package org.sonar.server.authentication;

import java.util.Optional;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;

/* loaded from: input_file:org/sonar/server/authentication/CredentialsAuthenticator.class */
public class CredentialsAuthenticator {
    private final DbClient dbClient;
    private final RealmAuthenticator externalAuthenticator;
    private final AuthenticationEvent authenticationEvent;

    public CredentialsAuthenticator(DbClient dbClient, RealmAuthenticator realmAuthenticator, AuthenticationEvent authenticationEvent) {
        this.dbClient = dbClient;
        this.externalAuthenticator = realmAuthenticator;
        this.authenticationEvent = authenticationEvent;
    }

    public UserDto authenticate(String str, String str2, HttpServletRequest httpServletRequest, AuthenticationEvent.Method method) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            UserDto authenticate = authenticate(openSession, str, str2, httpServletRequest, method);
            this.dbClient.closeSession(openSession);
            return authenticate;
        } catch (Throwable th) {
            this.dbClient.closeSession(openSession);
            throw th;
        }
    }

    private UserDto authenticate(DbSession dbSession, String str, String str2, HttpServletRequest httpServletRequest, AuthenticationEvent.Method method) {
        UserDto selectActiveUserByLogin = this.dbClient.userDao().selectActiveUserByLogin(dbSession, str);
        if (selectActiveUserByLogin != null && selectActiveUserByLogin.isLocal()) {
            UserDto authenticateFromDb = authenticateFromDb(selectActiveUserByLogin, str2, method);
            this.authenticationEvent.loginSuccess(httpServletRequest, str, AuthenticationEvent.Source.local(method));
            return authenticateFromDb;
        }
        Optional<UserDto> authenticate = this.externalAuthenticator.authenticate(str, str2, httpServletRequest, method);
        if (authenticate.isPresent()) {
            return authenticate.get();
        }
        throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(method)).setLogin(str).setMessage((selectActiveUserByLogin == null || selectActiveUserByLogin.isLocal()) ? "No active user for login" : "User is not local").build();
    }

    private static UserDto authenticateFromDb(UserDto userDto, String str, AuthenticationEvent.Method method) {
        String checkPassword = checkPassword(userDto.getCryptedPassword(), userDto.getSalt(), str);
        if (checkPassword == null) {
            return userDto;
        }
        throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(method)).setLogin(userDto.getLogin()).setMessage(checkPassword).build();
    }

    @CheckForNull
    private static String checkPassword(@Nullable String str, @Nullable String str2, String str3) {
        if (str == null) {
            return "null password in DB";
        }
        if (str2 == null) {
            return "null salt";
        }
        if (str.equals(UserDto.encryptPassword(str3, str2))) {
            return null;
        }
        return "wrong password";
    }
}
