package org.apereo.cas.authentication;

import com.codahale.metrics.annotation.Counted;
import com.codahale.metrics.annotation.Metered;
import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.Lists;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.support.events.CasAuthenticationPrincipalResolvedEvent;
import org.apereo.cas.support.events.CasAuthenticationTransactionStartedEvent;
import org.apereo.cas.support.events.CasAuthenticationTransactionSuccessfulEvent;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-5.0.3.1.jar:org/apereo/cas/authentication/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
    private static final String MESSAGE = "At least one authentication handler is required";
    protected transient Logger logger;
    protected List<AuthenticationMetaDataPopulator> authenticationMetaDataPopulators;
    protected Map<AuthenticationHandler, PrincipalResolver> handlerResolverMap;
    protected AuthenticationHandlerResolver authenticationHandlerResolver;

    @Autowired
    private ApplicationEventPublisher eventPublisher;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationManager() {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationHandlerResolver = new RegisteredServiceAuthenticationHandlerResolver();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationManager(AuthenticationHandler... authenticationHandlerArr) {
        this(Lists.newArrayList(authenticationHandlerArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationManager(List<AuthenticationHandler> list) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationHandlerResolver = new RegisteredServiceAuthenticationHandlerResolver();
        Assert.notEmpty(list, MESSAGE);
        this.handlerResolverMap = new LinkedHashMap(list.size());
        Iterator<AuthenticationHandler> it = list.iterator();
        while (it.hasNext()) {
            this.handlerResolverMap.put(it.next(), null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationManager(Map<AuthenticationHandler, PrincipalResolver> map) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationHandlerResolver = new RegisteredServiceAuthenticationHandlerResolver();
        Assert.notEmpty(map, MESSAGE);
        this.handlerResolverMap = map;
    }

    protected void populateAuthenticationMetadataAttributes(AuthenticationBuilder authenticationBuilder, Collection<Credential> collection) {
        for (AuthenticationMetaDataPopulator authenticationMetaDataPopulator : this.authenticationMetaDataPopulators) {
            Stream<Credential> stream = collection.stream();
            authenticationMetaDataPopulator.getClass();
            stream.filter(authenticationMetaDataPopulator::supports).forEach(credential -> {
                authenticationMetaDataPopulator.populateAttributes(authenticationBuilder, credential);
            });
        }
    }

    protected void addAuthenticationMethodAttribute(AuthenticationBuilder authenticationBuilder, Authentication authentication) {
        Iterator<HandlerResult> it = authentication.getSuccesses().values().iterator();
        while (it.hasNext()) {
            authenticationBuilder.addAttribute("authenticationMethod", it.next().getHandlerName());
        }
    }

    protected Principal resolvePrincipal(String str, PrincipalResolver principalResolver, Credential credential) {
        if (!principalResolver.supports(credential)) {
            this.logger.warn("{} is configured to use {} but it does not support {}, which suggests a configuration problem.", str, principalResolver, credential);
            return null;
        }
        try {
            Principal resolve = principalResolver.resolve(credential);
            this.logger.debug("{} resolved {} from {}", principalResolver, resolve, credential);
            return resolve;
        } catch (Exception e) {
            this.logger.error("{} failed to resolve principal from {}", principalResolver, credential, e);
            return null;
        }
    }

    @Override // org.apereo.cas.authentication.AuthenticationManager
    @Timed(name = "AUTHENTICATE_TIMER")
    @Counted(name = "AUTHENTICATE_COUNT", monotonic = true)
    @Metered(name = "AUTHENTICATE_METER")
    @Audit(action = "AUTHENTICATION", actionResolverName = "AUTHENTICATION_RESOLVER", resourceResolverName = "AUTHENTICATION_RESOURCE_RESOLVER")
    public Authentication authenticate(AuthenticationTransaction authenticationTransaction) throws AuthenticationException {
        CurrentCredentialsAndAuthentication.bindCurrent(authenticationTransaction.getCredentials());
        AuthenticationBuilder authenticateInternal = authenticateInternal(authenticationTransaction);
        Authentication build = authenticateInternal.build();
        Principal principal = build.getPrincipal();
        if (principal instanceof NullPrincipal) {
            throw new UnresolvedPrincipalException(build);
        }
        addAuthenticationMethodAttribute(authenticateInternal, build);
        this.logger.info("Authenticated principal [{}] and attributes {} with credentials {}.", principal.getId(), principal.getAttributes(), authenticationTransaction.getCredentials());
        populateAuthenticationMetadataAttributes(authenticateInternal, authenticationTransaction.getCredentials());
        Authentication build2 = authenticateInternal.build();
        CurrentCredentialsAndAuthentication.bindCurrent(build2);
        return build2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authenticateAndResolvePrincipal(AuthenticationBuilder authenticationBuilder, Credential credential, PrincipalResolver principalResolver, AuthenticationHandler authenticationHandler) throws GeneralSecurityException, PreventedException {
        Principal resolvePrincipal;
        publishEvent(new CasAuthenticationTransactionStartedEvent(this, credential));
        HandlerResult authenticate = authenticationHandler.authenticate(credential);
        authenticationBuilder.addSuccess(authenticationHandler.getName(), authenticate);
        this.logger.info("{} successfully authenticated {}", authenticationHandler.getName(), credential);
        publishEvent(new CasAuthenticationTransactionSuccessfulEvent(this, credential));
        if (principalResolver == null) {
            resolvePrincipal = authenticate.getPrincipal();
            this.logger.debug("No resolver configured for {}. Falling back to handler principal {}", authenticationHandler.getName(), resolvePrincipal);
        } else {
            resolvePrincipal = resolvePrincipal(authenticationHandler.getName(), principalResolver, credential);
            if (resolvePrincipal == null) {
                this.logger.warn("Principal resolution handled by {} produced a null principal. This is likely due to misconfiguration or missing attributes; CAS will attempt to use the principal produced by the authentication handler, if any.", principalResolver.getClass().getSimpleName());
                resolvePrincipal = authenticate.getPrincipal();
            }
        }
        if (resolvePrincipal != null) {
            authenticationBuilder.setPrincipal(resolvePrincipal);
        }
        this.logger.debug("Final principal resolved for this authentication event is {}", resolvePrincipal);
        publishEvent(new CasAuthenticationPrincipalResolvedEvent(this, resolvePrincipal));
    }

    protected abstract AuthenticationBuilder authenticateInternal(AuthenticationTransaction authenticationTransaction) throws AuthenticationException;

    public void setAuthenticationMetaDataPopulators(List<AuthenticationMetaDataPopulator> list) {
        this.authenticationMetaDataPopulators = list;
    }

    public void setAuthenticationHandlerResolver(AuthenticationHandlerResolver authenticationHandlerResolver) {
        this.authenticationHandlerResolver = authenticationHandlerResolver;
    }

    public void setHandlerResolverMap(Map<AuthenticationHandler, PrincipalResolver> map) {
        this.handlerResolverMap = map;
    }

    private void publishEvent(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }
}
