package org.apache.archiva.redback.authentication;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("authenticationManager")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-api-2.6.jar:org/apache/archiva/redback/authentication/DefaultAuthenticationManager.class */
public class DefaultAuthenticationManager implements AuthenticationManager {
    private Logger log = LoggerFactory.getLogger(getClass());
    private List<Authenticator> authenticators;

    @Inject
    private ApplicationContext applicationContext;

    @Inject
    @Named("userManager#default")
    private UserManager userManager;

    @PostConstruct
    public void initialize() {
        this.authenticators = new ArrayList(this.applicationContext.getBeansOfType(Authenticator.class).values());
    }

    @Override // org.apache.archiva.redback.authentication.AuthenticationManager
    public String getId() {
        return "Default Authentication Manager - " + getClass().getName() + " : managed authenticators - " + knownAuthenticators();
    }

    @Override // org.apache.archiva.redback.authentication.AuthenticationManager
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AccountLockedException, AuthenticationException, MustChangePasswordException {
        if (this.authenticators == null || this.authenticators.size() == 0) {
            return new AuthenticationResult(false, null, new AuthenticationException("no valid authenticators, can't authenticate"));
        }
        ArrayList arrayList = new ArrayList();
        for (Authenticator authenticator : this.authenticators) {
            if (!authenticator.isValid()) {
                this.log.warn("Invalid authenticator found: " + authenticator.getId());
            } else if (authenticator.supportsDataSource(authenticationDataSource)) {
                AuthenticationResult authenticate = authenticator.authenticate(authenticationDataSource);
                List<AuthenticationFailureCause> authenticationFailureCauses = authenticate.getAuthenticationFailureCauses();
                if (authenticate.isAuthenticated()) {
                    Iterator<AuthenticationFailureCause> it = authenticationFailureCauses.iterator();
                    while (it.hasNext()) {
                        User user = it.next().getUser();
                        if (user != null && user.getCountFailedLoginAttempts() > 0) {
                            user.setCountFailedLoginAttempts(0);
                            if (!this.userManager.isReadOnly()) {
                                try {
                                    this.userManager.updateUser(user);
                                } catch (UserManagerException e) {
                                    this.log.debug(e.getMessage(), (Throwable) e);
                                    this.log.warn("skip error updating user: {}", e.getMessage());
                                }
                            }
                        }
                    }
                    return authenticate;
                }
                if (authenticationFailureCauses != null) {
                    arrayList.addAll(authenticationFailureCauses);
                } else if (authenticate.getException() != null) {
                    arrayList.add(new AuthenticationFailureCause(2, authenticate.getException().getMessage()));
                }
            } else {
                continue;
            }
        }
        return new AuthenticationResult(false, null, new AuthenticationException("authentication failed on authenticators: " + knownAuthenticators()), arrayList);
    }

    @Override // org.apache.archiva.redback.authentication.AuthenticationManager
    public List<Authenticator> getAuthenticators() {
        return this.authenticators;
    }

    private String knownAuthenticators() {
        StringBuilder sb = new StringBuilder();
        Iterator<Authenticator> it = this.authenticators.iterator();
        while (it.hasNext()) {
            sb.append('(').append(it.next().getId()).append(") ");
        }
        return sb.toString();
    }
}
