package com.floragunn.searchguard.auth.internal;

import com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction;
import com.floragunn.searchguard.auth.AuthenticationBackend;
import com.floragunn.searchguard.configuration.ConfigChangeListener;
import com.floragunn.searchguard.configuration.ConfigurationService;
import com.floragunn.searchguard.crypto.BCrypt;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import java.util.Arrays;
import java.util.Iterator;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/auth/internal/InternalAuthenticationBackend.class */
public class InternalAuthenticationBackend implements AuthenticationBackend, ConfigChangeListener {
    private volatile Settings br;

    @Inject
    public InternalAuthenticationBackend(Settings settings, TransportConfigUpdateAction transportConfigUpdateAction) {
        transportConfigUpdateAction.addConfigChangeListener(ConfigurationService.CONFIGNAME_INTERNAL_USERS, this);
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public boolean exists(User user) {
        if (!isInitialized()) {
            return false;
        }
        String str = this.br.get(user.getName() + ".hash");
        if (str == null) {
            Iterator it = this.br.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (user.getName().equals(this.br.get(str2 + ".username"))) {
                    str = this.br.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                return false;
            }
        }
        String[] asArray = this.br.getAsArray(user.getName() + ".roles", new String[0]);
        if (asArray == null) {
            return true;
        }
        user.addRoles(Arrays.asList(asArray));
        return true;
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public User authenticate(AuthCredentials authCredentials) {
        if (!isInitialized()) {
            throw new ElasticsearchSecurityException("Internal authentication backend not configured. May be Search Guard is not initialized.", new Object[0]);
        }
        String str = this.br.get(authCredentials.getUsername() + ".hash");
        if (str == null) {
            Iterator it = this.br.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (authCredentials.getUsername().equals(this.br.get(str2 + ".username"))) {
                    str = this.br.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                throw new ElasticsearchSecurityException(authCredentials.getUsername() + " not found", new Object[0]);
            }
        }
        byte[] password = authCredentials.getPassword();
        if (password == null || password.length == 0) {
            throw new ElasticsearchSecurityException("empty passwords not supported", new Object[0]);
        }
        if (!BCrypt.checkpw(password, str)) {
            throw new ElasticsearchSecurityException("password does not match", new Object[0]);
        }
        return new User(authCredentials.getUsername(), Arrays.asList(this.br.getAsArray(authCredentials.getUsername() + ".roles", new String[0])));
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public String getType() {
        return "internal";
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public void onChange(String str, Settings settings) {
        this.br = settings;
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public void validate(String str, Settings settings) throws ElasticsearchSecurityException {
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public boolean isInitialized() {
        return this.br != null;
    }
}
