package org.apache.archiva.redback.authentication.keystore;

import javax.annotation.Resource;
import org.apache.archiva.redback.authentication.AbstractAuthenticator;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.Authenticator;
import org.apache.archiva.redback.authentication.TokenBasedAuthenticationDataSource;
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.keys.KeyManagerException;
import org.apache.archiva.redback.keys.KeyNotFoundException;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#keystore")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-keys-2.3.jar:org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.class */
public class KeyStoreAuthenticator extends AbstractAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Resource(name = "keyManager#cached")
    private KeyManager keystore;

    @Resource(name = "userManager#default")
    private UserManager userManager;

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public String getId() {
        return getClass().getName();
    }

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AccountLockedException, AuthenticationException, MustChangePasswordException {
        TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = (TokenBasedAuthenticationDataSource) authenticationDataSource;
        try {
            if (this.keystore.findKey(tokenBasedAuthenticationDataSource.getToken()) == null) {
                return new AuthenticationResult(false, tokenBasedAuthenticationDataSource.getUsername(), new AuthenticationException("unable to find key"));
            }
            User findUser = this.userManager.findUser(tokenBasedAuthenticationDataSource.getUsername());
            if (findUser.isLocked()) {
                throw new AccountLockedException("Account " + authenticationDataSource.getUsername() + " is locked.", findUser);
            }
            if (findUser.isPasswordChangeRequired() && authenticationDataSource.isEnforcePasswordChange()) {
                throw new MustChangePasswordException("Password expired.", findUser);
            }
            return new AuthenticationResult(true, tokenBasedAuthenticationDataSource.getUsername(), null);
        } catch (KeyNotFoundException e) {
            return new AuthenticationResult(false, null, e);
        } catch (KeyManagerException e2) {
            throw new AuthenticationException("underlaying keymanager issue", e2);
        } catch (UserNotFoundException e3) {
            this.log.warn("Login for user {} failed. user not found.", authenticationDataSource.getUsername());
            return new AuthenticationResult(false, null, e3);
        } catch (UserManagerException e4) {
            this.log.warn("Login fail for user {} failed. message: {}", authenticationDataSource.getUsername(), e4.getMessage());
            return new AuthenticationResult(false, null, e4);
        }
    }

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof TokenBasedAuthenticationDataSource;
    }
}
