package org.camunda.optimize.service.security;

import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotAuthorizedException;
import org.camunda.optimize.dto.optimize.query.security.CredentialsDto;
import org.camunda.optimize.rest.engine.EngineContext;
import org.camunda.optimize.rest.engine.EngineContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/camunda/optimize/service/security/AuthenticationService.class */
public class AuthenticationService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private EngineAuthenticationProvider engineAuthenticationProvider;

    @Autowired
    private EngineContextFactory engineContextFactory;

    @Autowired
    private SessionService sessionService;

    @Autowired
    private ApplicationAuthorizationService applicationAuthorizationService;

    public String authenticateUser(CredentialsDto credentialsDto) {
        for (EngineContext engineContext : this.engineContextFactory.getConfiguredEngines()) {
            if (this.engineAuthenticationProvider.authenticate(credentialsDto, engineContext)) {
                if (this.applicationAuthorizationService.isAuthorized(credentialsDto, engineContext)) {
                    return createUserSession(credentialsDto, engineContext);
                }
                throwForbiddenException(credentialsDto);
            }
        }
        this.logger.error("Error during user authentication");
        throw new NotAuthorizedException("Could not log you in. Please check your username and password.", "ignored", new Object[0]);
    }

    private void throwForbiddenException(CredentialsDto credentialsDto) {
        String str = "The user [" + credentialsDto.getUsername() + "] is not authorized to access Optimize! Please check the Camunda Admin configuration to change user authorizations!";
        this.logger.error(str);
        throw new ForbiddenException(str);
    }

    private String createUserSession(CredentialsDto credentialsDto, EngineContext engineContext) {
        return this.sessionService.createSessionAndReturnSecurityToken(credentialsDto.getUsername(), engineContext);
    }
}
