package com.addc.commons.jmx.auth;

import com.addc.commons.Constants;
import com.addc.commons.i18n.I18nTextFactory;
import com.addc.commons.i18n.Translator;
import com.addc.commons.passwd.PasswordEncryptor;
import com.addc.commons.properties.PropertiesLoader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/addc/commons/jmx/auth/JMXPropertiesAuthenticator.class */
public class JMXPropertiesAuthenticator implements JMXAuthenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger(JMXPropertiesAuthenticator.class);
    static final String LOGIN_CONFIG_NAME = "JMXPropertiesAuthenticator";
    private final Map<String, UserDetails> userDetails = new ConcurrentHashMap();
    private final PasswordEncryptor cipher = new PasswordEncryptor();
    private final Translator translator = I18nTextFactory.getTranslator("com.addc.commons.Messages");

    public JMXPropertiesAuthenticator(String str) throws IOException {
        initialize(PropertiesLoader.getInstance().load(str));
    }

    private void initialize(Properties properties) {
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            this.userDetails.put(str, new UserDetails(str, (String) entry.getValue()));
        }
    }

    public Subject authenticate(Object obj) {
        String[] credentialsStrings = getCredentialsStrings(obj);
        validateCredentialsStrings(credentialsStrings);
        if (!this.userDetails.containsKey(credentialsStrings[0])) {
            String translate = this.translator.translate(Constants.ERROR_CREDS_UNKNOWN_USER, new Object[]{credentialsStrings[0]});
            LOGGER.warn(translate);
            throw new SecurityException(translate);
        }
        UserDetails userDetails = this.userDetails.get(credentialsStrings[0]);
        checkPasswordMatch(credentialsStrings, userDetails);
        LOGGER.info("Authentication {}: success", credentialsStrings[0]);
        return new Subject(true, Collections.singleton(new JMXPrincipal(credentialsStrings[0])), userDetails.getRoles(), Collections.EMPTY_SET);
    }

    private void checkPasswordMatch(String[] strArr, UserDetails userDetails) throws SecurityException {
        boolean z = false;
        try {
            z = this.cipher.decrypt(userDetails.getPasswd()).equals(strArr[1]);
        } catch (GeneralSecurityException e) {
            LOGGER.error("Failed to decrypt password", e);
        }
        if (z) {
            return;
        }
        String translate = this.translator.translate(Constants.ERROR_CREDS_INVALID_PWD, new Object[]{strArr[0]});
        LOGGER.warn(translate);
        throw new SecurityException(translate);
    }

    private void validateCredentialsStrings(String[] strArr) throws SecurityException {
        if (strArr.length != 2) {
            LOGGER.error("Credentials must be array of 2 strings not {}", Integer.valueOf(strArr.length));
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (StringUtils.isBlank(strArr[0])) {
            LOGGER.error("Credentials must contains a user user name");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (StringUtils.isBlank(strArr[1])) {
            LOGGER.error("Credentials must contain a password");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
    }

    private String[] getCredentialsStrings(Object obj) throws SecurityException {
        if (obj == null) {
            LOGGER.error("Credentials required cannot be null");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (obj instanceof String[]) {
            return (String[]) obj;
        }
        LOGGER.error("Invalid credential type must be String[]");
        throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
    }
}
