package com.hypersocket.auth;

import com.hypersocket.config.ConfigurationService;
import com.hypersocket.config.SystemConfigurationService;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmRepository;
import com.hypersocket.realm.RealmService;
import com.hypersocket.util.ArrayValueHashMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/hypersocket/auth/AbstractUsernameAuthenticator.class */
public abstract class AbstractUsernameAuthenticator implements Authenticator {

    @Autowired
    private RealmService realmService;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private SystemConfigurationService systemConfigurationService;

    @Autowired
    private RealmRepository realmRepository;

    @Autowired
    private ConfigurationService configurationService;

    @Override // com.hypersocket.auth.Authenticator
    public AuthenticatorResult authenticate(AuthenticationState authenticationState, Map<String, String[]> map) throws AccessDeniedException {
        String str = (String) ArrayValueHashMap.getSingle(map, UsernameAndPasswordTemplate.USERNAME_FIELD);
        if (str == null || str.equals("")) {
            str = authenticationState.getParameter(UsernameAndPasswordTemplate.USERNAME_FIELD);
        }
        if (Objects.isNull(authenticationState.getPrincipal()) && (str == null || str.equals(""))) {
            return AuthenticatorResult.INSUFFICIENT_DATA;
        }
        Realm realm = null;
        if (map.containsKey("realm")) {
            String str2 = (String) ArrayValueHashMap.getSingle(map, "realm");
            if (this.systemConfigurationService.getBooleanValue("auth.enforceSelectRealm").booleanValue() && StringUtils.isBlank(str2)) {
                authenticationState.setLastErrorIsResourceKey(true);
                authenticationState.setLastErrorMsg("error.userMustSelectRealm");
                return AuthenticatorResult.AUTHENTICATION_FAILURE_DISPLAY_ERROR;
            }
            realm = this.realmService.getRealmByName(str2);
        }
        if (!processFields(authenticationState, map)) {
            return AuthenticatorResult.INSUFFICIENT_DATA;
        }
        try {
            Principal resolvePrincipalAndRealm = Objects.isNull(authenticationState.getPrincipal()) ? this.authenticationService.resolvePrincipalAndRealm(authenticationState, str, realm, authenticationState.getPrincipalType()) : authenticationState.getPrincipal();
            AuthenticatorResult verifyCredentials = verifyCredentials(authenticationState, resolvePrincipalAndRealm, map);
            if (verifyCredentials == AuthenticatorResult.AUTHENTICATION_SUCCESS) {
                authenticationState.setRealm(resolvePrincipalAndRealm.getRealm());
                authenticationState.setPrincipal(resolvePrincipalAndRealm);
            }
            return verifyCredentials;
        } catch (PrincipalNotFoundException e) {
            if (!this.configurationService.getBooleanValue(authenticationState.getRealm() == null ? this.realmService.getDefaultRealm() : authenticationState.getRealm(), "logon.verboseErrors").booleanValue()) {
                return AuthenticatorResult.AUTHENTICATION_FAILURE_INVALID_PRINCIPAL;
            }
            authenticationState.setLastErrorIsResourceKey(false);
            authenticationState.setLastErrorMsg(e.getMessage());
            return AuthenticatorResult.AUTHENTICATION_FAILURE_DISPLAY_ERROR;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Realm> getLogonRealms(AuthenticationState authenticationState) {
        ArrayList arrayList = new ArrayList();
        if (authenticationState.getHostRealm() == null && this.systemConfigurationService.getBooleanValue("auth.chooseRealm").booleanValue() && !this.realmService.isRealmStrictedToHost(authenticationState.getRealm())) {
            for (Realm realm : this.realmRepository.allRealms()) {
                if (!this.realmService.isRealmStrictedToHost(realm)) {
                    arrayList.add(realm);
                }
            }
        }
        return arrayList;
    }

    protected abstract boolean processFields(AuthenticationState authenticationState, Map<String, String[]> map);

    protected abstract AuthenticatorResult verifyCredentials(AuthenticationState authenticationState, Principal principal, Map<String, String[]> map);

    @Override // com.hypersocket.auth.Authenticator
    public boolean isHidden() {
        return false;
    }

    @Override // com.hypersocket.auth.Authenticator
    public boolean canAuthenticate(Principal principal) throws AccessDeniedException {
        return true;
    }
}
