package com.alibaba.nacos.plugin.auth.impl.authenticate;

import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.User;
import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService;
import com.alibaba.nacos.plugin.auth.impl.token.TokenManagerDelegate;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetails;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserService;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/authenticate/LdapAuthenticationManager.class */
public class LdapAuthenticationManager extends AbstractAuthenticationManager {
    private final String filterPrefix;
    private final boolean caseSensitive;
    private final LdapTemplate ldapTemplate;

    public LdapAuthenticationManager(LdapTemplate ldapTemplate, NacosUserService nacosUserService, TokenManagerDelegate tokenManagerDelegate, NacosRoleService nacosRoleService, String str, boolean z) {
        super(nacosUserService, tokenManagerDelegate, nacosRoleService);
        this.ldapTemplate = ldapTemplate;
        this.filterPrefix = str;
        this.caseSensitive = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [org.springframework.security.core.userdetails.UserDetails] */
    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.AbstractAuthenticationManager, com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public NacosUser authenticate(String str, String str2) throws AccessException {
        NacosUserDetails nacosUserDetails;
        if (StringUtils.isBlank(str)) {
            throw new AccessException("user not found!");
        }
        if (!this.caseSensitive) {
            str = str.toLowerCase();
        }
        try {
            return super.authenticate(str, str2);
        } catch (AccessException | UsernameNotFoundException e) {
            if (Loggers.AUTH.isWarnEnabled()) {
                Loggers.AUTH.warn("try login with LDAP, user: {}", str);
            }
            try {
            } catch (Exception e2) {
                Loggers.AUTH.error("[LDAP-LOGIN] failed", e2);
                throw new AccessException("user not found");
            } catch (UsernameNotFoundException e3) {
                String str3 = "LDAP_" + str;
                this.userDetailsService.createUser(str3, AuthConstants.LDAP_DEFAULT_ENCODED_PASSWORD, false);
                User user = new User();
                user.setUsername(str3);
                user.setPassword(AuthConstants.LDAP_DEFAULT_ENCODED_PASSWORD);
                nacosUserDetails = new NacosUserDetails(user);
            }
            if (!ldapLogin(str, str2)) {
                throw new AccessException("LDAP login failed.");
            }
            nacosUserDetails = this.userDetailsService.loadUserByUsername("LDAP_" + str);
            return new NacosUser(nacosUserDetails.getUsername(), this.jwtTokenManager.createToken(nacosUserDetails.getUsername()));
        }
    }

    private boolean ldapLogin(String str, String str2) {
        return this.ldapTemplate.authenticate(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, new EqualsFilter(this.filterPrefix, str).toString(), str2);
    }
}
