package org.craftercms.security.authentication.impl;

import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.Ticket;
import org.craftercms.profile.api.exceptions.ErrorCode;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.AuthenticationService;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.profile.exceptions.ProfileRestServiceException;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationCache;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.exception.AuthenticationException;
import org.craftercms.security.exception.AuthenticationSystemException;
import org.craftercms.security.exception.BadCredentialsException;
import org.craftercms.security.exception.DisabledUserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-3.0.6.jar:org/craftercms/security/authentication/impl/AuthenticationManagerImpl.class */
public class AuthenticationManagerImpl implements AuthenticationManager {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationManagerImpl.class);
    protected AuthenticationService authenticationService;
    protected ProfileService profileService;
    protected AuthenticationCache authenticationCache;

    @Required
    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Required
    public void setProfileService(ProfileService profileService) {
        this.profileService = profileService;
    }

    @Required
    public void setAuthenticationCache(AuthenticationCache authenticationCache) {
        this.authenticationCache = authenticationCache;
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public Authentication authenticateUser(String str, String str2, String str3) {
        try {
            Ticket authenticate = this.authenticationService.authenticate(str, str2, str3);
            Profile profile = this.profileService.getProfile(authenticate.getProfileId(), new String[0]);
            if (profile == null) {
                throw new AuthenticationSystemException("No profile found for ID '" + authenticate.getProfileId() + "'");
            }
            String id = authenticate.getId();
            DefaultAuthentication defaultAuthentication = new DefaultAuthentication(id, profile);
            this.authenticationCache.putAuthentication(defaultAuthentication);
            logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", authenticate.getProfileId(), id);
            return defaultAuthentication;
        } catch (ProfileRestServiceException e) {
            switch (e.getErrorCode()) {
                case DISABLED_PROFILE:
                    throw new DisabledUserException("User is disabled", e);
                case BAD_CREDENTIALS:
                    throw new BadCredentialsException("Invalid username and/or password", e);
                default:
                    throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
            }
        } catch (ProfileException e2) {
            throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e2);
        }
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public Authentication authenticateUser(String[] strArr, String str, String str2) throws AuthenticationException {
        for (String str3 : strArr) {
            try {
                return authenticateUser(str3, str, str2);
            } catch (BadCredentialsException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Authentication attempt for user '" + str + "' with tenant '" + str3 + "' failed. Trying with next tenant...", (Throwable) e);
                }
            }
        }
        throw new BadCredentialsException("Invalid username and/or password");
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public Authentication authenticateUser(Profile profile) throws AuthenticationException {
        return authenticateUser(profile, false);
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public Authentication authenticateUser(Profile profile, boolean z) throws AuthenticationException {
        try {
            Ticket createTicket = this.authenticationService.createTicket(profile.getId().toString());
            String id = createTicket.getId();
            DefaultAuthentication defaultAuthentication = new DefaultAuthentication(id, profile, z);
            this.authenticationCache.putAuthentication(defaultAuthentication);
            logger.debug("Authentication successful for user '{}' (ticket ID = '{}')", createTicket.getProfileId(), id);
            return defaultAuthentication;
        } catch (ProfileRestServiceException e) {
            if (e.getErrorCode() == ErrorCode.DISABLED_PROFILE) {
                throw new DisabledUserException("User is disabled", e);
            }
            throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e);
        } catch (ProfileException e2) {
            throw new AuthenticationSystemException("An unexpected error occurred while authenticating", e2);
        }
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public Authentication getAuthentication(String str, boolean z) throws AuthenticationException {
        Authentication authentication = null;
        if (!z) {
            authentication = this.authenticationCache.getAuthentication(str);
        }
        if (authentication == null) {
            if (z) {
                logger.debug("Profile reload forced for ticket '{}'", str);
            } else {
                logger.debug("Ticket '{}' found in request but there's no cached authentication for it", str);
            }
            Profile loadProfile = loadProfile(str);
            if (loadProfile == null) {
                return null;
            }
            authentication = new DefaultAuthentication(str, loadProfile);
            this.authenticationCache.putAuthentication(authentication);
        }
        return authentication;
    }

    @Override // org.craftercms.security.authentication.AuthenticationManager
    public void invalidateAuthentication(Authentication authentication) {
        try {
            this.authenticationCache.removeAuthentication(authentication.getTicket());
            this.authenticationService.invalidateTicket(authentication.getTicket());
            logger.debug("Ticket '{}' successfully invalidated");
        } catch (ProfileException e) {
            throw new AuthenticationSystemException("An unexpected error occurred while attempting to invalidate ticket '" + authentication.getTicket() + "'", e);
        }
    }

    protected Profile loadProfile(String str) throws AuthenticationException {
        try {
            Profile profileByTicket = this.profileService.getProfileByTicket(str, new String[0]);
            if (profileByTicket == null) {
                throw new AuthenticationSystemException("No profile found for ticket '" + str + "'");
            }
            logger.debug("Profile '{}' retrieved for ticket '{}'", profileByTicket.getId(), str);
            return profileByTicket;
        } catch (ProfileRestServiceException e) {
            if (e.getErrorCode() != ErrorCode.NO_SUCH_TICKET) {
                throw new AuthenticationSystemException("An unexpected error occurred while attempting to retrieve profile for ticket '" + str + "'", e);
            }
            logger.debug("Ticket '{}' is invalid", str);
            return null;
        } catch (ProfileException e2) {
            throw new AuthenticationSystemException("An unexpected error occurred while attempting to retrieve profile for ticket '" + str + "'", e2);
        }
    }
}
