package com.atlassian.stash.internal.user;

import com.atlassian.stash.exception.AuthenticationFailedException;
import com.atlassian.stash.exception.OperationFailedException;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.license.LicenseService;
import com.atlassian.stash.user.CaptchaAuthenticationException;
import com.atlassian.stash.user.CaptchaResponse;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

@Component("authenticationProvider")
/* loaded from: input_file:com/atlassian/stash/internal/user/AuthenticationProviderImpl.class */
public class AuthenticationProviderImpl implements AuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationProviderImpl.class);
    private final UserService userService;
    private final LicenseService licenseService;
    private final I18nService i18nService;

    @Autowired
    public AuthenticationProviderImpl(UserService userService, LicenseService licenseService, I18nService i18nService) {
        this.userService = userService;
        this.licenseService = licenseService;
        this.i18nService = i18nService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
            return null;
        }
        if (!isNonEmptyString(authentication.getPrincipal()) || !isNullOrString(authentication.getCredentials())) {
            throw new BadStashCredentialsException(this.i18nService.getText("stash.web.auth.failed", "Invalid username or password", new Object[0]));
        }
        String str = (String) authentication.getPrincipal();
        String str2 = (String) authentication.getCredentials();
        try {
            StashUser authenticate = this.userService.authenticate(str, str2 == null ? "" : str2, extractCaptchaResponseFromAuth(authentication));
            if (this.licenseService.isUserLicensed(authenticate)) {
                return new StashUserAuthenticationToken(authenticate);
            }
            throw new DisabledException("User does not have permission to access this system");
        } catch (CaptchaAuthenticationException e) {
            throw new BadCaptchaException(reauthWithWebappMessage(e, authentication));
        } catch (AuthenticationFailedException e2) {
            throw new BadStashCredentialsException(reauthWithWebappMessage(e2, authentication), e2.captchaRequired());
        } catch (OperationFailedException e3) {
            throw new OperationFailedAuthenticaionException(e3.getMessage());
        }
    }

    private CaptchaResponse extractCaptchaResponseFromAuth(Authentication authentication) {
        if (authentication instanceof StashAuthenticationToken) {
            return extractCaptchaResponse((StashAuthenticationToken) authentication);
        }
        return null;
    }

    private CaptchaResponse extractCaptchaResponse(StashAuthenticationToken stashAuthenticationToken) {
        String captchaChallengeId = stashAuthenticationToken.getCaptchaChallengeId();
        String captchaResponse = stashAuthenticationToken.getCaptchaResponse();
        if (StringUtils.isNotEmpty(captchaChallengeId) && StringUtils.isNotEmpty(captchaResponse)) {
            return new CaptchaResponse(captchaChallengeId, captchaResponse);
        }
        return null;
    }

    private String reauthWithWebappMessage(Exception exc, Authentication authentication) {
        return authentication instanceof StashAuthenticationToken ? exc.getMessage() : this.i18nService.getText("stash.auth.failed.captcha.required", "To proceed you must first re-authenticate with Stash via the web interface", new Object[0]);
    }

    private boolean isNonEmptyString(Object obj) {
        return (obj instanceof String) && StringUtils.isNotEmpty((String) obj);
    }

    private boolean isNullOrString(Object obj) {
        return obj == null || (obj instanceof String);
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
