package org.apache.shiro.authc.pam;

import java.util.Collection;
import org.apache.shiro.authc.AbstractAuthenticator;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LogoutAware;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class ModularRealmAuthenticator extends AbstractAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(ModularRealmAuthenticator.class);
    private AuthenticationStrategy authenticationStrategy = new AtLeastOneSuccessfulStrategy();
    private Collection<Realm> realms;

    protected void assertRealmsConfigured() throws IllegalStateException {
        if (CollectionUtils.isEmpty(getRealms())) {
            throw new IllegalStateException("Configuration error:  No realms have been configured!  One or more realms must be present to execute an authentication attempt.");
        }
    }

    @Override // org.apache.shiro.authc.AbstractAuthenticator
    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
        assertRealmsConfigured();
        Collection<Realm> realms = getRealms();
        return realms.size() == 1 ? doSingleRealmAuthentication(realms.iterator().next(), authenticationToken) : doMultiRealmAuthentication(realms, authenticationToken);
    }

    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> collection, AuthenticationToken authenticationToken) {
        AuthenticationInfo authenticationInfo;
        Throwable th;
        AuthenticationStrategy authenticationStrategy = getAuthenticationStrategy();
        AuthenticationInfo beforeAllAttempts = authenticationStrategy.beforeAllAttempts(collection, authenticationToken);
        if (log.isTraceEnabled()) {
            log.trace("Iterating through {} realms for PAM authentication", Integer.valueOf(collection.size()));
        }
        for (Realm realm : collection) {
            AuthenticationInfo beforeAttempt = authenticationStrategy.beforeAttempt(realm, authenticationToken, beforeAllAttempts);
            if (realm.supports(authenticationToken)) {
                log.trace("Attempting to authenticate token [{}] using realm [{}]", authenticationToken, realm);
                try {
                    th = null;
                    authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
                } catch (Throwable th2) {
                    if (log.isWarnEnabled()) {
                        log.warn("Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:", th2);
                    }
                    authenticationInfo = null;
                    th = th2;
                }
                beforeAllAttempts = authenticationStrategy.afterAttempt(realm, authenticationToken, authenticationInfo, beforeAttempt, th);
            } else {
                log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, authenticationToken);
                beforeAllAttempts = beforeAttempt;
            }
        }
        return authenticationStrategy.afterAllAttempts(authenticationToken, beforeAllAttempts);
    }

    protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken authenticationToken) {
        if (!realm.supports(authenticationToken)) {
            throw new UnsupportedTokenException("Realm [" + realm + "] does not support authentication token [" + authenticationToken + "].  Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.");
        }
        AuthenticationInfo authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
        if (authenticationInfo != null) {
            return authenticationInfo;
        }
        throw new UnknownAccountException("Realm [" + realm + "] was unable to find account data for the submitted AuthenticationToken [" + authenticationToken + "].");
    }

    public AuthenticationStrategy getAuthenticationStrategy() {
        return this.authenticationStrategy;
    }

    protected Collection<Realm> getRealms() {
        return this.realms;
    }

    @Override // org.apache.shiro.authc.AbstractAuthenticator, org.apache.shiro.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
        super.onLogout(principalCollection);
        Collection<Realm> realms = getRealms();
        if (CollectionUtils.isEmpty(realms)) {
            return;
        }
        for (Realm realm : realms) {
            if (realm instanceof LogoutAware) {
                ((LogoutAware) realm).onLogout(principalCollection);
            }
        }
    }

    public void setAuthenticationStrategy(AuthenticationStrategy authenticationStrategy) {
        this.authenticationStrategy = authenticationStrategy;
    }

    public void setRealms(Collection<Realm> collection) {
        this.realms = collection;
    }
}
