldap.groupRoleAttribute");
            this.ldapBindDN = configuration.getString("atlas.authentication.method.ldap.bind.dn");
            this.ldapBindPassword = configuration.getString("atlas.authentication.method.ldap.bind.password");
            this.ldapDefaultRole = configuration.getString("atlas.authentication.method.ldap.default.role");
            this.ldapUserSearchFilter = configuration.getString("atlas.authentication.method.ldap.user.searchfilter");
            this.ldapReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
            this.ldapBase = configuration.getString("atlas.authentication.method.ldap.base.dn");
            this.groupsFromUGI = configuration.getBoolean("atlas.authentication.method.ldap.ugi-groups", true);
        } catch (Exception e) {
            LOG.error("Exception while setLdapProperties", e);
        }
    }

    private LdapContextSource getLdapContextSource() throws Exception {
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(this.ldapURL);
        defaultSpringSecurityContextSource.setUserDn(this.ldapBindDN);
        defaultSpringSecurityContextSource.setPassword(this.ldapBindPassword);
        defaultSpringSecurityContextSource.setReferral(this.ldapReferral);
        defaultSpringSecurityContextSource.setCacheEnvironmentProperties(false);
        defaultSpringSecurityContextSource.setAnonymousReadOnly(false);
        defaultSpringSecurityContextSource.setPooled(true);
        defaultSpringSecurityContextSource.afterPropertiesSet();
        return defaultSpringSecurityContextSource;
    }

    private DefaultLdapAuthoritiesPopulator getDefaultLdapAuthoritiesPopulator(LdapContextSource ldapContextSource) {
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, this.ldapGroupSearchBase);
        defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(this.ldapGroupRoleAttribute);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter(this.ldapGroupSearchFilter);
        defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
        return defaultLdapAuthoritiesPopulator;
    }

    private BindAuthenticator getBindAuthenticator(FilterBasedLdapUserSearch filterBasedLdapUserSearch, LdapContextSource ldapContextSource) throws Exception {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
        bindAuthenticator.setUserDnPatterns(new String[]{this.ldapUserDNPattern});
        bindAuthenticator.afterPropertiesSet();
        return bindAuthenticator;
    }
}
