package org.codehaus.plexus.redback.authentication.users;

import java.util.HashMap;
import javax.annotation.Resource;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.policy.PasswordEncoder;
import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#user-manager")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-users-1.2.3.jar:org/codehaus/plexus/redback/authentication/users/UserManagerAuthenticator.class */
public class UserManagerAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(UserManagerAuthenticator.class);

    @Resource(name = "userManager#jdo")
    private UserManager userManager;

    @Resource
    private UserSecurityPolicy securityPolicy;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "UserManagerAuthenticator";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
        User findUser;
        String str = null;
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        HashMap hashMap = new HashMap();
        try {
            this.log.debug("Authenticate: " + passwordBasedAuthenticationDataSource);
            findUser = this.userManager.findUser(passwordBasedAuthenticationDataSource.getPrincipal());
            str = findUser.getUsername();
        } catch (UserNotFoundException e) {
            this.log.warn("Login for user " + passwordBasedAuthenticationDataSource.getPrincipal() + " failed. user not found.");
            hashMap.put("1", "Login for user \" + source.getPrincipal() + \" failed. user not found.");
            return new AuthenticationResult(false, str, e, hashMap);
        }
        if (findUser.isLocked()) {
            throw new AccountLockedException("Account " + passwordBasedAuthenticationDataSource.getPrincipal() + " is locked.", findUser);
        }
        if (findUser.isPasswordChangeRequired() && passwordBasedAuthenticationDataSource.isEnforcePasswordChange()) {
            throw new MustChangePasswordException("Password expired.", findUser);
        }
        PasswordEncoder passwordEncoder = this.securityPolicy.getPasswordEncoder();
        this.log.debug("PasswordEncoder: " + passwordEncoder.getClass().getName());
        if (!passwordEncoder.isPasswordValid(findUser.getEncodedPassword(), passwordBasedAuthenticationDataSource.getPassword())) {
            this.log.warn("Password is Invalid for user " + passwordBasedAuthenticationDataSource.getPrincipal() + ".");
            hashMap.put("1", "Password is Invalid for user " + passwordBasedAuthenticationDataSource.getPrincipal() + ".");
            try {
                this.securityPolicy.extensionExcessiveLoginAttempts(findUser);
                this.userManager.updateUser(findUser);
                return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null, hashMap);
            } catch (Throwable th) {
                this.userManager.updateUser(findUser);
                throw th;
            }
        }
        this.log.debug("User " + passwordBasedAuthenticationDataSource.getPrincipal() + " provided a valid password");
        try {
            this.securityPolicy.extensionPasswordExpiration(findUser);
            if (findUser.getCountFailedLoginAttempts() > 0) {
                findUser.setCountFailedLoginAttempts(0);
                this.userManager.updateUser(findUser);
            }
            return new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getPrincipal(), null);
        } catch (MustChangePasswordException e2) {
            findUser.setPasswordChangeRequired(true);
            throw e2;
        }
        this.log.warn("Login for user " + passwordBasedAuthenticationDataSource.getPrincipal() + " failed. user not found.");
        hashMap.put("1", "Login for user \" + source.getPrincipal() + \" failed. user not found.");
        return new AuthenticationResult(false, str, e, hashMap);
    }

    public UserManager getUserManager() {
        return this.userManager;
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }
}
