package de.theit.jenkins.crowd;

import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:de/theit/jenkins/crowd/CrowdAuthenticationManager.class */
public class CrowdAuthenticationManager implements AuthenticationManager {
    private static final Logger LOG = Logger.getLogger(CrowdAuthenticationManager.class.getName());
    private CrowdConfigurationService configuration;

    public CrowdAuthenticationManager(CrowdConfigurationService crowdConfigurationService) {
        this.configuration = crowdConfigurationService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication == null) {
            return null;
        }
        String obj = authentication.getPrincipal().toString();
        if (null == authentication.getCredentials() && (authentication instanceof CrowdAuthenticationToken) && null != ((CrowdAuthenticationToken) authentication).getSSOToken()) {
            LOG.log(Level.FINER, "User '{0}' already authenticated", obj);
            return authentication;
        }
        String obj2 = authentication.getCredentials().toString();
        if (!this.configuration.isGroupMember(obj)) {
            throw new InsufficientAuthenticationException(ErrorMessages.userNotValid(obj, this.configuration.getAllowedGroupNames()));
        }
        try {
            LOG.log(Level.FINE, "Authenticating user: {0}", obj);
            CrowdAuthenticationToken.updateUserInfo(this.configuration.authenticateUser(obj, obj2));
            ArrayList arrayList = new ArrayList();
            arrayList.add(SecurityRealm.AUTHENTICATED_AUTHORITY2);
            arrayList.addAll(this.configuration.getAuthoritiesForUser(obj));
            LOG.log(Level.FINE, "User successfully authenticated; creating authentication token");
            return new CrowdAuthenticationToken(obj, obj2, arrayList, null);
        } catch (InactiveAccountException e) {
            LOG.log(Level.WARNING, ErrorMessages.accountExpired(obj));
            throw new AccountExpiredException(ErrorMessages.accountExpired(obj), e);
        } catch (UserNotFoundException e2) {
            LOG.log(Level.INFO, ErrorMessages.userNotFound(obj));
            throw new BadCredentialsException(ErrorMessages.userNotFound(obj), e2);
        } catch (OperationFailedException e3) {
            LOG.log(Level.SEVERE, ErrorMessages.operationFailed(), e3);
            throw new AuthenticationServiceException(ErrorMessages.operationFailed(), e3);
        } catch (ExpiredCredentialException e4) {
            LOG.log(Level.WARNING, ErrorMessages.expiredCredentials(obj));
            throw new CredentialsExpiredException(ErrorMessages.expiredCredentials(obj), e4);
        } catch (ApplicationPermissionException e5) {
            LOG.log(Level.WARNING, ErrorMessages.applicationPermission());
            throw new AuthenticationServiceException(ErrorMessages.applicationPermission(), e5);
        } catch (InvalidAuthenticationException e6) {
            LOG.log(Level.WARNING, ErrorMessages.invalidAuthentication());
            throw new AuthenticationServiceException(ErrorMessages.invalidAuthentication(), e6);
        }
    }
}
