package org.apache.archiva.web.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
import org.apache.archiva.metadata.model.facets.AuditEvent;
import org.apache.archiva.redback.authentication.AbstractAuthenticator;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.Authenticator;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.PasswordEncoder;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.repository.events.AuditListener;
import org.apache.archiva.rest.services.interceptors.AuditInfoFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("authenticator#archiva")
/* loaded from: input_file:org/apache/archiva/web/security/ArchivaUserManagerAuthenticator.class */
public class ArchivaUserManagerAuthenticator extends AbstractAuthenticator implements Authenticator {

    @Inject
    private UserSecurityPolicy securityPolicy;

    @Inject
    private ApplicationContext applicationContext;

    @Inject
    private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
    private List<UserManager> userManagers;
    private Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    private List<AuditListener> auditListeners = new ArrayList();
    private boolean valid = false;

    /* JADX WARN: Multi-variable type inference failed */
    @PostConstruct
    public void initialize() throws AuthenticationException {
        try {
            List userManagerImpls = this.redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
            this.userManagers = new ArrayList(userManagerImpls.size());
            Iterator it = userManagerImpls.iterator();
            while (it.hasNext()) {
                this.userManagers.add(this.applicationContext.getBean("userManager#" + ((String) it.next()), UserManager.class));
            }
            this.valid = true;
        } catch (RepositoryAdminException e) {
            this.log.error("Error during repository initialization " + e.getMessage(), e);
        }
    }

    protected AuditInfoFilter.AuditInfo getAuditInformation() {
        return AuditInfoFilter.getAuditInfo();
    }

    public List<AuditListener> getAuditListeners() {
        return this.auditListeners;
    }

    protected void triggerAuditEvent(String str, String str2, String str3, String str4) {
        AuditEvent auditEvent = new AuditEvent(str, str4, str2, str3);
        AuditInfoFilter.AuditInfo auditInformation = getAuditInformation();
        auditEvent.setUserId(str4);
        auditEvent.setRemoteIP(auditInformation.getRemoteHost() + ":" + auditInformation.getRemotePort());
        Iterator<AuditListener> it = getAuditListeners().iterator();
        while (it.hasNext()) {
            it.next().auditEvent(auditEvent);
        }
    }

    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
        boolean z = false;
        String str = null;
        AccountLockedException accountLockedException = null;
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        ArrayList arrayList = new ArrayList();
        String username = passwordBasedAuthenticationDataSource.getUsername();
        for (UserManager userManager : this.userManagers) {
            try {
                this.log.debug("Authenticate: {} with userManager: {}", passwordBasedAuthenticationDataSource, userManager.getId());
                User findUser = userManager.findUser(username);
                str = findUser.getUsername();
                if (findUser.isLocked()) {
                    AccountLockedException accountLockedException2 = new AccountLockedException("Account " + username + " is locked.", findUser);
                    this.log.warn("{}", accountLockedException2.getMessage());
                    triggerAuditEvent("", "", "login-account-locked", username);
                    accountLockedException = accountLockedException2;
                    arrayList.add(new AuthenticationFailureCause(3, accountLockedException2.getMessage()));
                }
                if (findUser.isPasswordChangeRequired() && passwordBasedAuthenticationDataSource.isEnforcePasswordChange()) {
                    AccountLockedException mustChangePasswordException = new MustChangePasswordException("Password expired.", findUser);
                    this.log.warn("{}", mustChangePasswordException.getMessage());
                    accountLockedException = mustChangePasswordException;
                    triggerAuditEvent("", "", "login-password-change-required", username);
                    arrayList.add(new AuthenticationFailureCause(4, mustChangePasswordException.getMessage()));
                }
                PasswordEncoder passwordEncoder = this.securityPolicy.getPasswordEncoder();
                this.log.debug("PasswordEncoder: {}", passwordEncoder.getClass().getName());
                if (!passwordEncoder.isPasswordValid(findUser.getEncodedPassword(), passwordBasedAuthenticationDataSource.getPassword())) {
                    this.log.warn("Password is Invalid for user {} and userManager '{}'.", passwordBasedAuthenticationDataSource.getUsername(), userManager.getId());
                    triggerAuditEvent("", "", "login-authentication-failed", username);
                    arrayList.add(new AuthenticationFailureCause(1, "Password is Invalid for user " + passwordBasedAuthenticationDataSource.getUsername() + ".").user(findUser));
                    try {
                        this.securityPolicy.extensionExcessiveLoginAttempts(findUser);
                        if (!userManager.isReadOnly()) {
                            userManager.updateUser(findUser);
                        }
                    } catch (Throwable th) {
                        if (!userManager.isReadOnly()) {
                            userManager.updateUser(findUser);
                        }
                        throw th;
                        break;
                    }
                } else {
                    this.log.debug("User {} provided a valid password", username);
                    try {
                        this.securityPolicy.extensionPasswordExpiration(findUser);
                        z = true;
                        triggerAuditEvent("", "", "login-success", username);
                        if (findUser.getCountFailedLoginAttempts() > 0) {
                            findUser.setCountFailedLoginAttempts(0);
                            if (!userManager.isReadOnly()) {
                                userManager.updateUser(findUser);
                            }
                        }
                        return new AuthenticationResult(true, username, (Exception) null);
                    } catch (MustChangePasswordException e) {
                        findUser.setPasswordChangeRequired(true);
                        triggerAuditEvent("", "", "login-password-change-required", username);
                        accountLockedException = e;
                        arrayList.add(new AuthenticationFailureCause(4, e.getMessage()).user(findUser));
                    }
                }
            } catch (Exception e2) {
                this.log.warn("Login for user {} and userManager {} failed, message: {}", new Object[]{username, userManager.getId(), e2.getMessage()});
                accountLockedException = e2;
                triggerAuditEvent("", "", "login-error", username);
                arrayList.add(new AuthenticationFailureCause(2, "Login for user " + passwordBasedAuthenticationDataSource.getUsername() + " failed, message: " + e2.getMessage()));
            } catch (UserNotFoundException e3) {
                this.log.warn("Login for user {} and userManager {} failed. user not found.", username, userManager.getId());
                accountLockedException = e3;
                triggerAuditEvent("", "", "login-user-unknown", username);
                arrayList.add(new AuthenticationFailureCause(1, "Login for user " + passwordBasedAuthenticationDataSource.getUsername() + " failed. user not found."));
            }
        }
        return new AuthenticationResult(z, str, accountLockedException, arrayList);
    }

    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }

    public String getId() {
        return "ArchivaUserManagerAuthenticator";
    }

    public boolean isValid() {
        return this.valid;
    }
}
