package org.graylog.security.authservice;

import java.util.Optional;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/authservice/AuthServiceAuthenticator.class */
public class AuthServiceAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(AuthServiceAuthenticator.class);
    private final GlobalAuthServiceConfig authServiceConfig;
    private final ProvisionerService provisionerService;

    @Inject
    public AuthServiceAuthenticator(GlobalAuthServiceConfig globalAuthServiceConfig, ProvisionerService provisionerService) {
        this.authServiceConfig = globalAuthServiceConfig;
        this.provisionerService = provisionerService;
    }

    public AuthServiceResult authenticate(AuthServiceCredentials authServiceCredentials) {
        Optional<AuthServiceBackend> activeBackend = this.authServiceConfig.getActiveBackend();
        if (activeBackend.isPresent()) {
            AuthServiceResult authenticate = authenticate(authServiceCredentials, activeBackend.get());
            if (authenticate.isSuccess()) {
                return authenticate;
            }
            if (LOG.isDebugEnabled()) {
                AuthServiceBackend defaultBackend = this.authServiceConfig.getDefaultBackend();
                LOG.debug("Couldn't authenticate <{}> against active authentication service <{}/{}/{}>. Trying default backend <{}/{}/{}>.", new Object[]{authServiceCredentials.username(), activeBackend.get().backendId(), activeBackend.get().backendType(), activeBackend.get().backendTitle(), defaultBackend.backendId(), defaultBackend.backendType(), defaultBackend.backendTitle()});
            }
        }
        return authenticate(authServiceCredentials, this.authServiceConfig.getDefaultBackend());
    }

    private AuthServiceResult authenticate(AuthServiceCredentials authServiceCredentials, AuthServiceBackend authServiceBackend) {
        Optional<UserDetails> authenticateAndProvision = authServiceBackend.authenticateAndProvision(authServiceCredentials, this.provisionerService);
        return authenticateAndProvision.isPresent() ? AuthServiceResult.builder().username(authServiceCredentials.username()).userProfileId(authenticateAndProvision.get().databaseId().get()).backendType(authServiceBackend.backendType()).backendId(authServiceBackend.backendId()).backendTitle(authServiceBackend.backendTitle()).build() : failResult(authServiceCredentials, authServiceBackend);
    }

    private AuthServiceResult failResult(AuthServiceCredentials authServiceCredentials, AuthServiceBackend authServiceBackend) {
        return AuthServiceResult.failed(authServiceCredentials.username(), authServiceBackend);
    }
}
