package org.apache.archiva.redback.authentication.users;

import java.util.ArrayList;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.archiva.redback.authentication.AbstractAuthenticator;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.Authenticator;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.PasswordEncoder;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#user-manager")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-users-2.6.2.jar:org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.class */
public class UserManagerAuthenticator extends AbstractAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    @Named("userManager#default")
    private UserManager userManager;

    @Inject
    private UserSecurityPolicy securityPolicy;

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public String getId() {
        return "UserManagerAuthenticator";
    }

    @PostConstruct
    private void init() {
        this.valid = true;
    }

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
        UserManagerException userManagerException;
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        ArrayList arrayList = new ArrayList();
        try {
            this.log.debug("Authenticate: {}", passwordBasedAuthenticationDataSource);
            User findUser = this.userManager.findUser(passwordBasedAuthenticationDataSource.getUsername());
            findUser.getUsername();
            if (findUser.isLocked()) {
                throw new AccountLockedException("Account " + passwordBasedAuthenticationDataSource.getUsername() + " is locked.", findUser);
            }
            if (findUser.isPasswordChangeRequired() && passwordBasedAuthenticationDataSource.isEnforcePasswordChange()) {
                throw new MustChangePasswordException("Password expired.", findUser);
            }
            PasswordEncoder passwordEncoder = this.securityPolicy.getPasswordEncoder();
            this.log.debug("PasswordEncoder: {}", passwordEncoder.getClass().getName());
            if (!passwordEncoder.isPasswordValid(findUser.getEncodedPassword(), passwordBasedAuthenticationDataSource.getPassword())) {
                this.log.warn("Password is Invalid for user {}.", passwordBasedAuthenticationDataSource.getUsername());
                arrayList.add(new AuthenticationFailureCause(1, "Password is Invalid for user " + passwordBasedAuthenticationDataSource.getUsername() + "."));
                try {
                    this.securityPolicy.extensionExcessiveLoginAttempts(findUser);
                    this.userManager.updateUser(findUser);
                    return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getUsername(), null, arrayList);
                } catch (Throwable th) {
                    this.userManager.updateUser(findUser);
                    throw th;
                }
            }
            this.log.debug("User {} provided a valid password", passwordBasedAuthenticationDataSource.getUsername());
            try {
                this.securityPolicy.extensionPasswordExpiration(findUser);
                if (findUser.getCountFailedLoginAttempts() > 0) {
                    findUser.setCountFailedLoginAttempts(0);
                    this.userManager.updateUser(findUser);
                }
                return new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getUsername(), null);
            } catch (MustChangePasswordException e) {
                findUser.setPasswordChangeRequired(true);
                throw e;
            }
        } catch (UserNotFoundException e2) {
            this.log.warn("Login for user {} failed. user not found.", passwordBasedAuthenticationDataSource.getUsername());
            userManagerException = e2;
            arrayList.add(new AuthenticationFailureCause(1, "Login for user " + passwordBasedAuthenticationDataSource.getUsername() + " failed. user not found."));
            return new AuthenticationResult(false, null, userManagerException, arrayList);
        } catch (UserManagerException e3) {
            this.log.warn("Login for user {} failed, message: {}", passwordBasedAuthenticationDataSource.getUsername(), e3.getMessage());
            userManagerException = e3;
            arrayList.add(new AuthenticationFailureCause(2, "Login for user " + passwordBasedAuthenticationDataSource.getUsername() + " failed, message: " + e3.getMessage()));
            return new AuthenticationResult(false, null, userManagerException, arrayList);
        }
    }

    public UserManager getUserManager() {
        return this.userManager;
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    @Override // org.apache.archiva.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }

    public UserSecurityPolicy getSecurityPolicy() {
        return this.securityPolicy;
    }

    public void setSecurityPolicy(UserSecurityPolicy userSecurityPolicy) {
        this.securityPolicy = userSecurityPolicy;
    }
}
