package org.jsecurity.authc.pam;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jsecurity.authc.AbstractAuthenticator;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.AuthenticationInfo;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.LogoutAware;
import org.jsecurity.authc.UnknownAccountException;
import org.jsecurity.io.IniResource;
import org.jsecurity.realm.Realm;
import org.jsecurity.subject.PrincipalCollection;

/* loaded from: input_file:org/jsecurity/authc/pam/ModularRealmAuthenticator.class */
public class ModularRealmAuthenticator extends AbstractAuthenticator {
    private static final Log log = LogFactory.getLog(ModularRealmAuthenticator.class);
    private Collection<Realm> realms;
    private ModularAuthenticationStrategy modularAuthenticationStrategy;

    public ModularRealmAuthenticator() {
        setModularAuthenticationStrategy(new AllSuccessfulModularAuthenticationStrategy());
    }

    public ModularRealmAuthenticator(Realm realm) {
        setRealm(realm);
    }

    public ModularRealmAuthenticator(List<Realm> list) {
        setRealms(list);
    }

    public void setRealm(Realm realm) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(realm);
        setRealms(arrayList);
    }

    public void setRealms(Collection<Realm> collection) {
        this.realms = collection;
    }

    protected Collection<Realm> getRealms() {
        return this.realms;
    }

    public ModularAuthenticationStrategy getModularAuthenticationStrategy() {
        return this.modularAuthenticationStrategy;
    }

    public void setModularAuthenticationStrategy(ModularAuthenticationStrategy modularAuthenticationStrategy) {
        this.modularAuthenticationStrategy = modularAuthenticationStrategy;
    }

    protected void assertRealmsConfigured() throws IllegalStateException {
        Collection<Realm> realms = getRealms();
        if (realms == null || realms.isEmpty()) {
            throw new IllegalStateException("Configuration error:  No realms have been configured!  One or more realms must be present to execute an authentication attempt.");
        }
    }

    protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken authenticationToken) {
        if (!realm.supports(authenticationToken)) {
            throw new UnsupportedTokenException("Realm [" + realm + "] does not support authentication token [" + authenticationToken + "].  Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.");
        }
        AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
        if (authenticationInfo == null) {
            throw new UnknownAccountException("Realm [" + realm + "] was unable to find account data for the submitted AuthenticationToken [" + authenticationToken + "].");
        }
        return authenticationInfo;
    }

    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> collection, AuthenticationToken authenticationToken) {
        ModularAuthenticationStrategy modularAuthenticationStrategy = getModularAuthenticationStrategy();
        AuthenticationInfo beforeAllAttempts = modularAuthenticationStrategy.beforeAllAttempts(collection, authenticationToken);
        if (log.isDebugEnabled()) {
            log.debug("Iterating through [" + collection.size() + "] realms for PAM authentication");
        }
        for (Realm realm : collection) {
            if (realm.supports(authenticationToken)) {
                if (log.isDebugEnabled()) {
                    log.debug("Attempting to authenticate token [" + authenticationToken + "] using realm of type [" + realm + IniResource.HEADER_SUFFIX);
                }
                AuthenticationInfo authenticationInfo = null;
                Throwable th = null;
                try {
                    authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
                } catch (Throwable th2) {
                    th = th2;
                    if (log.isTraceEnabled()) {
                        log.trace("Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:", th);
                    }
                }
                beforeAllAttempts = modularAuthenticationStrategy.afterAttempt(realm, authenticationToken, authenticationInfo, beforeAllAttempts, th);
            } else if (log.isDebugEnabled()) {
                log.debug("Realm of type [" + realm + "] does not support token " + IniResource.HEADER_PREFIX + authenticationToken + "].  Skipping realm.");
            }
        }
        return modularAuthenticationStrategy.afterAllAttempts(authenticationToken, beforeAllAttempts);
    }

    @Override // org.jsecurity.authc.AbstractAuthenticator
    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
        assertRealmsConfigured();
        Collection<Realm> realms = getRealms();
        return realms.size() == 1 ? doSingleRealmAuthentication(realms.iterator().next(), authenticationToken) : doMultiRealmAuthentication(realms, authenticationToken);
    }

    @Override // org.jsecurity.authc.AbstractAuthenticator, org.jsecurity.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
        super.onLogout(principalCollection);
        Collection<Realm> realms = getRealms();
        if (realms == null || realms.isEmpty()) {
            return;
        }
        for (Realm realm : realms) {
            if (realm instanceof LogoutAware) {
                ((LogoutAware) realm).onLogout(principalCollection);
            }
        }
    }
}
