package org.sonar.server.authentication;

import java.util.HashSet;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.Startable;
import org.sonar.api.config.Settings;
import org.sonar.api.security.Authenticator;
import org.sonar.api.security.ExternalGroupsProvider;
import org.sonar.api.security.ExternalUsersProvider;
import org.sonar.api.security.SecurityRealm;
import org.sonar.api.security.UserDetails;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.user.SecurityRealmFactory;
import org.sonar.server.user.UserUpdater;

/* loaded from: input_file:org/sonar/server/authentication/RealmAuthenticator.class */
public class RealmAuthenticator implements Startable {
    private static final Logger LOG = Loggers.get(RealmAuthenticator.class);
    private final Settings settings;
    private final SecurityRealmFactory securityRealmFactory;
    private final UserIdentityAuthenticator userIdentityAuthenticator;
    private final AuthenticationEvent authenticationEvent;
    private SecurityRealm realm;
    private Authenticator authenticator;
    private ExternalUsersProvider externalUsersProvider;
    private ExternalGroupsProvider externalGroupsProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/authentication/RealmAuthenticator$ExternalIdentityProvider.class */
    public class ExternalIdentityProvider implements IdentityProvider {
        private ExternalIdentityProvider() {
        }

        public String getKey() {
            return UserUpdater.SQ_AUTHORITY;
        }

        public String getName() {
            return UserUpdater.SQ_AUTHORITY;
        }

        public Display getDisplay() {
            return null;
        }

        public boolean isEnabled() {
            return true;
        }

        public boolean allowsUsersToSignUp() {
            return RealmAuthenticator.this.settings.getBoolean("sonar.authenticator.createUsers");
        }
    }

    public RealmAuthenticator(Settings settings, SecurityRealmFactory securityRealmFactory, UserIdentityAuthenticator userIdentityAuthenticator, AuthenticationEvent authenticationEvent) {
        this.settings = settings;
        this.securityRealmFactory = securityRealmFactory;
        this.userIdentityAuthenticator = userIdentityAuthenticator;
        this.authenticationEvent = authenticationEvent;
    }

    public void start() {
        this.realm = this.securityRealmFactory.getRealm();
        if (this.realm != null) {
            this.authenticator = (Authenticator) Objects.requireNonNull(this.realm.doGetAuthenticator(), "No authenticator available");
            this.externalUsersProvider = (ExternalUsersProvider) Objects.requireNonNull(this.realm.getUsersProvider(), "No users provider available");
            this.externalGroupsProvider = this.realm.getGroupsProvider();
        }
    }

    public Optional<UserDto> authenticate(String str, String str2, HttpServletRequest httpServletRequest, AuthenticationEvent.Method method) {
        return this.realm == null ? Optional.empty() : Optional.of(doAuthenticate(getLogin(str), str2, httpServletRequest, method));
    }

    private UserDto doAuthenticate(String str, String str2, HttpServletRequest httpServletRequest, AuthenticationEvent.Method method) {
        try {
            UserDetails doGetUserDetails = this.externalUsersProvider.doGetUserDetails(new ExternalUsersProvider.Context(str, httpServletRequest));
            if (doGetUserDetails == null) {
                throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(str).setMessage("No user details").build();
            }
            if (!this.authenticator.doAuthenticate(new Authenticator.Context(str, str2, httpServletRequest))) {
                throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(str).setMessage("Realm returned authenticate=false").build();
            }
            UserDto synchronize = synchronize(str, doGetUserDetails, httpServletRequest, method);
            this.authenticationEvent.login(httpServletRequest, str, realmEventSource(method));
            return synchronize;
        } catch (AuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Error during authentication", e2);
            throw AuthenticationException.newBuilder().setSource(realmEventSource(method)).setLogin(str).setMessage(e2.getMessage()).build();
        }
    }

    private AuthenticationEvent.Source realmEventSource(AuthenticationEvent.Method method) {
        return AuthenticationEvent.Source.realm(method, this.realm.getName());
    }

    private UserDto synchronize(String str, UserDetails userDetails, HttpServletRequest httpServletRequest, AuthenticationEvent.Method method) {
        String name = userDetails.getName();
        UserIdentity.Builder providerLogin = UserIdentity.builder().setLogin(str).setName(StringUtils.isEmpty(name) ? str : name).setEmail(StringUtils.trimToNull(userDetails.getEmail())).setProviderLogin(str);
        if (this.externalGroupsProvider != null) {
            providerLogin.setGroups(new HashSet(this.externalGroupsProvider.doGetGroups(new ExternalGroupsProvider.Context(str, httpServletRequest))));
        }
        return this.userIdentityAuthenticator.authenticate(providerLogin.build(), new ExternalIdentityProvider(), realmEventSource(method));
    }

    private String getLogin(String str) {
        return this.settings.getBoolean("sonar.authenticator.downcase") ? str.toLowerCase(Locale.ENGLISH) : str;
    }

    public void stop() {
    }
}
