package org.apache.archiva.security;

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.UnauthorizedException;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.system.DefaultSecuritySession;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.system.SecuritySystem;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("servletAuthenticator")
/* loaded from: input_file:org/apache/archiva/security/ArchivaServletAuthenticator.class */
public class ArchivaServletAuthenticator implements ServletAuthenticator {
    private Logger log = LoggerFactory.getLogger(ArchivaServletAuthenticator.class);

    @Inject
    private SecuritySystem securitySystem;

    @Override // org.apache.archiva.security.ServletAuthenticator
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
        if (authenticationResult == null || authenticationResult.isAuthenticated()) {
            return true;
        }
        throw new AuthenticationException("User Credentials Invalid");
    }

    @Override // org.apache.archiva.security.ServletAuthenticator
    public boolean isAuthorized(HttpServletRequest httpServletRequest, SecuritySession securitySession, String str, String str2) throws AuthorizationException, UnauthorizedException {
        AuthorizationResult authorize = this.securitySystem.authorize(securitySession, str2, str);
        if (authorize.isAuthorized()) {
            return true;
        }
        if (authorize.getException() == null) {
            throw new UnauthorizedException("User account is locked");
        }
        this.log.info("Authorization Denied [ip={},permission={},repo={}] : {}", new Object[]{httpServletRequest.getRemoteAddr(), str2, str, authorize.getException().getMessage()});
        throw new UnauthorizedException("Access denied for repository " + str);
    }

    @Override // org.apache.archiva.security.ServletAuthenticator
    public boolean isAuthorized(String str, String str2, String str3) throws UnauthorizedException {
        try {
            User findUser = this.securitySystem.getUserManager().findUser(str);
            if (findUser == null) {
                throw new UnauthorizedException("The security system had an internal error - please check your system logs");
            }
            if (findUser.isLocked()) {
                throw new UnauthorizedException("User account is locked.");
            }
            return this.securitySystem.isAuthorized(new DefaultSecuritySession(new AuthenticationResult(true, str, (Exception) null), findUser), str3, str2);
        } catch (AuthorizationException e) {
            throw new UnauthorizedException(e.getMessage(), e);
        } catch (UserManagerException e2) {
            throw new UnauthorizedException(e2.getMessage(), e2);
        } catch (UserNotFoundException e3) {
            throw new UnauthorizedException(e3.getMessage(), e3);
        }
    }

    public SecuritySystem getSecuritySystem() {
        return this.securitySystem;
    }

    public void setSecuritySystem(SecuritySystem securitySystem) {
        this.securitySystem = securitySystem;
    }
}
