package org.codehaus.plexus.redback.authentication.users;

import java.util.HashMap;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.policy.PasswordEncoder;
import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:lib/continuum-webapp-1.1.war:WEB-INF/lib/redback-authentication-users-1.0-alpha-4.jar:org/codehaus/plexus/redback/authentication/users/UserManagerAuthenticator.class */
public class UserManagerAuthenticator extends AbstractLogEnabled implements Authenticator {
    private UserManager userManager;
    private UserSecurityPolicy securityPolicy;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "UserManagerAuthenticator";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException, AccountLockedException {
        User findUser;
        String str = null;
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        HashMap hashMap = new HashMap();
        try {
            getLogger().debug("Authenticate: " + passwordBasedAuthenticationDataSource);
            findUser = this.userManager.findUser(passwordBasedAuthenticationDataSource.getPrincipal());
            str = findUser.getUsername();
        } catch (UserNotFoundException e) {
            getLogger().warn("Login for user " + passwordBasedAuthenticationDataSource.getPrincipal() + " failed. user not found.");
            hashMap.put("1", "Login for user \" + source.getPrincipal() + \" failed. user not found.");
            return new AuthenticationResult(false, str, e, hashMap);
        }
        if (findUser.isLocked() && !findUser.isPasswordChangeRequired()) {
            throw new AccountLockedException("Account " + passwordBasedAuthenticationDataSource.getPrincipal() + " is locked.", findUser);
        }
        PasswordEncoder passwordEncoder = this.securityPolicy.getPasswordEncoder();
        getLogger().debug("PasswordEncoder: " + passwordEncoder.getClass().getName());
        if (passwordEncoder.isPasswordValid(findUser.getEncodedPassword(), passwordBasedAuthenticationDataSource.getPassword())) {
            getLogger().debug("User " + passwordBasedAuthenticationDataSource.getPrincipal() + " provided a valid password");
            try {
                this.securityPolicy.extensionPasswordExpiration(findUser);
            } catch (MustChangePasswordException e2) {
                findUser.setPasswordChangeRequired(true);
            }
            findUser.setCountFailedLoginAttempts(0);
            this.userManager.updateUser(findUser);
            return new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getPrincipal(), null);
        }
        getLogger().warn("Password is Invalid for user " + passwordBasedAuthenticationDataSource.getPrincipal() + ".");
        hashMap.put("1", "Password is Invalid for user " + passwordBasedAuthenticationDataSource.getPrincipal() + ".");
        try {
            this.securityPolicy.extensionExcessiveLoginAttempts(findUser);
            this.userManager.updateUser(findUser);
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null, hashMap);
        } catch (Throwable th) {
            this.userManager.updateUser(findUser);
            throw th;
        }
        getLogger().warn("Login for user " + passwordBasedAuthenticationDataSource.getPrincipal() + " failed. user not found.");
        hashMap.put("1", "Login for user \" + source.getPrincipal() + \" failed. user not found.");
        return new AuthenticationResult(false, str, e, hashMap);
    }

    public UserManager getUserManager() {
        return this.userManager;
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }
}
