package org.sakaiproject.user.impl;

import org.sakaiproject.user.api.Authentication;
import org.sakaiproject.user.api.AuthenticationException;
import org.sakaiproject.user.api.AuthenticationManager;
import org.sakaiproject.user.api.AuthenticationMissingException;
import org.sakaiproject.user.api.AuthenticationUnknownException;
import org.sakaiproject.user.api.Evidence;
import org.sakaiproject.user.api.ExternalTrustedEvidence;
import org.sakaiproject.user.api.IdPwEvidence;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.api.UserDirectoryService;
import org.sakaiproject.user.api.UserNotDefinedException;
import org.sakaiproject.util.IPAddrUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sakaiproject/user/impl/UserAuthnComponent.class */
public abstract class UserAuthnComponent implements AuthenticationManager {
    private static final Logger log = LoggerFactory.getLogger(UserAuthnComponent.class);

    protected abstract UserDirectoryService userDirectoryService();

    protected abstract AuthenticationCache authenticationCache();

    public void init() {
        log.info("init()");
    }

    public void destroy() {
        log.info("destroy()");
    }

    public Authentication authenticate(Evidence evidence) throws AuthenticationException {
        if (!(evidence instanceof IdPwEvidence)) {
            if (!(evidence instanceof ExternalTrustedEvidence)) {
                throw new AuthenticationUnknownException(evidence.toString());
            }
            ExternalTrustedEvidence externalTrustedEvidence = (ExternalTrustedEvidence) evidence;
            if (externalTrustedEvidence.getIdentifier() == null || externalTrustedEvidence.getIdentifier().trim().length() == 0) {
                throw new AuthenticationException("Invalid Login: Identifier empty.");
            }
            try {
                User userByAid = userDirectoryService().getUserByAid(externalTrustedEvidence.getIdentifier());
                String property = userByAid.getProperties().getProperty("disabled");
                if (property == null || !"true".equals(property)) {
                    return new org.sakaiproject.util.Authentication(userByAid.getId(), userByAid.getEid());
                }
                throw new AuthenticationException("Account Disabled: The user's authentication has been disabled");
            } catch (UserNotDefinedException e) {
                throw new AuthenticationMissingException("User '" + externalTrustedEvidence.getIdentifier() + "' not defined", evidence);
            }
        }
        IdPwEvidence idPwEvidence = (IdPwEvidence) evidence;
        if (idPwEvidence.getPassword() == null || idPwEvidence.getPassword().trim().length() == 0 || idPwEvidence.getIdentifier() == null || idPwEvidence.getIdentifier().trim().length() == 0) {
            throw new AuthenticationException("Invalid Login: Either identifier or password empty.");
        }
        Authentication authentication = authenticationCache().getAuthentication(idPwEvidence.getIdentifier(), idPwEvidence.getPassword());
        if (authentication != null) {
            return authentication;
        }
        User authenticate = userDirectoryService().authenticate(idPwEvidence.getIdentifier(), idPwEvidence.getPassword());
        if (authenticate == null) {
            authenticationCache().putAuthenticationFailure(idPwEvidence.getIdentifier(), idPwEvidence.getPassword());
            throw new AuthenticationException("Invalid Login: Either user not found or password incorrect.");
        }
        String property2 = authenticate.getProperties().getProperty("disabled");
        if (property2 != null && "true".equals(property2)) {
            throw new AuthenticationException("Account Disabled: The user's authentication has been disabled");
        }
        String property3 = authenticate.getProperties().getProperty("ip-whitelist");
        if (property3 != null && !property3.isEmpty() && !IPAddrUtil.matchIPList(property3, idPwEvidence.getRemoteAddr())) {
            throw new AuthenticationException("Authentication refused: The user may only authenticate from whitelisted addresses");
        }
        org.sakaiproject.util.Authentication authentication2 = new org.sakaiproject.util.Authentication(authenticate.getId(), authenticate.getEid());
        authenticationCache().putAuthentication(idPwEvidence.getIdentifier(), idPwEvidence.getPassword(), authentication2);
        return authentication2;
    }
}
