package org.apereo.cas.authentication;

import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.PrincipalResolver;

/* loaded from: input_file:org/apereo/cas/authentication/PolicyBasedAuthenticationManager.class */
public class PolicyBasedAuthenticationManager extends AbstractAuthenticationManager {
    protected AuthenticationPolicy authenticationPolicy;

    public PolicyBasedAuthenticationManager() {
        this.authenticationPolicy = new AnyAuthenticationPolicy(false);
    }

    public PolicyBasedAuthenticationManager(AuthenticationHandler... authenticationHandlerArr) {
        super(authenticationHandlerArr);
        this.authenticationPolicy = new AnyAuthenticationPolicy(false);
    }

    public PolicyBasedAuthenticationManager(List<AuthenticationHandler> list) {
        super(list);
        this.authenticationPolicy = new AnyAuthenticationPolicy(false);
    }

    public PolicyBasedAuthenticationManager(Map<AuthenticationHandler, PrincipalResolver> map) {
        super(map);
        this.authenticationPolicy = new AnyAuthenticationPolicy(false);
    }

    @Override // org.apereo.cas.authentication.AbstractAuthenticationManager
    protected AuthenticationBuilder authenticateInternal(AuthenticationTransaction authenticationTransaction) throws AuthenticationException {
        Collection credentials = authenticationTransaction.getCredentials();
        DefaultAuthenticationBuilder defaultAuthenticationBuilder = new DefaultAuthenticationBuilder(NullPrincipal.getInstance());
        credentials.stream().forEach(credential -> {
            defaultAuthenticationBuilder.addCredential(new BasicCredentialMetaData(credential));
        });
        Set resolve = this.authenticationHandlerResolver.resolve(this.handlerResolverMap.keySet(), authenticationTransaction);
        if (!credentials.stream().anyMatch(credential2 -> {
            if (resolve.stream().filter(authenticationHandler -> {
                return authenticationHandler.supports(credential2);
            }).anyMatch(authenticationHandler2 -> {
                try {
                    authenticateAndResolvePrincipal(defaultAuthenticationBuilder, credential2, this.handlerResolverMap.get(authenticationHandler2), authenticationHandler2);
                    return this.authenticationPolicy.isSatisfiedBy(defaultAuthenticationBuilder.build());
                } catch (GeneralSecurityException e) {
                    this.logger.info("{} failed authenticating {}", authenticationHandler2.getName(), credential2);
                    this.logger.debug("{} exception details: {}", authenticationHandler2.getName(), e.getMessage());
                    defaultAuthenticationBuilder.addFailure(authenticationHandler2.getName(), e.getClass());
                    return false;
                } catch (PreventedException e2) {
                    this.logger.error("{}: {}  (Details: {})", new Object[]{authenticationHandler2.getName(), e2.getMessage(), e2.getCause().getMessage()});
                    defaultAuthenticationBuilder.addFailure(authenticationHandler2.getName(), e2.getClass());
                    return false;
                }
            })) {
                return true;
            }
            this.logger.warn("Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [{}] of type [{}], which suggests a configuration problem.", credential2, credential2.getClass().getSimpleName());
            return false;
        })) {
            evaluateProducedAuthenticationContext(defaultAuthenticationBuilder);
        }
        return defaultAuthenticationBuilder;
    }

    protected void evaluateProducedAuthenticationContext(AuthenticationBuilder authenticationBuilder) throws AuthenticationException {
        if (authenticationBuilder.getSuccesses().isEmpty()) {
            throw new AuthenticationException(authenticationBuilder.getFailures(), authenticationBuilder.getSuccesses());
        }
        if (!this.authenticationPolicy.isSatisfiedBy(authenticationBuilder.build())) {
            throw new AuthenticationException(authenticationBuilder.getFailures(), authenticationBuilder.getSuccesses());
        }
    }

    public void setAuthenticationPolicy(AuthenticationPolicy authenticationPolicy) {
        this.authenticationPolicy = authenticationPolicy;
    }
}
