package com.atlassian.crowd.integration.acegi;

import com.atlassian.crowd.integration.acegi.user.CrowdUserDetails;
import com.atlassian.crowd.integration.acegi.user.CrowdUserDetailsService;
import com.atlassian.crowd.integration.authentication.ValidationFactor;
import com.atlassian.crowd.integration.exception.InactiveAccountException;
import com.atlassian.crowd.integration.exception.InvalidAuthenticationException;
import com.atlassian.crowd.integration.exception.InvalidTokenException;
import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.integration.service.AuthenticationManager;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.DisabledException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:com/atlassian/crowd/integration/acegi/CrowdAuthenticationProvider.class */
public class CrowdAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private static final Log logger = LogFactory.getLog(CrowdAuthenticationProvider.class);
    protected AuthenticationManager authenticationManager;
    protected HttpAuthenticator httpAuthenticator;
    protected CrowdUserDetailsService userDetailsService;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        Authentication authentication2 = null;
        if (authentication instanceof UsernamePasswordAuthenticationToken) {
            logger.debug("Processing a UsernamePasswordAuthenticationToken");
            authentication2 = authenticateUsernamePassword((UsernamePasswordAuthenticationToken) authentication);
        } else if (authentication instanceof CrowdSSOAuthenticationToken) {
            logger.debug("Processing a CrowdSSOAuthenticationToken");
            authentication2 = authenticateCrowdSSO((CrowdSSOAuthenticationToken) authentication);
        }
        return authentication2;
    }

    protected Authentication authenticateUsernamePassword(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        CrowdSSOAuthenticationToken usernamePasswordAuthenticationToken2;
        if (usernamePasswordAuthenticationToken.getPrincipal() == null || StringUtils.isEmpty(usernamePasswordAuthenticationToken.getPrincipal().toString())) {
            throw new BadCredentialsException("UsernamePasswordAuthenticationToken contains empty username");
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null || StringUtils.isEmpty(usernamePasswordAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException("UsernamePasswordAuthenticationToken contains empty password");
        }
        try {
            if (usernamePasswordAuthenticationToken.getDetails() == null || !(usernamePasswordAuthenticationToken.getDetails() instanceof ValidationFactor[])) {
                this.httpAuthenticator.verifyAuthentication(usernamePasswordAuthenticationToken.getPrincipal().toString(), usernamePasswordAuthenticationToken.getCredentials().toString());
                CrowdUserDetails m3loadUserByUsername = this.userDetailsService.m3loadUserByUsername(usernamePasswordAuthenticationToken.getPrincipal().toString());
                usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(m3loadUserByUsername, usernamePasswordAuthenticationToken.getCredentials(), m3loadUserByUsername.getAuthorities());
            } else {
                String verifyAuthentication = this.httpAuthenticator.verifyAuthentication(usernamePasswordAuthenticationToken.getPrincipal().toString(), usernamePasswordAuthenticationToken.getCredentials().toString(), (ValidationFactor[]) usernamePasswordAuthenticationToken.getDetails());
                CrowdUserDetails m3loadUserByUsername2 = this.userDetailsService.m3loadUserByUsername(usernamePasswordAuthenticationToken.getPrincipal().toString());
                usernamePasswordAuthenticationToken2 = new CrowdSSOAuthenticationToken(m3loadUserByUsername2, verifyAuthentication, m3loadUserByUsername2.getAuthorities());
            }
            return usernamePasswordAuthenticationToken2;
        } catch (Exception e) {
            throw translateException(e);
        }
    }

    protected Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken crowdSSOAuthenticationToken) throws AuthenticationException {
        if (crowdSSOAuthenticationToken.getCredentials() == null || StringUtils.isEmpty(crowdSSOAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException("CrowdSSOAuthenticationToken contains empty token credential");
        }
        if (crowdSSOAuthenticationToken.getDetails() == null || !(crowdSSOAuthenticationToken.getDetails() instanceof ValidationFactor[])) {
            throw new BadCredentialsException("CrowdSSOAuthenticationToken does not contain any validation factors");
        }
        String obj = crowdSSOAuthenticationToken.getCredentials().toString();
        try {
            if (!this.authenticationManager.isAuthenticated(obj, (ValidationFactor[]) crowdSSOAuthenticationToken.getDetails())) {
                throw new CrowdSSOTokenInvalidException("Crowd SSO token is invalid");
            }
            CrowdUserDetails loadUserByToken = this.userDetailsService.loadUserByToken(obj);
            return new CrowdSSOAuthenticationToken(loadUserByToken, obj, loadUserByToken.getAuthorities());
        } catch (Exception e) {
            throw translateException(e);
        }
    }

    protected AuthenticationException translateException(Exception exc) {
        return exc instanceof AuthenticationException ? (AuthenticationException) exc : ((exc instanceof InvalidAuthenticationException) || (exc instanceof InvalidTokenException)) ? new BadCredentialsException(exc.getMessage(), exc) : exc instanceof InactiveAccountException ? new DisabledException(exc.getMessage(), exc) : new AuthenticationServiceException(exc.getMessage(), exc);
    }

    public boolean supports(Class cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls) || CrowdSSOAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "A Crowd authenticationManager must be set");
        Assert.notNull(this.httpAuthenticator, "An httpAuthenticator must be set");
        Assert.notNull(this.userDetailsService, "A userDetailsService must be set");
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator) {
        this.httpAuthenticator = httpAuthenticator;
    }

    public void setUserDetailsService(CrowdUserDetailsService crowdUserDetailsService) {
        this.userDetailsService = crowdUserDetailsService;
    }
}
