package org.codehaus.redback.jsecurity;

import java.util.HashSet;
import java.util.Iterator;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.AuthenticationInfo;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.SimpleAuthenticationInfo;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.authc.credential.CredentialsMatcher;
import org.jsecurity.authz.AuthorizationInfo;
import org.jsecurity.authz.SimpleAuthorizationInfo;
import org.jsecurity.realm.AuthorizingRealm;
import org.jsecurity.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codehaus/redback/jsecurity/RedbackRealm.class */
public class RedbackRealm extends AuthorizingRealm {
    private Logger log = LoggerFactory.getLogger(RedbackRealm.class);
    private final UserManager userManager;
    private final RBACManager rbacManager;
    private final UserSecurityPolicy securityPolicy;

    /* loaded from: input_file:org/codehaus/redback/jsecurity/RedbackRealm$RedbackAuthenticationInfo.class */
    final class RedbackAuthenticationInfo extends SimpleAuthenticationInfo {
        private final User user;

        public RedbackAuthenticationInfo(User user, String str) {
            super(user.getPrincipal(), user.getEncodedPassword(), str);
            this.user = user;
        }

        public User getUser() {
            return this.user;
        }
    }

    public RedbackRealm(UserManager userManager, RBACManager rBACManager, UserSecurityPolicy userSecurityPolicy) {
        this.userManager = userManager;
        this.rbacManager = rBACManager;
        this.securityPolicy = userSecurityPolicy;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String str = (String) principalCollection.fromRealm(getName()).iterator().next();
        try {
            HashSet hashSet = new HashSet(this.rbacManager.getUserAssignment(str).getRoleNames());
            HashSet hashSet2 = new HashSet();
            Iterator it = this.rbacManager.getAssignedPermissions(str).iterator();
            while (it.hasNext()) {
                hashSet2.add(((Permission) it.next()).getName());
            }
            SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(hashSet);
            simpleAuthorizationInfo.setStringPermissions(hashSet2);
            return simpleAuthorizationInfo;
        } catch (RbacManagerException e) {
            this.log.error("Could not authenticate against data source", e);
            return null;
        }
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (authenticationToken == null) {
            throw new AuthenticationException("AuthenticationToken cannot be null");
        }
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        User user = null;
        try {
            user = this.userManager.findUser(usernamePasswordToken.getUsername());
        } catch (UserNotFoundException e) {
            this.log.error("Could not find user " + usernamePasswordToken.getUsername());
        }
        if (user == null) {
            return null;
        }
        if (user.isLocked() && !user.isPasswordChangeRequired()) {
            throw new PrincipalLockedException("User " + user.getPrincipal() + " is locked.");
        }
        if (user.isPasswordChangeRequired()) {
            throw new PrincipalPasswordChangeRequiredException("Password change is required for user " + user.getPrincipal());
        }
        return new RedbackAuthenticationInfo(user, getName());
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return new CredentialsMatcher() { // from class: org.codehaus.redback.jsecurity.RedbackRealm.1
            public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
                boolean equals = RedbackRealm.this.securityPolicy.getPasswordEncoder().encodePassword(new String((char[]) authenticationToken.getCredentials())).equals((String) authenticationInfo.getCredentials());
                if (!equals) {
                    User user = ((RedbackAuthenticationInfo) authenticationInfo).getUser();
                    try {
                        try {
                            RedbackRealm.this.securityPolicy.extensionExcessiveLoginAttempts(user);
                            try {
                                RedbackRealm.this.userManager.updateUser(user);
                            } catch (UserNotFoundException e) {
                                RedbackRealm.this.log.error("The user to be updated could not be found", e);
                            }
                        } catch (AccountLockedException e2) {
                            RedbackRealm.this.log.info("User " + user.getUsername() + " has been locked", e2);
                            try {
                                RedbackRealm.this.userManager.updateUser(user);
                            } catch (UserNotFoundException e3) {
                                RedbackRealm.this.log.error("The user to be updated could not be found", e3);
                            }
                        }
                    } catch (Throwable th) {
                        try {
                            RedbackRealm.this.userManager.updateUser(user);
                        } catch (UserNotFoundException e4) {
                            RedbackRealm.this.log.error("The user to be updated could not be found", e4);
                        }
                        throw th;
                    }
                }
                return equals;
            }
        };
    }
}
