package org.cloudfoundry.identity.uaa.authentication.manager;

import java.security.SecureRandom;
import java.util.List;
import java.util.Locale;
import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationFailureEvent;
import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
import org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.AuthenticationFailureLockedEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.password.PasswordEncoder;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/cloudfoundry-identity-common-1.6.4-SNAPSHOT.jar:org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.class
 */
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.6.4.jar:org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.class */
public class AuthzAuthenticationManager implements AuthenticationManager, ApplicationEventPublisherAware {
    private final Log logger;
    private final PasswordEncoder encoder;
    private final UaaUserDatabase userDatabase;
    private ApplicationEventPublisher eventPublisher;
    private AccountLoginPolicy accountLoginPolicy;
    private final UaaUser dummyUser;

    public AuthzAuthenticationManager(UaaUserDatabase uaaUserDatabase) {
        this(uaaUserDatabase, new BCryptPasswordEncoder());
    }

    public AuthzAuthenticationManager(UaaUserDatabase uaaUserDatabase, PasswordEncoder passwordEncoder) {
        this.logger = LogFactory.getLog(getClass());
        this.accountLoginPolicy = new PermitAllAccountLoginPolicy();
        this.userDatabase = uaaUserDatabase;
        this.encoder = passwordEncoder;
        this.dummyUser = createDummyUser();
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UaaUser uaaUser;
        this.logger.debug("Processing authentication request for " + authentication.getName());
        if (authentication.getCredentials() == null) {
            BadCredentialsException badCredentialsException = new BadCredentialsException("No password supplied");
            publish(new AuthenticationFailureBadCredentialsEvent(authentication, badCredentialsException));
            throw badCredentialsException;
        }
        try {
            uaaUser = this.userDatabase.retrieveUserByName(authentication.getName().toLowerCase(Locale.US));
        } catch (UsernameNotFoundException e) {
            uaaUser = this.dummyUser;
        }
        boolean matches = this.encoder.matches((CharSequence) authentication.getCredentials(), uaaUser.getPassword());
        if (!this.accountLoginPolicy.isAllowed(uaaUser, authentication)) {
            this.logger.warn("Login policy rejected authentication for " + uaaUser.getUsername() + ", " + uaaUser.getId() + ". Ignoring login request.");
            BadCredentialsException badCredentialsException2 = new BadCredentialsException("Login policy rejected authentication");
            publish(new AuthenticationFailureLockedEvent(authentication, badCredentialsException2));
            throw badCredentialsException2;
        }
        if (matches) {
            this.logger.debug("Password successfully matched");
            UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(uaaUser), uaaUser.getAuthorities(), (UaaAuthenticationDetails) authentication.getDetails());
            publish(new UserAuthenticationSuccessEvent(uaaUser, uaaAuthentication));
            return uaaAuthentication;
        }
        if (uaaUser == this.dummyUser) {
            this.logger.debug("No user named '" + authentication.getName() + "' was found");
            publish(new UserNotFoundEvent(authentication));
        } else {
            this.logger.debug("Password did not match for user " + authentication.getName());
            publish(new UserAuthenticationFailureEvent(uaaUser, authentication));
        }
        BadCredentialsException badCredentialsException3 = new BadCredentialsException("Bad credentials");
        publish(new AuthenticationFailureBadCredentialsEvent(authentication, badCredentialsException3));
        throw badCredentialsException3;
    }

    private void publish(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAccountLoginPolicy(AccountLoginPolicy accountLoginPolicy) {
        this.accountLoginPolicy = accountLoginPolicy;
    }

    private UaaUser createDummyUser() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String encode = this.encoder.encode(new String(Hex.encode(bArr)));
        final String uuid = UUID.randomUUID().toString();
        return new UaaUser("dummy_user", encode, "dummy_user", "dummy", "dummy") { // from class: org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager.1
            @Override // org.cloudfoundry.identity.uaa.user.UaaUser
            public final String getId() {
                return uuid;
            }

            @Override // org.cloudfoundry.identity.uaa.user.UaaUser
            public final List<? extends GrantedAuthority> getAuthorities() {
                throw new IllegalStateException();
            }
        };
    }
}
