package com.addc.server.commons.jmx.auth;

import com.addc.commons.Constants;
import com.addc.commons.i18n.I18nTextFactory;
import com.addc.commons.i18n.Translator;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/addc/server/commons/jmx/auth/JMXSpringAuthentication.class */
public class JMXSpringAuthentication implements JMXAuthenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger(JMXSpringAuthentication.class);
    private AuthenticationProvider provider;
    private final Translator translator = I18nTextFactory.getTranslator("com.addc.commons.Messages");
    private final String adminRole;
    private final String monitorRole;

    public JMXSpringAuthentication(String str, String str2) {
        this.adminRole = str;
        this.monitorRole = str2;
    }

    public Subject authenticate(Object obj) {
        if (this.provider == null) {
            throw new SecurityException("No authentication provider has been set, cannot authenticate anyone");
        }
        String[] credsStrArr = getCredsStrArr(obj);
        Authentication authenticate = this.provider.authenticate(new UsernamePasswordAuthenticationToken(credsStrArr[0], credsStrArr[1]));
        Collection authorities = authenticate.getAuthorities();
        HashSet hashSet = new HashSet();
        Iterator it = authorities.iterator();
        while (it.hasNext()) {
            hashSet.add(((GrantedAuthority) it.next()).getAuthority());
        }
        if (hashSet.contains(this.adminRole) || hashSet.contains(this.monitorRole)) {
            LOGGER.info("{} authenticated with granted authorities {}", authenticate.getName(), authenticate.getAuthorities());
            return new Subject(true, Collections.singleton(new JMXPrincipal(credsStrArr[0])), Collections.EMPTY_SET, hashSet);
        }
        String translate = this.translator.translate(Constants.ERROR_USER_NO_ACCESS, new Object[]{authenticate.getName()});
        LOGGER.error(translate);
        throw new SecurityException(translate);
    }

    public AuthenticationProvider getProvider() {
        return this.provider;
    }

    public void setProvider(AuthenticationProvider authenticationProvider) {
        this.provider = authenticationProvider;
    }

    private String[] getCredsStrArr(Object obj) throws SecurityException {
        if (obj == null) {
            LOGGER.error("Credentials required cannot be null");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (!(obj instanceof String[])) {
            LOGGER.error("Invalid credential type must be String[]");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        String[] strArr = (String[]) obj;
        areCredsValid(strArr);
        return strArr;
    }

    private void areCredsValid(String[] strArr) throws SecurityException {
        if (strArr.length != 2) {
            LOGGER.error("Credentials must be array of 2 strings not {}", Integer.valueOf(strArr.length));
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (StringUtils.isBlank(strArr[0])) {
            LOGGER.error("Credentials must contains a user user name");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
        if (StringUtils.isBlank(strArr[1])) {
            LOGGER.error("Credentials must contain a password");
            throw new SecurityException(this.translator.translate(Constants.ERROR_INVALID_CREDS));
        }
    }
}
