package de.theit.jenkins.crowd;

import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.CredentialsExpiredException;
import org.acegisecurity.InsufficientAuthenticationException;

/* loaded from: input_file:de/theit/jenkins/crowd/CrowdAuthenticationManager.class */
public class CrowdAuthenticationManager implements AuthenticationManager {
    private static final Logger LOG = Logger.getLogger(CrowdAuthenticationManager.class.getName());
    private CrowdConfigurationService configuration;

    public CrowdAuthenticationManager(CrowdConfigurationService crowdConfigurationService) {
        this.configuration = crowdConfigurationService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String obj = authentication.getPrincipal().toString();
        if (null == authentication.getCredentials() && (authentication instanceof CrowdAuthenticationToken) && null != ((CrowdAuthenticationToken) authentication).getSSOToken()) {
            return authentication;
        }
        String obj2 = authentication.getCredentials().toString();
        if (!this.configuration.isGroupActive()) {
            throw new InsufficientAuthenticationException(ErrorMessages.userGroupNotFound(obj));
        }
        if (!this.configuration.isGroupMember(obj)) {
            throw new InsufficientAuthenticationException(ErrorMessages.userNotValid(obj, this.configuration.groupName));
        }
        try {
            this.configuration.crowdClient.authenticateUser(obj, obj2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
            arrayList.addAll(this.configuration.getAuthoritiesForUser(obj));
            return new CrowdAuthenticationToken(obj, obj2, arrayList);
        } catch (InactiveAccountException e) {
            LOG.warning(ErrorMessages.accountExpired(obj));
            throw new AccountExpiredException(ErrorMessages.accountExpired(obj), e);
        } catch (OperationFailedException e2) {
            LOG.log(Level.SEVERE, ErrorMessages.operationFailed(), e2);
            throw new AuthenticationServiceException(ErrorMessages.operationFailed(), e2);
        } catch (ExpiredCredentialException e3) {
            LOG.warning(ErrorMessages.expiredCredentials(obj));
            throw new CredentialsExpiredException(ErrorMessages.expiredCredentials(obj), e3);
        } catch (ApplicationPermissionException e4) {
            LOG.warning(ErrorMessages.applicationPermission());
            throw new AuthenticationServiceException(ErrorMessages.applicationPermission(), e4);
        } catch (UserNotFoundException e5) {
            LOG.info(ErrorMessages.userNotFound(obj));
            throw new BadCredentialsException(ErrorMessages.userNotFound(obj), e5);
        } catch (InvalidAuthenticationException e6) {
            LOG.warning(ErrorMessages.invalidAuthentication());
            throw new AuthenticationServiceException(ErrorMessages.invalidAuthentication(), e6);
        }
    }
}
