package io.inverno.mod.security.authentication;

import io.inverno.mod.security.authentication.Credentials;
import io.inverno.mod.security.authentication.PrincipalAuthentication;
import io.inverno.mod.security.authentication.PrincipalCredentials;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/inverno/mod/security/authentication/AbstractPrincipalAuthenticator.class */
public abstract class AbstractPrincipalAuthenticator<A extends PrincipalCredentials, B extends Credentials, C extends PrincipalAuthentication> implements Authenticator<A, C> {
    private static final Logger LOGGER = LogManager.getLogger(AbstractPrincipalAuthenticator.class);
    protected final CredentialsResolver<? extends B> credentialsResolver;
    protected final CredentialsMatcher<? super A, ? super B> credentialsMatcher;
    private boolean terminal = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractPrincipalAuthenticator(CredentialsResolver<? extends B> credentialsResolver, CredentialsMatcher<? super A, ? super B> credentialsMatcher) {
        this.credentialsResolver = credentialsResolver;
        this.credentialsMatcher = credentialsMatcher;
    }

    public void setTerminal(boolean z) {
        this.terminal = z;
    }

    @Override // io.inverno.mod.security.authentication.Authenticator
    public Mono<C> authenticate(A a) {
        return this.credentialsResolver.resolveCredentials(a.getUsername()).switchIfEmpty(Mono.error(() -> {
            return new CredentialsNotFoundException("Credentials not found");
        })).map(credentials -> {
            if (this.credentialsMatcher.matches(a, credentials)) {
                return createAuthenticated(credentials);
            }
            throw new InvalidCredentialsException("Invalid credentials");
        }).onErrorResume(AuthenticationException.class, authenticationException -> {
            if (this.terminal) {
                return Mono.just(createDenied(a, authenticationException));
            }
            LOGGER.error("Failed to authenticate", authenticationException);
            return Mono.empty();
        });
    }

    protected abstract C createAuthenticated(B b) throws AuthenticationException;

    protected abstract C createDenied(A a, AuthenticationException authenticationException) throws AuthenticationException;
}
