package org.jsecurity.authc.pam;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.jsecurity.authc.AbstractAuthenticator;
import org.jsecurity.authc.Account;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.LogoutAware;
import org.jsecurity.authc.UnknownAccountException;
import org.jsecurity.realm.Realm;
import org.jsecurity.subject.PrincipalCollection;

/* loaded from: input_file:org/jsecurity/authc/pam/ModularRealmAuthenticator.class */
public class ModularRealmAuthenticator extends AbstractAuthenticator {
    private Collection<? extends Realm> realms;
    private ModularAuthenticationStrategy modularAuthenticationStrategy = new AllSuccessfulModularAuthenticationStrategy();

    public ModularRealmAuthenticator() {
    }

    public ModularRealmAuthenticator(Realm realm) {
        setRealm(realm);
    }

    public ModularRealmAuthenticator(List<Realm> list) {
        setRealms(list);
    }

    public void setRealm(Realm realm) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(realm);
        setRealms(arrayList);
    }

    public void setRealms(Collection<Realm> collection) {
        this.realms = collection;
    }

    public ModularAuthenticationStrategy getModularAuthenticationStrategy() {
        return this.modularAuthenticationStrategy;
    }

    public void setModularAuthenticationStrategy(ModularAuthenticationStrategy modularAuthenticationStrategy) {
        this.modularAuthenticationStrategy = modularAuthenticationStrategy;
    }

    protected void assertRealmsConfigured() throws IllegalStateException {
        if (this.realms == null || this.realms.isEmpty()) {
            throw new IllegalStateException("No realms configured for this ModularRealmAuthenticator.  Configuration error.");
        }
    }

    protected Account doSingleRealmAuthentication(Realm realm, AuthenticationToken authenticationToken) {
        if (!realm.supports(authenticationToken)) {
            throw new UnsupportedTokenException("Realm [" + realm + "] does not support authentication token [" + authenticationToken + "].  Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.");
        }
        Account account = realm.getAccount(authenticationToken);
        if (account == null) {
            throw new UnknownAccountException("Realm [" + realm + "] was unable to find account data for the submitted AuthenticationToken [" + authenticationToken + "].");
        }
        return account;
    }

    protected Account doMultiRealmAuthentication(Collection<? extends Realm> collection, AuthenticationToken authenticationToken) {
        ModularAuthenticationStrategy modularAuthenticationStrategy = getModularAuthenticationStrategy();
        Account beforeAllAttempts = modularAuthenticationStrategy.beforeAllAttempts(collection, authenticationToken);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Iterating through [" + collection.size() + "] realms for PAM authentication");
        }
        for (Realm realm : collection) {
            beforeAllAttempts = modularAuthenticationStrategy.beforeAttempt(realm, authenticationToken, beforeAllAttempts);
            if (realm.supports(authenticationToken)) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Attempting to authenticate token [" + authenticationToken + "] using realm of type [" + realm + "]");
                }
                Account account = null;
                Throwable th = null;
                try {
                    account = realm.getAccount(authenticationToken);
                } catch (Throwable th2) {
                    th = th2;
                    if (this.log.isTraceEnabled()) {
                        this.log.trace("Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:", th);
                    }
                }
                beforeAllAttempts = modularAuthenticationStrategy.afterAttempt(realm, authenticationToken, account, beforeAllAttempts, th);
            } else if (this.log.isDebugEnabled()) {
                this.log.debug("Realm of type [" + realm + "] does not support token [" + authenticationToken + "].  Skipping realm.");
            }
        }
        return modularAuthenticationStrategy.afterAllAttempts(authenticationToken, beforeAllAttempts);
    }

    @Override // org.jsecurity.authc.AbstractAuthenticator
    protected Account doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
        assertRealmsConfigured();
        return this.realms.size() == 1 ? doSingleRealmAuthentication(this.realms.iterator().next(), authenticationToken) : doMultiRealmAuthentication(this.realms, authenticationToken);
    }

    @Override // org.jsecurity.authc.AbstractAuthenticator, org.jsecurity.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
        super.onLogout(principalCollection);
        if (this.realms == null || this.realms.isEmpty()) {
            return;
        }
        for (Realm realm : this.realms) {
            if (realm instanceof LogoutAware) {
                ((LogoutAware) realm).onLogout(principalCollection);
            }
        }
    }
}
