package org.codehaus.plexus.redback.authentication.keystore;

import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.keys.KeyManager;
import org.codehaus.plexus.redback.keys.KeyManagerException;
import org.codehaus.plexus.redback.keys.KeyNotFoundException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:WEB-INF/lib/redback-authentication-keys-1.0.2.jar:org/codehaus/plexus/redback/authentication/keystore/KeyStoreAuthenticator.class */
public class KeyStoreAuthenticator extends AbstractLogEnabled implements Authenticator {
    private KeyManager keystore;
    private UserManager userManager;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "$ID:$";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AccountLockedException, AuthenticationException {
        TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = (TokenBasedAuthenticationDataSource) authenticationDataSource;
        try {
            if (this.keystore.findKey(tokenBasedAuthenticationDataSource.getToken()) == null) {
                return new AuthenticationResult(false, tokenBasedAuthenticationDataSource.getPrincipal(), new AuthenticationException("unable to find key"));
            }
            User findUser = this.userManager.findUser(tokenBasedAuthenticationDataSource.getPrincipal());
            if (findUser.isLocked()) {
                throw new AccountLockedException("Account " + authenticationDataSource.getPrincipal() + " is locked.", findUser);
            }
            return new AuthenticationResult(true, tokenBasedAuthenticationDataSource.getPrincipal(), null);
        } catch (KeyNotFoundException e) {
            return new AuthenticationResult(false, null, e);
        } catch (KeyManagerException e2) {
            throw new AuthenticationException("underlaying keymanager issue", e2);
        } catch (UserNotFoundException e3) {
            getLogger().warn("Login for user " + authenticationDataSource.getPrincipal() + " failed. user not found.");
            return new AuthenticationResult(false, null, e3);
        }
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof TokenBasedAuthenticationDataSource;
    }
}
