package org.pentaho.platform.engine.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.security.IAuthenticationRoleMapper;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/pentaho/platform/engine/security/DefaultRoleUserDetailsServiceDecorator.class */
public class DefaultRoleUserDetailsServiceDecorator implements UserDetailsService {
    private static final Log logger = LogFactory.getLog(DefaultRoleUserDetailsServiceDecorator.class);
    private UserDetailsService userDetailsService;
    private GrantedAuthority defaultRole;
    private IAuthenticationRoleMapper roleMapper;

    /* loaded from: input_file:org/pentaho/platform/engine/security/DefaultRoleUserDetailsServiceDecorator$DefaultRoleUserDetailsProxy.class */
    public static class DefaultRoleUserDetailsProxy implements UserDetails {
        private static final long serialVersionUID = -4262518338443465424L;
        private UserDetails userDetails;
        private Collection<? extends GrantedAuthority> newRoles;
        private IAuthenticationRoleMapper roleMapper;

        public DefaultRoleUserDetailsProxy(UserDetails userDetails, GrantedAuthority grantedAuthority) {
            this(userDetails, grantedAuthority, null);
        }

        public DefaultRoleUserDetailsProxy(UserDetails userDetails, GrantedAuthority grantedAuthority, IAuthenticationRoleMapper iAuthenticationRoleMapper) {
            Assert.notNull(userDetails);
            Assert.notNull(grantedAuthority);
            this.userDetails = userDetails;
            this.roleMapper = iAuthenticationRoleMapper;
            this.newRoles = getNewRoles(grantedAuthority);
        }

        protected Collection<? extends GrantedAuthority> getNewRoles(GrantedAuthority grantedAuthority) {
            Collection authorities = this.userDetails.getAuthorities();
            ArrayList arrayList = new ArrayList();
            if (this.roleMapper != null) {
                Iterator it = authorities.iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority(this.roleMapper.toPentahoRole(((GrantedAuthority) it.next()).getAuthority())));
                }
            }
            if (!authorities.contains(grantedAuthority)) {
                if (DefaultRoleUserDetailsServiceDecorator.logger.isDebugEnabled()) {
                    DefaultRoleUserDetailsServiceDecorator.logger.debug("adding defaultRole=" + grantedAuthority + " to list of roles for username=" + this.userDetails.getUsername());
                }
                arrayList.add(grantedAuthority);
            }
            return arrayList;
        }

        public Collection<? extends GrantedAuthority> getAuthorities() {
            return this.newRoles;
        }

        public String getPassword() {
            return this.userDetails.getPassword();
        }

        public String getUsername() {
            return this.userDetails.getUsername();
        }

        public boolean isAccountNonExpired() {
            return this.userDetails.isAccountNonExpired();
        }

        public boolean isAccountNonLocked() {
            return this.userDetails.isAccountNonLocked();
        }

        public boolean isCredentialsNonExpired() {
            return this.userDetails.isCredentialsNonExpired();
        }

        public boolean isEnabled() {
            return this.userDetails.isEnabled();
        }
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        if (logger.isDebugEnabled()) {
            logger.debug("injecting proxy");
        }
        return getUserDetailsWithDefaultRole(this.userDetailsService.loadUserByUsername(str));
    }

    protected UserDetails getUserDetailsWithDefaultRole(UserDetails userDetails) {
        return this.defaultRole != null ? new DefaultRoleUserDetailsProxy(userDetails, this.defaultRole, this.roleMapper) : userDetails;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        Assert.notNull(userDetailsService);
        this.userDetailsService = userDetailsService;
    }

    public void setDefaultRole(String str) {
        Assert.notNull(str);
        this.defaultRole = new SimpleGrantedAuthority(str);
    }

    public void setRoleMapper(IAuthenticationRoleMapper iAuthenticationRoleMapper) {
        this.roleMapper = iAuthenticationRoleMapper;
    }
}
