package de.resolution.samlsso.authenticator;

import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.bamboo.user.authentication.BambooAuthenticator;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.user.User;
import java.security.Principal;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/resolution/samlsso/authenticator/BambooDenyPasswordAuthenticator.class */
public class BambooDenyPasswordAuthenticator extends BambooAuthenticator implements ConfigurableDenyPasswordAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(BambooDenyPasswordAuthenticator.class);
    private DenyPasswordSupport denyPasswordSupport;

    public void init(Map<String, String> map, SecurityConfig securityConfig) {
        super.init(map, securityConfig);
        this.denyPasswordSupport = new DenyPasswordSupport(map);
    }

    protected boolean authenticate(Principal principal, String str) {
        if (principal == null) {
            logger.error("Principal is null!");
            return false;
        }
        String name = principal.getName();
        if (this.denyPasswordSupport.userOnBlacklist(name)) {
            logger.warn("Denying password access for principal {}, username is on the blacklist.", name);
            return false;
        }
        if (this.denyPasswordSupport.userOnWhitelist(name)) {
            return super.authenticate(principal, str);
        }
        BambooUserManager bambooUserManager = (BambooUserManager) ComponentAccessor.BAMBOO_USER_MANAGER.get();
        User user = bambooUserManager.getUser(name);
        if (user == null) {
            logger.warn("User {} is null, denying password authentication", name);
            return false;
        }
        if (this.denyPasswordSupport.groupAllowsPasswordLogin(bambooUserManager.getGroupNamesAsList(user))) {
            return super.authenticate(principal, str);
        }
        if (!isAllowSysAdmins()) {
            logger.warn("Denying password access for principal {}", name);
            return false;
        }
        if (((BambooPermissionManager) ComponentAccessor.BAMBOO_PERMISSION_MANAGER.get()).isSystemAdmin(name)) {
            return super.authenticate(principal, str);
        }
        logger.warn("Denying password access for principal {}", name);
        return false;
    }

    @Override // de.resolution.samlsso.authenticator.ConfigurableDenyPasswordAuthenticator
    public DenyPasswordSupport getDenyPasswordSupport() {
        return this.denyPasswordSupport;
    }
}
