package org.apache.causeway.extensions.secman.integration.authenticator;

import jakarta.inject.Inject;
import java.util.stream.Stream;
import org.apache.causeway.applib.services.iactnlayer.InteractionContext;
import org.apache.causeway.applib.services.user.UserMemento;
import org.apache.causeway.core.security.authentication.AuthenticationRequest;
import org.apache.causeway.core.security.authentication.AuthenticationRequestPassword;
import org.apache.causeway.core.security.authentication.Authenticator;
import org.apache.causeway.extensions.secman.applib.user.dom.ApplicationUserRepository;
import org.apache.causeway.extensions.secman.applib.user.dom.ApplicationUserStatus;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:org/apache/causeway/extensions/secman/integration/authenticator/AuthenticatorSecman.class */
public class AuthenticatorSecman implements Authenticator {
    private static final Logger log = LogManager.getLogger(AuthenticatorSecman.class);
    private final ApplicationUserRepository applicationUserRepository;
    private final PasswordEncoder passwordEncoder;

    @Inject
    public AuthenticatorSecman(ApplicationUserRepository applicationUserRepository, @Qualifier("Secman") PasswordEncoder passwordEncoder) {
        this.applicationUserRepository = applicationUserRepository;
        this.passwordEncoder = passwordEncoder;
    }

    public final boolean canAuthenticate(Class<? extends AuthenticationRequest> cls) {
        return AuthenticationRequestPassword.class.isAssignableFrom(cls);
    }

    public InteractionContext authenticate(AuthenticationRequest authenticationRequest, String str) {
        AuthenticationRequestPassword authenticationRequestPassword = (AuthenticationRequestPassword) authenticationRequest;
        String name = authenticationRequestPassword.getName();
        String password = authenticationRequestPassword.getPassword();
        if (name != null) {
            return (InteractionContext) this.applicationUserRepository.findByUsername(name).filter(applicationUser -> {
                return ApplicationUserStatus.isUnlocked(applicationUser.getStatus());
            }).filter(applicationUser2 -> {
                return applicationUser2.isHasPassword();
            }).filter(applicationUser3 -> {
                return this.passwordEncoder.matches(password, applicationUser3.getEncryptedPassword());
            }).map(applicationUser4 -> {
                return InteractionContext.ofUserWithSystemDefaults(UserMemento.ofNameAndRoleNames(name, Stream.concat(applicationUser4.getRoles().stream().map((v0) -> {
                    return v0.getName();
                }), authenticationRequest.streamRoles())).withAuthenticationCode(str));
            }).orElse(null);
        }
        log.info("login failed: username is null");
        return null;
    }

    public void logout() {
    }
}
