package org.codehaus.plexus.redback.authentication.keystore;

import javax.annotation.Resource;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.keys.KeyManager;
import org.codehaus.plexus.redback.keys.KeyManagerException;
import org.codehaus.plexus.redback.keys.KeyNotFoundException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#keystore")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-keys-1.2.5.jar:org/codehaus/plexus/redback/authentication/keystore/KeyStoreAuthenticator.class */
public class KeyStoreAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Resource(name = "keyManager#cached")
    private KeyManager keystore;

    @Resource(name = "userManager#configurable")
    private UserManager userManager;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "$Id: KeyStoreAuthenticator.java 789 2009-03-12 06:52:37Z brett $";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AccountLockedException, AuthenticationException, MustChangePasswordException {
        TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = (TokenBasedAuthenticationDataSource) authenticationDataSource;
        try {
            if (this.keystore.findKey(tokenBasedAuthenticationDataSource.getToken()) == null) {
                return new AuthenticationResult(false, tokenBasedAuthenticationDataSource.getPrincipal(), new AuthenticationException("unable to find key"));
            }
            User findUser = this.userManager.findUser(tokenBasedAuthenticationDataSource.getPrincipal());
            if (findUser.isLocked()) {
                throw new AccountLockedException("Account " + authenticationDataSource.getPrincipal() + " is locked.", findUser);
            }
            if (findUser.isPasswordChangeRequired() && authenticationDataSource.isEnforcePasswordChange()) {
                throw new MustChangePasswordException("Password expired.", findUser);
            }
            return new AuthenticationResult(true, tokenBasedAuthenticationDataSource.getPrincipal(), null);
        } catch (KeyNotFoundException e) {
            return new AuthenticationResult(false, null, e);
        } catch (KeyManagerException e2) {
            throw new AuthenticationException("underlaying keymanager issue", e2);
        } catch (UserNotFoundException e3) {
            this.log.warn("Login for user " + authenticationDataSource.getPrincipal() + " failed. user not found.");
            return new AuthenticationResult(false, null, e3);
        }
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof TokenBasedAuthenticationDataSource;
    }
}
