package com.zimbra.cs.servlet;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.CacheAwareProvisioning;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthContext;
import java.security.Principal;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.MappedLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Credential;

/* loaded from: input_file:com/zimbra/cs/servlet/ZimbraLoginService.class */
public class ZimbraLoginService implements LoginService {
    protected IdentityService identityService = new DefaultIdentityService();
    protected String name;

    public void setIdentityService(IdentityService identityService) {
        this.identityService = identityService;
    }

    public IdentityService getIdentityService() {
        return this.identityService;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getName() {
        return this.name;
    }

    public void logout(UserIdentity userIdentity) {
    }

    public boolean validate(UserIdentity userIdentity) {
        return false;
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        try {
            Account account = Provisioning.getInstance().get(Key.AccountBy.name, str);
            if (account == null) {
                return null;
            }
            if (!(obj instanceof String)) {
                Log log = ZimbraLog.security;
                Object[] objArr = new Object[1];
                objArr[0] = obj == null ? "null" : obj.getClass().getName();
                log.warn("passed credentials are not a String? [%s]", objArr);
            }
            tryLogin(account, (String) obj, true);
            return makeUserIdentity(str);
        } catch (AccountServiceException.AuthFailedServiceException e) {
            ZimbraLog.security.debug("Auth failed");
            return null;
        } catch (ServiceException e2) {
            ZimbraLog.security.warn("ServiceException in auth", e2);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void tryLogin(Account account, String str, boolean z) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        if (account != null) {
            try {
                provisioning.authAccount(account, str, AuthContext.Protocol.http_basic);
            } catch (AccountServiceException.AuthFailedServiceException e) {
                if (!z || !(provisioning instanceof CacheAwareProvisioning) || !((CacheAwareProvisioning) provisioning).isCacheEnabled()) {
                    throw e;
                }
                ZimbraLog.security.debug("auth failed, refreshing Account object and trying again in case of recent password change");
                provisioning.reload(account);
                tryLogin(account, str, false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserIdentity makeUserIdentity(String str) {
        Credential credential = Credential.getCredential("");
        Principal knownUser = new MappedLoginService.KnownUser(str, credential);
        Subject subject = new Subject();
        subject.getPrincipals().add(knownUser);
        subject.getPrivateCredentials().add(credential);
        subject.getPrincipals().add(new MappedLoginService.RolePrincipal("user"));
        subject.setReadOnly();
        return this.identityService.newUserIdentity(subject, knownUser, new String[]{"user"});
    }
}
