package org.jasig.cas.authentication;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.inspektr.audit.annotation.Auditable;
import org.inspektr.audit.spi.support.ObjectCreationAuditableActionResolver;
import org.inspektr.common.ioc.annotation.NotEmpty;
import org.inspektr.common.ioc.annotation.NotNull;
import org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.AuthenticationHandler;
import org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException;
import org.jasig.cas.authentication.handler.NamedAuthenticationHandler;
import org.jasig.cas.authentication.handler.UnsupportedCredentialsException;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver;
import org.jasig.cas.authentication.principal.Principal;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.3.1.jar:org/jasig/cas/authentication/AuthenticationManagerImpl.class */
public final class AuthenticationManagerImpl implements AuthenticationManager {

    @NotEmpty
    private List<AuthenticationHandler> authenticationHandlers;

    @NotEmpty
    private List<CredentialsToPrincipalResolver> credentialsToPrincipalResolvers;
    private final Log log = LogFactory.getLog(AuthenticationManagerImpl.class);

    @NotNull
    private List<AuthenticationMetaDataPopulator> authenticationMetaDataPopulators = new ArrayList();

    @Override // org.jasig.cas.authentication.AuthenticationManager
    @Auditable(action = "AUTHENTICATION", successSuffix = "_SUCCESS", failureSuffix = "_FAILED", actionResolverClass = ObjectCreationAuditableActionResolver.class, resourceResolverClass = CredentialsAsFirstParameterResourceResolver.class)
    public Authentication authenticate(Credentials credentials) throws AuthenticationException {
        boolean z = false;
        boolean z2 = false;
        AuthenticationHandler authenticationHandler = null;
        Iterator<AuthenticationHandler> it = this.authenticationHandlers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationHandler next = it.next();
            if (next.supports(credentials)) {
                z = true;
                if (next.authenticate(credentials)) {
                    if (this.log.isInfoEnabled()) {
                        this.log.info("AuthenticationHandler: " + next.getClass().getName() + " successfully authenticated the user which provided the following credentials: " + credentials.toString());
                    }
                    authenticationHandler = next;
                    z2 = true;
                } else if (this.log.isInfoEnabled()) {
                    this.log.info("AuthenticationHandler: " + next.getClass().getName() + " failed to authenticate the user which provided the following credentials: " + credentials.toString());
                }
            }
        }
        if (!z2) {
            if (z) {
                throw BadCredentialsAuthenticationException.ERROR;
            }
            throw UnsupportedCredentialsException.ERROR;
        }
        Authentication authentication = null;
        boolean z3 = false;
        Iterator<CredentialsToPrincipalResolver> it2 = this.credentialsToPrincipalResolvers.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            CredentialsToPrincipalResolver next2 = it2.next();
            if (next2.supports(credentials)) {
                Principal resolvePrincipal = next2.resolvePrincipal(credentials);
                z3 = true;
                if (resolvePrincipal != null) {
                    authentication = new MutableAuthentication(resolvePrincipal);
                    break;
                }
            }
        }
        if (authentication == null) {
            if (!z3) {
                this.log.error("CredentialsToPrincipalResolver not found for " + credentials.getClass().getName());
                throw UnsupportedCredentialsException.ERROR;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("CredentialsToPrincipalResolver found but no principal returned.");
            }
            throw BadCredentialsAuthenticationException.ERROR;
        }
        if (authenticationHandler instanceof NamedAuthenticationHandler) {
            authentication.getAttributes().put(AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE, ((NamedAuthenticationHandler) authenticationHandler).getName());
        }
        Iterator<AuthenticationMetaDataPopulator> it3 = this.authenticationMetaDataPopulators.iterator();
        while (it3.hasNext()) {
            authentication = it3.next().populateAttributes(authentication, credentials);
        }
        return new ImmutableAuthentication(authentication.getPrincipal(), authentication.getAttributes());
    }

    public void setAuthenticationHandlers(List<AuthenticationHandler> list) {
        this.authenticationHandlers = list;
    }

    public void setCredentialsToPrincipalResolvers(List<CredentialsToPrincipalResolver> list) {
        this.credentialsToPrincipalResolvers = list;
    }

    public void setAuthenticationMetaDataPopulators(List<AuthenticationMetaDataPopulator> list) {
        this.authenticationMetaDataPopulators = list;
    }
}
