package org.graylog.security.authservice;

import java.util.Optional;
import javax.inject.Inject;
import org.graylog2.shared.security.AuthenticationServiceUnavailableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/authservice/AuthServiceAuthenticator.class */
public class AuthServiceAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(AuthServiceAuthenticator.class);
    private final GlobalAuthServiceConfig authServiceConfig;
    private final ProvisionerService provisionerService;

    @Inject
    public AuthServiceAuthenticator(GlobalAuthServiceConfig globalAuthServiceConfig, ProvisionerService provisionerService) {
        this.authServiceConfig = globalAuthServiceConfig;
        this.provisionerService = provisionerService;
    }

    public AuthServiceResult authenticate(AuthServiceToken authServiceToken) {
        Optional<AuthServiceBackend> activeBackend = this.authServiceConfig.getActiveBackend();
        if (activeBackend.isPresent()) {
            return authenticate(authServiceToken, activeBackend.get());
        }
        AuthServiceBackend defaultBackend = this.authServiceConfig.getDefaultBackend();
        throw new AuthServiceException("No active auth service backend configured. Tokens can not be authenticated with the default backend. Please activate a backend capable of token-based authentication.", defaultBackend.backendType(), defaultBackend.backendId());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.lang.Throwable] */
    public AuthServiceResult authenticate(AuthServiceCredentials authServiceCredentials) {
        Optional<AuthServiceBackend> activeBackend = this.authServiceConfig.getActiveBackend();
        if (!activeBackend.isPresent()) {
            return authenticate(authServiceCredentials, this.authServiceConfig.getDefaultBackend());
        }
        AuthenticationServiceUnavailableException authenticationServiceUnavailableException = null;
        try {
            AuthServiceResult authenticate = authenticate(authServiceCredentials, activeBackend.get());
            if (authenticate.isSuccess()) {
                return authenticate;
            }
        } catch (AuthenticationServiceUnavailableException e) {
            authenticationServiceUnavailableException = e;
        }
        if (LOG.isDebugEnabled()) {
            AuthServiceBackend defaultBackend = this.authServiceConfig.getDefaultBackend();
            LOG.debug("Couldn't authenticate <{}> against active authentication service <{}/{}/{}>. Trying default backend <{}/{}/{}>.", new Object[]{authServiceCredentials.username(), activeBackend.get().backendId(), activeBackend.get().backendType(), activeBackend.get().backendTitle(), defaultBackend.backendId(), defaultBackend.backendType(), defaultBackend.backendTitle()});
        }
        AuthServiceResult authenticate2 = authenticate(authServiceCredentials, this.authServiceConfig.getDefaultBackend());
        if (!authenticate2.isSuccess() && authenticationServiceUnavailableException != null) {
            throw authenticationServiceUnavailableException;
        }
        return authenticate2;
    }

    private AuthServiceResult authenticate(AuthServiceToken authServiceToken, AuthServiceBackend authServiceBackend) {
        return (AuthServiceResult) authServiceBackend.authenticateAndProvision(authServiceToken, this.provisionerService).map(authenticationDetails -> {
            return successResult(authenticationDetails, authServiceBackend);
        }).orElseGet(() -> {
            return failResult("<token>", authServiceBackend);
        });
    }

    private AuthServiceResult authenticate(AuthServiceCredentials authServiceCredentials, AuthServiceBackend authServiceBackend) {
        return (AuthServiceResult) authServiceBackend.authenticateAndProvision(authServiceCredentials, this.provisionerService).map(authenticationDetails -> {
            return successResult(authenticationDetails, authServiceBackend);
        }).orElseGet(() -> {
            return failResult(authServiceCredentials.username(), authServiceBackend);
        });
    }

    private AuthServiceResult successResult(AuthenticationDetails authenticationDetails, AuthServiceBackend authServiceBackend) {
        return AuthServiceResult.builder().username(authenticationDetails.userDetails().username()).userProfileId(authenticationDetails.userDetails().databaseId().get()).backendType(authServiceBackend.backendType()).backendId(authServiceBackend.backendId()).backendTitle(authServiceBackend.backendTitle()).sessionAttributes(authenticationDetails.sessionAttributes()).build();
    }

    private AuthServiceResult failResult(String str, AuthServiceBackend authServiceBackend) {
        return AuthServiceResult.failed(str, authServiceBackend);
    }
}
