package org.sonatype.security.ldap.realms;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.util.HashSet;
import java.util.Set;
import javax.naming.NamingException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.ldap.AbstractLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.sonatype.security.ldap.LdapConstants;
import org.sonatype.security.ldap.dao.LdapDAOException;
import org.sonatype.security.ldap.dao.NoLdapUserRolesFoundException;
import org.sonatype.sisu.goodies.common.Loggers;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.20-02/dependencies/nexus-ldap-common-2.14.20-02.jar:org/sonatype/security/ldap/realms/AbstractLdapAuthenticationRealm.class */
public abstract class AbstractLdapAuthenticationRealm extends AbstractLdapRealm {
    private final Logger logger = Loggers.getLogger((Class) getClass());
    private final LdapManager ldapManager;

    public AbstractLdapAuthenticationRealm(LdapManager ldapManager) {
        setName(LdapConstants.REALM_NAME);
        this.ldapManager = (LdapManager) Preconditions.checkNotNull(ldapManager);
    }

    @Override // org.apache.shiro.realm.ldap.AbstractLdapRealm
    protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        String username = usernamePasswordToken.getUsername();
        String valueOf = String.valueOf(usernamePasswordToken.getPassword());
        if (Strings.isNullOrEmpty(valueOf)) {
            throw new AuthenticationException("Password must not be empty");
        }
        try {
            this.ldapManager.authenticateUser(username, valueOf);
            return buildAuthenticationInfo(username, null);
        } catch (org.sonatype.security.authentication.AuthenticationException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("User: " + username + " could not be authenticated ", (Throwable) e);
            }
            throw new AuthenticationException(e.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.shiro.realm.ldap.AbstractLdapRealm
    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        if (!principalCollection.getRealmNames().contains(getName())) {
            return null;
        }
        Set hashSet = new HashSet();
        String obj = principalCollection.getPrimaryPrincipal().toString();
        try {
            hashSet = this.ldapManager.getUserRoles(obj);
        } catch (LdapDAOException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new NamingException(e.getMessage());
        } catch (NoLdapUserRolesFoundException e2) {
            this.logger.debug("User: " + obj + " does not have any ldap roles.", (Throwable) e2);
        }
        return new SimpleAuthorizationInfo(hashSet);
    }

    protected AuthenticationInfo buildAuthenticationInfo(String str, char[] cArr) {
        return new SimpleAuthenticationInfo(str, cArr, getName());
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    public CredentialsMatcher getCredentialsMatcher() {
        return new AllowAllCredentialsMatcher();
    }
}
