package org.sonatype.nexus.security.authc;

import java.util.Collection;
import java.util.EnumSet;
import java.util.Set;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.CredentialsException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.class */
public class FirstSuccessfulModularRealmAuthenticator extends ModularRealmAuthenticator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) FirstSuccessfulModularRealmAuthenticator.class);

    @Override // org.apache.shiro.authc.pam.ModularRealmAuthenticator
    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> collection, AuthenticationToken authenticationToken) {
        log.trace("Iterating through [{}] realms for PAM authentication", Integer.valueOf(collection.size()));
        EnumSet noneOf = EnumSet.noneOf(AuthenticationFailureReason.class);
        Subject subject = SecurityUtils.getSubject();
        for (Realm realm : collection) {
            if (realm.supports(authenticationToken)) {
                log.trace("Attempting to authenticate token [{}] using realm of type [{}]", authenticationToken, realm);
                try {
                    AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
                    if (authenticationInfo != null) {
                        Set<String> realmNames = authenticationInfo.getPrincipals().getRealmNames();
                        if (!subject.isAuthenticated() || subject.getPrincipals().getRealmNames().containsAll(realmNames)) {
                            return authenticationInfo;
                        }
                    } else {
                        log.trace("Realm [{}] returned null when authenticating token [{}]", realm, authenticationToken);
                    }
                } catch (DisabledAccountException e) {
                    logExceptionForRealm(e, realm);
                    noneOf.add(AuthenticationFailureReason.DISABLED_ACCOUNT);
                } catch (ExpiredCredentialsException e2) {
                    logExceptionForRealm(e2, realm);
                    noneOf.add(AuthenticationFailureReason.EXPIRED_CREDENTIALS);
                } catch (IncorrectCredentialsException e3) {
                    logExceptionForRealm(e3, realm);
                    noneOf.add(AuthenticationFailureReason.INCORRECT_CREDENTIALS);
                } catch (CredentialsException e4) {
                    logExceptionForRealm(e4, realm);
                    noneOf.add(AuthenticationFailureReason.PASSWORD_EMPTY);
                } catch (UnknownAccountException e5) {
                    logExceptionForRealm(e5, realm);
                    noneOf.add(AuthenticationFailureReason.USER_NOT_FOUND);
                } catch (AuthenticationException e6) {
                    logExceptionForRealm(e6, realm);
                    noneOf.add(AuthenticationFailureReason.UNKNOWN);
                } catch (Throwable th) {
                    logExceptionForRealm(th, realm);
                }
            } else {
                log.trace("Realm of type [{}] does not support token [{}]; skipping realm", realm, authenticationToken);
            }
        }
        throw new NexusAuthenticationException("Authentication token of type [" + authenticationToken.getClass() + "] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.", noneOf);
    }

    private void logExceptionForRealm(Throwable th, Realm realm) {
        log.trace("Realm [{}] threw an exception during a multi-realm authentication attempt", realm, th);
    }
}
