package org.broadleafcommerce.profile.core.security.ldap;

import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import javax.annotation.Resource;
import org.broadleafcommerce.common.persistence.EntityConfiguration;
import org.broadleafcommerce.profile.core.domain.Customer;
import org.broadleafcommerce.profile.core.domain.User;
import org.broadleafcommerce.profile.core.service.CustomerService;
import org.broadleafcommerce.profile.core.service.UserService;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/broadleafcommerce/profile/core/security/ldap/BroadleafActiveDirectoryUserDetailsMapper.class */
public class BroadleafActiveDirectoryUserDetailsMapper extends LdapUserDetailsMapper {

    @Resource(name = "blUserService")
    protected UserService userService;

    @Resource(name = "blCustomerService")
    protected CustomerService customerService;

    @Resource(name = "blEntityConfiguration")
    protected EntityConfiguration entityConfiguration;
    protected boolean useEmailAddressAsUsername = true;
    protected boolean additiveRoleNameSubstitutions = false;
    protected Map<String, String[]> roleNameSubstitutions;
    protected String provisionType;

    public BroadleafActiveDirectoryUserDetailsMapper(String str) {
        setProvisionType(str);
    }

    protected void provisionUser(DirContextOperations dirContextOperations, UserDetails userDetails) {
        if (!"ADMIN".equals(this.provisionType)) {
            if (this.customerService.readCustomerByUsername(userDetails.getUsername()) == null) {
                Customer createCustomer = this.customerService.createCustomer();
                createCustomer.setUsername(userDetails.getUsername());
                this.customerService.saveCustomer(createCustomer, true);
                return;
            }
            return;
        }
        if (this.userService.readUserByUsername(userDetails.getUsername()) == null) {
            User user = (User) this.entityConfiguration.createEntityInstance(User.class.getName());
            user.setUsername(userDetails.getUsername());
            user.setPassword(userDetails.getPassword());
            if (user.getPassword() == null) {
                user.setPassword("LDAP_PROVIDED");
            }
            this.userService.saveUser(user);
        }
    }

    @Transactional("blTransactionManager")
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        String str2;
        HashSet hashSet = new HashSet();
        if (this.roleNameSubstitutions == null || this.roleNameSubstitutions.isEmpty()) {
            hashSet.addAll(collection);
        } else {
            for (GrantedAuthority grantedAuthority : collection) {
                if (this.roleNameSubstitutions.containsKey(grantedAuthority.getAuthority())) {
                    for (String str3 : this.roleNameSubstitutions.get(grantedAuthority.getAuthority())) {
                        hashSet.add(new SimpleGrantedAuthority(str3.trim()));
                    }
                    if (this.additiveRoleNameSubstitutions) {
                        hashSet.add(grantedAuthority);
                    }
                } else {
                    hashSet.add(grantedAuthority);
                }
            }
        }
        UserDetails userDetails = null;
        if (this.useEmailAddressAsUsername && (str2 = (String) dirContextOperations.getObjectAttribute("mail")) != null) {
            userDetails = super.mapUserFromContext(dirContextOperations, str2, hashSet);
        }
        if (userDetails == null) {
            userDetails = super.mapUserFromContext(dirContextOperations, str, hashSet);
        }
        provisionUser(dirContextOperations, userDetails);
        return userDetails;
    }

    public void setUseEmailAddressAsUsername(boolean z) {
        this.useEmailAddressAsUsername = z;
    }

    public void setRoleNameSubstitutions(Map<String, String[]> map) {
        this.roleNameSubstitutions = map;
    }

    public void setAdditiveRoleNameSubstitutions(boolean z) {
        this.additiveRoleNameSubstitutions = z;
    }

    public void setProvisionType(String str) {
        if (str == null || !("ADMIN".equals(str) || "CUSTOMER".equals(str))) {
            throw new IllegalArgumentException("The property or constructor arg \"provisionType\" cannot be null and must be set to either \"ADMIN\" or \"CUSTOMER\"");
        }
        this.provisionType = str;
    }
}
