package org.graylog2.security.realm;

import javax.inject.Inject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
import org.graylog2.Configuration;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.users.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/realm/PasswordAuthenticator.class */
public class PasswordAuthenticator extends AuthenticatingRealm {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PasswordAuthenticator.class);
    private final UserService userService;
    private final Configuration configuration;

    @Inject
    public PasswordAuthenticator(UserService userService, Configuration configuration) {
        this.userService = userService;
        this.configuration = configuration;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        LOG.debug("Retrieving authc info for user {}", usernamePasswordToken.getUsername());
        User load = this.userService.load(usernamePasswordToken.getUsername());
        if (load == null || load.isLocalAdmin()) {
            return null;
        }
        if (load.isExternalUser()) {
            LOG.trace("Skipping mongodb-based password check for LDAP user {}", usernamePasswordToken.getUsername());
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found user {} to be authenticated with password.", load.getName());
        }
        return new SimpleAccount(usernamePasswordToken.getPrincipal(), load.getHashedPassword(), ByteSource.Util.bytes(this.configuration.getPasswordSecret()), "graylog2MongoDbRealm");
    }
}
