package com.gentics.contentnode.activiti.authentication;

import com.gentics.contentnode.activiti.session.RestClientManager;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.activiti.engine.IdentityService;
import org.activiti.engine.identity.Group;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/contentnode-activiti-integration-5.45.20.jar:com/gentics/contentnode/activiti/authentication/GcnSessionSecretAuthenticationProvider.class */
public class GcnSessionSecretAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(GcnSessionSecretAuthenticationProvider.class);

    @Autowired
    private IdentityService identityService;

    @Autowired
    protected RestClientManager restClientManager;

    @Autowired
    protected Environment environment;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        GcnSessionSecretCredentials gcnSessionSecretCredentials = authentication.getCredentials() instanceof GcnSessionSecretCredentials ? (GcnSessionSecretCredentials) authentication.getCredentials() : new GcnSessionSecretCredentials(authentication.getName(), (String) authentication.getCredentials());
        try {
            String num = Integer.toString(this.restClientManager.authenticate(gcnSessionSecretCredentials).getId().intValue());
            List<Group> list = this.identityService.createGroupQuery().groupMember(num).list();
            ArrayList arrayList = new ArrayList();
            Iterator<Group> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new SimpleGrantedAuthority(it.next().getId()));
            }
            this.identityService.setAuthenticatedUserId(num);
            return new UsernamePasswordAuthenticationToken(num, gcnSessionSecretCredentials, arrayList);
        } catch (Exception e) {
            logger.error(String.format("Error while authenticating using REST URL %s", this.environment.getProperty("cms.rest.url")), (Throwable) e);
            throw new BadCredentialsException("Authentication failed for Gentics CMS sid and session secret");
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
