package org.apache.kylin.rest.security;

import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import org.apache.kylin.common.exception.code.ErrorCodeServer;
import org.apache.kylin.rest.service.LdapUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apache/kylin/rest/security/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(LdapAuthenticationProvider.class);

    @Autowired
    @Qualifier("userService")
    LdapUserService ldapUserService;
    private final AuthenticationProvider authenticationProvider;
    private final HashFunction hf;

    public LdapAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        Assert.notNull(authenticationProvider, "The embedded authenticationProvider should not be null.");
        this.authenticationProvider = authenticationProvider;
        this.hf = Hashing.murmur3_128();
    }

    public Authentication authenticate(Authentication authentication) {
        try {
            Authentication authenticate = this.authenticationProvider.authenticate(authentication);
            if (authenticate.getDetails() == null) {
                throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
            }
            String username = authenticate.getDetails() instanceof UserDetails ? ((UserDetails) authenticate.getDetails()).getUsername() : authentication.getName();
            this.ldapUserService.onUserAuthenticated(username);
            logger.debug("Authenticated userName: {}", username);
            return authenticate;
        } catch (AuthenticationException e) {
            logger.error("Failed to auth user: {}", authentication.getName(), e);
            throw e;
        } catch (IncorrectResultSizeDataAccessException e2) {
            logger.error("Ldap username {} is not unique", authentication.getName());
            throw new BadCredentialsException(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]), e2);
        } catch (BadCredentialsException e3) {
            throw new BadCredentialsException(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]), e3);
        }
    }

    public boolean supports(Class<?> cls) {
        return this.authenticationProvider.supports(cls);
    }
}
