package com.floragunn.searchguard.auth.internal;

import com.floragunn.searchguard.auth.AuthenticationBackend;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.crypto.BCrypt;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import java.util.Arrays;
import java.util.Iterator;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/auth/internal/InternalAuthenticationBackend.class */
public class InternalAuthenticationBackend implements AuthenticationBackend {
    private final ConfigurationRepository configurationRepository;

    public InternalAuthenticationBackend(ConfigurationRepository configurationRepository) {
        this.configurationRepository = configurationRepository;
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public boolean exists(User user) {
        Settings configSettings = getConfigSettings();
        if (configSettings == null) {
            return false;
        }
        String str = configSettings.get(user.getName() + ".hash");
        if (str == null) {
            Iterator it = configSettings.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (user.getName().equals(configSettings.get(str2 + ".username"))) {
                    str = configSettings.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                return false;
            }
        }
        String[] asArray = configSettings.getAsArray(user.getName() + ".roles", new String[0]);
        if (asArray == null) {
            return true;
        }
        user.addRoles(Arrays.asList(asArray));
        return true;
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public User authenticate(AuthCredentials authCredentials) {
        Settings configSettings = getConfigSettings();
        if (configSettings == null) {
            throw new ElasticsearchSecurityException("Internal authentication backend not configured. May be Search Guard is not initialized. See https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md", new Object[0]);
        }
        String str = configSettings.get(authCredentials.getUsername() + ".hash");
        if (str == null) {
            Iterator it = configSettings.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (authCredentials.getUsername().equals(configSettings.get(str2 + ".username"))) {
                    str = configSettings.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                throw new ElasticsearchSecurityException(authCredentials.getUsername() + " not found", new Object[0]);
            }
        }
        byte[] password = authCredentials.getPassword();
        if (password == null || password.length == 0) {
            throw new ElasticsearchSecurityException("empty passwords not supported", new Object[0]);
        }
        if (!BCrypt.checkpw(password, str)) {
            throw new ElasticsearchSecurityException("password does not match", new Object[0]);
        }
        return new User(authCredentials.getUsername(), Arrays.asList(configSettings.getAsArray(authCredentials.getUsername() + ".roles", new String[0])));
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public String getType() {
        return "internal";
    }

    private Settings getConfigSettings() {
        return this.configurationRepository.getConfiguration(ConfigConstants.CONFIGNAME_INTERNAL_USERS);
    }
}
