package org.thingsboard.server.service.security.auth.rest;

import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.thingsboard.server.common.data.Customer;
import org.thingsboard.server.common.data.HasName;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.dao.audit.AuditLogService;
import org.thingsboard.server.dao.customer.CustomerService;
import org.thingsboard.server.dao.user.UserService;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.UserPrincipal;
import org.thingsboard.server.service.security.system.SystemSecurityService;
import ua_parser.Client;

@Component
/* loaded from: input_file:org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.class */
public class RestAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(RestAuthenticationProvider.class);
    private final SystemSecurityService systemSecurityService;
    private final UserService userService;
    private final CustomerService customerService;
    private final AuditLogService auditLogService;

    @Autowired
    public RestAuthenticationProvider(UserService userService, CustomerService customerService, SystemSecurityService systemSecurityService, AuditLogService auditLogService) {
        this.userService = userService;
        this.customerService = customerService;
        this.systemSecurityService = systemSecurityService;
        this.auditLogService = auditLogService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.notNull(authentication, "No authentication data provided");
        Object principal = authentication.getPrincipal();
        if (!(principal instanceof UserPrincipal)) {
            throw new BadCredentialsException("Authentication Failed. Bad user principal.");
        }
        UserPrincipal userPrincipal = (UserPrincipal) principal;
        return userPrincipal.getType() == UserPrincipal.Type.USER_NAME ? authenticateByUsernameAndPassword(authentication, userPrincipal, userPrincipal.getValue(), (String) authentication.getCredentials()) : authenticateByPublicId(userPrincipal, userPrincipal.getValue());
    }

    private Authentication authenticateByUsernameAndPassword(Authentication authentication, UserPrincipal userPrincipal, String str, String str2) {
        User findUserByEmail = this.userService.findUserByEmail(TenantId.SYS_TENANT_ID, str);
        if (findUserByEmail == null) {
            throw new UsernameNotFoundException("User not found: " + str);
        }
        try {
            UserCredentials findUserCredentialsByUserId = this.userService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, findUserByEmail.getId());
            if (findUserCredentialsByUserId == null) {
                throw new UsernameNotFoundException("User credentials not found");
            }
            this.systemSecurityService.validateUserCredentials(findUserByEmail.getTenantId(), findUserCredentialsByUserId, str2);
            if (findUserByEmail.getAuthority() == null) {
                throw new InsufficientAuthenticationException("User has no authority assigned");
            }
            SecurityUser securityUser = new SecurityUser(findUserByEmail, findUserCredentialsByUserId.isEnabled(), userPrincipal);
            logLoginAction(findUserByEmail, authentication, null);
            return new UsernamePasswordAuthenticationToken(securityUser, (Object) null, securityUser.getAuthorities());
        } catch (Exception e) {
            logLoginAction(findUserByEmail, authentication, e);
            throw e;
        }
    }

    private Authentication authenticateByPublicId(UserPrincipal userPrincipal, String str) {
        try {
            Customer findCustomerById = this.customerService.findCustomerById(TenantId.SYS_TENANT_ID, new CustomerId(UUID.fromString(str)));
            if (findCustomerById == null) {
                throw new UsernameNotFoundException("Public entity not found: " + str);
            }
            if (!findCustomerById.isPublic()) {
                throw new BadCredentialsException("Authentication Failed. Public Id is not valid.");
            }
            User user = new User(new UserId(EntityId.NULL_UUID));
            user.setTenantId(findCustomerById.getTenantId());
            user.setCustomerId(findCustomerById.getId());
            user.setEmail(str);
            user.setAuthority(Authority.CUSTOMER_USER);
            user.setFirstName("Public");
            user.setLastName("Public");
            SecurityUser securityUser = new SecurityUser(user, true, userPrincipal);
            return new UsernamePasswordAuthenticationToken(securityUser, (Object) null, securityUser.getAuthorities());
        } catch (Exception e) {
            throw new BadCredentialsException("Authentication Failed. Public Id is not valid.");
        }
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    private void logLoginAction(User user, Authentication authentication, Exception exc) {
        String str = "Unknown";
        String str2 = "Unknown";
        String str3 = "Unknown";
        String str4 = "Unknown";
        if (authentication != null && authentication.getDetails() != null && (authentication.getDetails() instanceof RestAuthenticationDetails)) {
            RestAuthenticationDetails restAuthenticationDetails = (RestAuthenticationDetails) authentication.getDetails();
            str = restAuthenticationDetails.getClientAddress();
            if (restAuthenticationDetails.getUserAgent() != null) {
                Client userAgent = restAuthenticationDetails.getUserAgent();
                if (userAgent.userAgent != null) {
                    str2 = userAgent.userAgent.family;
                    if (userAgent.userAgent.major != null) {
                        str2 = str2 + " " + userAgent.userAgent.major;
                        if (userAgent.userAgent.minor != null) {
                            str2 = str2 + "." + userAgent.userAgent.minor;
                            if (userAgent.userAgent.patch != null) {
                                str2 = str2 + "." + userAgent.userAgent.patch;
                            }
                        }
                    }
                }
                if (userAgent.os != null) {
                    str3 = userAgent.os.family;
                    if (userAgent.os.major != null) {
                        str3 = str3 + " " + userAgent.os.major;
                        if (userAgent.os.minor != null) {
                            str3 = str3 + "." + userAgent.os.minor;
                            if (userAgent.os.patch != null) {
                                str3 = str3 + "." + userAgent.os.patch;
                                if (userAgent.os.patchMinor != null) {
                                    str3 = str3 + "." + userAgent.os.patchMinor;
                                }
                            }
                        }
                    }
                }
                if (userAgent.device != null) {
                    str4 = userAgent.device.family;
                }
            }
        }
        this.auditLogService.logEntityAction(user.getTenantId(), user.getCustomerId(), user.getId(), user.getName(), user.getId(), (HasName) null, ActionType.LOGIN, exc, new Object[]{str, str2, str3, str4});
    }
}
