package com.atlassian.crowd.integration.acegi;

import com.atlassian.crowd.integration.acegi.user.CrowdUserDetails;
import com.atlassian.crowd.integration.authentication.ValidationFactor;
import com.atlassian.crowd.integration.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.integration.exception.InactiveAccountException;
import com.atlassian.crowd.integration.exception.InvalidAuthenticationException;
import com.atlassian.crowd.integration.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.integration.exception.InvalidTokenException;
import java.rmi.RemoteException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.DisabledException;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:fecru-2.1.0.M1/lib/crowd-integration-client-1.6.2.jar:com/atlassian/crowd/integration/acegi/CrowdAuthenticationProvider.class */
public abstract class CrowdAuthenticationProvider implements AuthenticationProvider {
    private static final Log logger = LogFactory.getLog(CrowdAuthenticationProvider.class);
    protected final String applicationName;

    /* JADX INFO: Access modifiers changed from: protected */
    public CrowdAuthenticationProvider(String str) {
        this.applicationName = str;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass()) || !supports((AbstractAuthenticationToken) authentication)) {
            return null;
        }
        Authentication authentication2 = null;
        if (authentication instanceof UsernamePasswordAuthenticationToken) {
            logger.debug("Processing a UsernamePasswordAuthenticationToken");
            authentication2 = authenticateUsernamePassword((UsernamePasswordAuthenticationToken) authentication);
        } else if (authentication instanceof CrowdSSOAuthenticationToken) {
            logger.debug("Processing a CrowdSSOAuthenticationToken");
            authentication2 = authenticateCrowdSSO((CrowdSSOAuthenticationToken) authentication);
        }
        return authentication2;
    }

    protected Authentication authenticateUsernamePassword(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        CrowdSSOAuthenticationToken usernamePasswordAuthenticationToken2;
        if (usernamePasswordAuthenticationToken.getPrincipal() == null || StringUtils.isEmpty(usernamePasswordAuthenticationToken.getPrincipal().toString())) {
            throw new BadCredentialsException("UsernamePasswordAuthenticationToken contains empty username");
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null || StringUtils.isEmpty(usernamePasswordAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException("UsernamePasswordAuthenticationToken contains empty password");
        }
        try {
            if (usernamePasswordAuthenticationToken.getDetails() == null || !(usernamePasswordAuthenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails)) {
                authenticate(usernamePasswordAuthenticationToken.getPrincipal().toString(), usernamePasswordAuthenticationToken.getCredentials().toString(), new ValidationFactor[0]);
                CrowdUserDetails loadUserByUsername = loadUserByUsername(usernamePasswordAuthenticationToken.getPrincipal().toString());
                usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(loadUserByUsername, usernamePasswordAuthenticationToken.getCredentials(), loadUserByUsername.getAuthorities());
            } else {
                String authenticate = authenticate(usernamePasswordAuthenticationToken.getPrincipal().toString(), usernamePasswordAuthenticationToken.getCredentials().toString(), ((CrowdSSOAuthenticationDetails) usernamePasswordAuthenticationToken.getDetails()).getValidationFactors());
                CrowdUserDetails loadUserByUsername2 = loadUserByUsername(usernamePasswordAuthenticationToken.getPrincipal().toString());
                usernamePasswordAuthenticationToken2 = new CrowdSSOAuthenticationToken(loadUserByUsername2, authenticate, loadUserByUsername2.getAuthorities());
            }
            return usernamePasswordAuthenticationToken2;
        } catch (Exception e) {
            throw translateException(e);
        }
    }

    protected abstract boolean isAuthenticated(String str, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException;

    protected abstract String authenticate(String str, String str2, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ApplicationAccessDeniedException;

    protected abstract CrowdUserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException;

    protected abstract CrowdUserDetails loadUserByToken(String str) throws CrowdSSOTokenInvalidException, DataAccessException;

    protected Authentication authenticateCrowdSSO(CrowdSSOAuthenticationToken crowdSSOAuthenticationToken) throws AuthenticationException {
        if (crowdSSOAuthenticationToken.getCredentials() == null || StringUtils.isEmpty(crowdSSOAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException("CrowdSSOAuthenticationToken contains empty token credential");
        }
        if (crowdSSOAuthenticationToken.getDetails() == null || !(crowdSSOAuthenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails)) {
            throw new BadCredentialsException("CrowdSSOAuthenticationToken does not contain any validation factors");
        }
        String obj = crowdSSOAuthenticationToken.getCredentials().toString();
        try {
            if (!isAuthenticated(obj, ((CrowdSSOAuthenticationDetails) crowdSSOAuthenticationToken.getDetails()).getValidationFactors())) {
                throw new CrowdSSOTokenInvalidException("Crowd SSO token is invalid");
            }
            CrowdUserDetails loadUserByToken = loadUserByToken(obj);
            return new CrowdSSOAuthenticationToken(loadUserByToken, obj, loadUserByToken.getAuthorities());
        } catch (Exception e) {
            throw translateException(e);
        }
    }

    protected AuthenticationException translateException(Exception exc) {
        return exc instanceof AuthenticationException ? (AuthenticationException) exc : exc instanceof ApplicationAccessDeniedException ? new CrowdAccessDeniedException("User does not have access to application: " + this.applicationName) : ((exc instanceof InvalidAuthenticationException) || (exc instanceof InvalidTokenException)) ? new BadCredentialsException(exc.getMessage(), exc) : exc instanceof InactiveAccountException ? new DisabledException(exc.getMessage(), exc) : new AuthenticationServiceException(exc.getMessage(), exc);
    }

    public boolean supports(Class cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls) || CrowdSSOAuthenticationToken.class.isAssignableFrom(cls);
    }

    public boolean supports(AbstractAuthenticationToken abstractAuthenticationToken) {
        if (abstractAuthenticationToken.getDetails() == null || !(abstractAuthenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails)) {
            return true;
        }
        if (abstractAuthenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails) {
            return ((CrowdSSOAuthenticationDetails) abstractAuthenticationToken.getDetails()).getApplicationName().equals(this.applicationName);
        }
        return false;
    }
}
