package org.jsecurity.realm;

import org.jsecurity.authc.Account;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.ExpiredCredentialsException;
import org.jsecurity.authc.IncorrectCredentialsException;
import org.jsecurity.authc.LockedAccountException;
import org.jsecurity.authc.LogoutAware;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.authc.credential.AllowAllCredentialsMatcher;
import org.jsecurity.authc.credential.CredentialsMatcher;
import org.jsecurity.authc.credential.SimpleCredentialsMatcher;
import org.jsecurity.cache.CacheManager;
import org.jsecurity.subject.PrincipalCollection;

/* loaded from: input_file:org/jsecurity/realm/AuthenticatingRealm.class */
public abstract class AuthenticatingRealm extends CachingRealm implements LogoutAware {
    private CredentialsMatcher credentialsMatcher = new SimpleCredentialsMatcher();
    private Class<? extends AuthenticationToken> authenticationTokenClass = UsernamePasswordToken.class;

    public AuthenticatingRealm() {
    }

    public AuthenticatingRealm(CacheManager cacheManager) {
        setCacheManager(cacheManager);
    }

    public AuthenticatingRealm(CredentialsMatcher credentialsMatcher) {
        setCredentialsMatcher(credentialsMatcher);
    }

    public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher credentialsMatcher) {
        setCacheManager(cacheManager);
        setCredentialsMatcher(credentialsMatcher);
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return this.credentialsMatcher;
    }

    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        this.credentialsMatcher = credentialsMatcher;
    }

    public Class getAuthenticationTokenClass() {
        return this.authenticationTokenClass;
    }

    public void setAuthenticationTokenClass(Class<? extends AuthenticationToken> cls) {
        this.authenticationTokenClass = cls;
    }

    @Override // org.jsecurity.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken != null && getAuthenticationTokenClass().isAssignableFrom(authenticationToken.getClass());
    }

    @Override // org.jsecurity.realm.Realm
    public final Account getAccount(AuthenticationToken authenticationToken) throws AuthenticationException {
        Account doGetAccount = doGetAccount(authenticationToken);
        if (doGetAccount == null) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("No account information found for submitted authentication token [" + authenticationToken + "].  Returning null.");
            return null;
        }
        if (doGetAccount.isLocked()) {
            throw new LockedAccountException("Account [" + doGetAccount + "] is locked.");
        }
        if (doGetAccount.isCredentialsExpired()) {
            throw new ExpiredCredentialsException("The credentials for account [" + doGetAccount + "] are expired");
        }
        CredentialsMatcher credentialsMatcher = getCredentialsMatcher();
        if (credentialsMatcher == null) {
            throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify credentials during authentication.  If you do not wish for credentials to be examined, you can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
        }
        if (credentialsMatcher.doCredentialsMatch(authenticationToken, doGetAccount)) {
            return doGetAccount;
        }
        throw new IncorrectCredentialsException("The credentials provided for account [" + authenticationToken + "] did not match the expected credentials.");
    }

    protected abstract Account doGetAccount(AuthenticationToken authenticationToken) throws AuthenticationException;

    @Override // org.jsecurity.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
    }
}
