package org.squashtest.tm.web.backend.security.authentication;

import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.squashtest.tm.api.security.authentication.AuthenticationProviderFeatures;
import org.squashtest.tm.core.foundation.logger.Logger;
import org.squashtest.tm.core.foundation.logger.LoggerFactory;
import org.squashtest.tm.service.internal.security.AuthenticationProviderContext;
import org.squashtest.tm.service.internal.security.InternalAuthenticationProviderFeatures;
import org.squashtest.tm.service.security.AdministratorAuthenticationService;
import org.squashtest.tm.web.backend.context.ApplicationComponent;

@ApplicationComponent
/* loaded from: input_file:WEB-INF/classes/org/squashtest/tm/web/backend/security/authentication/PasswordSchemeUpgrader.class */
public class PasswordSchemeUpgrader implements ApplicationListener<AuthenticationSuccessEvent> {
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordSchemeUpgrader.class);
    private static final String PASSWORD_HASH_PREFIX = "{bcrypt}";

    @Inject
    private AuthenticationProviderContext authProviderContext;

    @Inject
    private AdministratorAuthenticationService authService;

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {
        try {
            upgradePasswordIfRequired(authenticationSuccessEvent);
        } catch (Exception e) {
            LOGGER.debug("unexpected error while checking for password scheme upgrade", e);
        }
    }

    private void upgradePasswordIfRequired(AuthenticationSuccessEvent authenticationSuccessEvent) {
        Authentication authentication = authenticationSuccessEvent.getAuthentication();
        LOGGER.debug("upgrading password for user '{}' if needed", authentication.getName());
        User extractUserIfExists = extractUserIfExists(authentication);
        if (extractUserIfExists == null) {
            LOGGER.trace("the principal is not a user (weird), skipping", new Object[0]);
            return;
        }
        AuthenticationProviderFeatures providerFeatures = this.authProviderContext.getProviderFeatures(authentication);
        if (providerFeatures != InternalAuthenticationProviderFeatures.INSTANCE) {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("user logged in using provider '{}', skipping upgrade", providerFeatures.getProviderName());
                return;
            }
            return;
        }
        boolean doesRequireUpgrade = doesRequireUpgrade(extractUserIfExists);
        String extractClearPasswordIfExists = extractClearPasswordIfExists(authentication);
        if (doesRequireUpgrade) {
            if (extractClearPasswordIfExists == null) {
                LOGGER.trace("password needs scheme upgrade but password is unavailable. It must be changed manually.", new Object[0]);
            } else {
                LOGGER.trace("password needs scheme upgrade -> upgrading", new Object[0]);
                this.authService.resetUserPassword(extractUserIfExists.getUsername(), extractClearPasswordIfExists);
            }
        }
    }

    private User extractUserIfExists(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal == null || !User.class.isAssignableFrom(principal.getClass())) {
            return null;
        }
        return (User) principal;
    }

    private String extractClearPasswordIfExists(Authentication authentication) {
        Object credentials = authentication.getCredentials();
        if (credentials == null || !String.class.isAssignableFrom(credentials.getClass())) {
            return null;
        }
        LOGGER.trace("password found", new Object[0]);
        return (String) credentials;
    }

    private boolean doesRequireUpgrade(User user) {
        String password = user.getPassword();
        return (StringUtils.isBlank(password) || password.startsWith(PASSWORD_HASH_PREFIX)) ? false : true;
    }
}
