package org.apache.ambari.server.security.authentication.jwt;

import com.google.inject.Inject;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.authentication.AccountDisabledException;
import org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
import org.apache.ambari.server.security.authentication.AmbariAuthenticationProvider;
import org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
import org.apache.ambari.server.security.authentication.AmbariUserDetailsImpl;
import org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authentication.UserNotFoundException;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.Users;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.class */
public class AmbariJwtAuthenticationProvider extends AmbariAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariJwtAuthenticationProvider.class);

    @Inject
    public AmbariJwtAuthenticationProvider(Users users, Configuration configuration) {
        super(users, configuration);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication.getName() == null) {
            LOG.info("Authentication failed: no username provided");
            throw new AmbariAuthenticationException(null, "Unexpected error due to missing username", false);
        }
        String trim = authentication.getName().trim();
        if (authentication.getCredentials() == null) {
            LOG.info("Authentication failed: no credentials provided: {}", trim);
            throw new AmbariAuthenticationException(trim, "Unexpected error due to missing JWT token", false);
        }
        Users users = getUsers();
        UserEntity userEntity = users.getUserEntity(trim);
        if (userEntity == null) {
            LOG.info("User not found: {}", trim);
            throw new UserNotFoundException(trim, "Cannot find user from JWT. Please, ensure LDAP is configured and users are synced.");
        }
        boolean z = false;
        if (getAuthenticationEntity(userEntity, UserAuthenticationType.JWT) != null) {
            z = true;
        } else if (getAuthenticationEntity(userEntity, UserAuthenticationType.LDAP) != null) {
            try {
                users.addJWTAuthentication(userEntity, trim);
                z = true;
            } catch (AmbariException e) {
                LOG.error(String.format("Failed to add the JWT authentication method for %s: %s", trim, e.getLocalizedMessage()), e);
                throw new AmbariAuthenticationException(trim, "Unexpected error has occurred", false, e);
            }
        }
        if (!z) {
            LOG.debug("Authentication failed: password does not match stored value: {}", trim);
            throw new UserNotFoundException(trim, "Cannot find user from JWT. Please, ensure LDAP is configured and users are synced.");
        }
        LOG.debug("Authentication succeeded - a matching user was found: {}", trim);
        try {
            users.validateLogin(userEntity, trim);
            AmbariUserDetailsImpl ambariUserDetailsImpl = new AmbariUserDetailsImpl(users.getUser(userEntity), null, users.getUserAuthorities(userEntity));
            String trim2 = ambariUserDetailsImpl.getUsername().trim();
            if (!trim.equals(trim2)) {
                AuthorizationHelper.addLoginNameAlias(trim, trim2);
            }
            return new AmbariUserAuthentication(authentication.getCredentials().toString(), ambariUserDetailsImpl, true);
        } catch (AccountDisabledException | TooManyLoginFailuresException e2) {
            if (getConfiguration().showLockedOutUserMessage()) {
                throw e2;
            }
            throw new AmbariAuthenticationException(trim, "Unexpected error due to missing JWT token", false);
        }
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthenticationToken.class.isAssignableFrom(cls);
    }
}
