package com.atlassian.crowd.plugin.rest.service.controller;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.manager.application.ApplicationAccessDeniedException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.authentication.TokenAuthenticationManager;
import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.plugin.rest.entity.PasswordEntity;
import com.atlassian.crowd.plugin.rest.entity.UserEntity;
import com.atlassian.crowd.plugin.rest.util.EntityTranslator;
import com.atlassian.crowd.plugin.rest.util.LinkUriHelper;
import java.net.URI;

/* loaded from: input_file:com/atlassian/crowd/plugin/rest/service/controller/AuthenticationController.class */
public class AuthenticationController extends AbstractResourceController {
    final TokenAuthenticationManager tokenAuthenticationManager;

    public AuthenticationController(ApplicationService applicationService, ApplicationManager applicationManager, TokenAuthenticationManager tokenAuthenticationManager) {
        super(applicationService, applicationManager);
        this.tokenAuthenticationManager = tokenAuthenticationManager;
    }

    public UserEntity authenticateUser(String str, String str2, PasswordEntity passwordEntity, URI uri) throws ExpiredCredentialException, InactiveAccountException, InvalidAuthenticationException, OperationFailedException {
        User authenticateUser = this.applicationService.authenticateUser(getApplication(str), str2, PasswordCredential.unencrypted(passwordEntity.getValue()));
        validateUserAuthorisation(str, str2, passwordEntity.getValue());
        return EntityTranslator.toUserEntity(authenticateUser, LinkUriHelper.buildUserLink(uri, authenticateUser.getName()));
    }

    private void validateUserAuthorisation(String str, String str2, String str3) throws ExpiredCredentialException, InvalidAuthenticationException, InactiveAccountException, OperationFailedException {
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setApplication(str);
        userAuthenticationContext.setName(str2);
        userAuthenticationContext.setCredential(PasswordCredential.unencrypted(str3));
        userAuthenticationContext.setValidationFactors(new ValidationFactor[0]);
        try {
            this.tokenAuthenticationManager.authenticateUser(userAuthenticationContext);
        } catch (ApplicationAccessDeniedException e) {
            throw new InvalidAuthenticationException("User is not allowed to authenticate with the application", e);
        } catch (ObjectNotFoundException e2) {
            throw new IllegalStateException("Application should have been authenticated already", e2);
        }
    }
}
