package org.apache.maven.archiva.security;

import javax.servlet.http.HttpServletRequest;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.authorization.UnauthorizedException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/archiva-security-1.3.9.jar:org/apache/maven/archiva/security/ArchivaServletAuthenticator.class */
public class ArchivaServletAuthenticator implements ServletAuthenticator {
    private Logger log = LoggerFactory.getLogger(ArchivaServletAuthenticator.class);
    private SecuritySystem securitySystem;

    @Override // org.apache.maven.archiva.security.ServletAuthenticator
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
        if (authenticationResult == null || authenticationResult.isAuthenticated()) {
            return true;
        }
        throw new AuthenticationException("User Credentials Invalid");
    }

    @Override // org.apache.maven.archiva.security.ServletAuthenticator
    public boolean isAuthorized(HttpServletRequest httpServletRequest, SecuritySession securitySession, String str, String str2) throws AuthorizationException, UnauthorizedException {
        AuthorizationResult authorize = this.securitySystem.authorize(securitySession, str2, str);
        if (authorize.isAuthorized()) {
            return true;
        }
        if (authorize.getException() == null) {
            throw new UnauthorizedException("User account is locked");
        }
        this.log.info("Authorization Denied [ip=" + httpServletRequest.getRemoteAddr() + ",permission=" + str2 + ",repo=" + str + "] : " + authorize.getException().getMessage());
        throw new UnauthorizedException("Access denied for repository " + str);
    }

    @Override // org.apache.maven.archiva.security.ServletAuthenticator
    public boolean isAuthorized(String str, String str2, String str3) throws UnauthorizedException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser == null) {
                throw new UnauthorizedException("The security system had an internal error - please check your system logs");
            }
            if (findUser.isLocked()) {
                throw new UnauthorizedException("User account is locked.");
            }
            return this.securitySystem.isAuthorized(new DefaultSecuritySession(new AuthenticationResult(true, str, null), findUser), str3, str2);
        } catch (AuthorizationException e) {
            throw new UnauthorizedException(e.getMessage());
        } catch (UserNotFoundException e2) {
            throw new UnauthorizedException(e2.getMessage());
        }
    }
}
