package org.graylog2.security.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
import org.graylog2.Core;
import org.graylog2.users.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/realm/PasswordAuthenticator.class */
public class PasswordAuthenticator extends AuthenticatingRealm {
    private static final Logger log = LoggerFactory.getLogger(PasswordAuthenticator.class);
    private final Core core;

    public PasswordAuthenticator(Core core) {
        this.core = core;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        log.debug("Retrieving authc info for user {}", usernamePasswordToken.getUsername());
        User load = User.load(usernamePasswordToken.getUsername(), this.core);
        if ((load instanceof User.LocalAdminUser) || load == null) {
            return null;
        }
        if (load.isExternalUser()) {
            log.trace("Skipping mongodb-based password check for LDAP user {}", usernamePasswordToken.getUsername());
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("Found user {} to be authenticated with password.", load.getName());
        }
        return new SimpleAccount(usernamePasswordToken.getPrincipal(), load.getHashedPassword(), ByteSource.Util.bytes(this.core.getConfiguration().getPasswordSecret()), "graylog2MongoDbRealm");
    }
}
