package com.floragunn.searchguard.auth.internal;

import com.floragunn.searchguard.auth.AuthenticationBackend;
import com.floragunn.searchguard.auth.AuthorizationBackend;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/auth/internal/InternalAuthenticationBackend.class */
public class InternalAuthenticationBackend implements AuthenticationBackend, AuthorizationBackend {
    private final ConfigurationRepository configurationRepository;

    public InternalAuthenticationBackend(ConfigurationRepository configurationRepository) {
        this.configurationRepository = configurationRepository;
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public boolean exists(User user) {
        Settings configSettings = getConfigSettings();
        if (configSettings == null) {
            return false;
        }
        String str = configSettings.get(user.getName() + ".hash");
        if (str == null) {
            Iterator it = configSettings.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (user.getName().equals(configSettings.get(str2 + ".username"))) {
                    str = configSettings.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                return false;
            }
        }
        List asList = configSettings.getAsList(user.getName() + ".roles", Collections.emptyList());
        if (asList == null) {
            return true;
        }
        user.addRoles(asList);
        return true;
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend
    public User authenticate(AuthCredentials authCredentials) {
        Settings configSettings = getConfigSettings();
        if (configSettings == null) {
            throw new ElasticsearchSecurityException("Internal authentication backend not configured. May be Search Guard is not initialized. See http://docs.search-guard.com/v6/sgadmin", new Object[0]);
        }
        String str = configSettings.get(authCredentials.getUsername() + ".hash");
        if (str == null) {
            Iterator it = configSettings.names().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (authCredentials.getUsername().equals(configSettings.get(str2 + ".username"))) {
                    str = configSettings.get(str2 + ".hash");
                    break;
                }
            }
            if (str == null) {
                throw new ElasticsearchSecurityException(authCredentials.getUsername() + " not found", new Object[0]);
            }
        }
        byte[] password = authCredentials.getPassword();
        if (password == null || password.length == 0) {
            throw new ElasticsearchSecurityException("empty passwords not supported", new Object[0]);
        }
        ByteBuffer wrap = ByteBuffer.wrap(password);
        CharBuffer decode = StandardCharsets.UTF_8.decode(wrap);
        char[] cArr = new char[decode.limit()];
        decode.get(cArr);
        Arrays.fill(password, (byte) 0);
        try {
            if (!OpenBSDBCrypt.checkPassword(str, cArr)) {
                throw new ElasticsearchSecurityException("password does not match", new Object[0]);
            }
            List asList = configSettings.getAsList(authCredentials.getUsername() + ".roles", Collections.emptyList());
            Settings asSettings = configSettings.getAsSettings(authCredentials.getUsername() + ".attributes");
            if (asSettings != null) {
                for (String str3 : asSettings.names()) {
                    authCredentials.addAttribute("attr.internal." + str3, asSettings.get(str3));
                }
            }
            User user = new User(authCredentials.getUsername(), asList, authCredentials);
            Arrays.fill(wrap.array(), (byte) 0);
            Arrays.fill(decode.array(), (char) 0);
            Arrays.fill(cArr, (char) 0);
            return user;
        } catch (Throwable th) {
            Arrays.fill(wrap.array(), (byte) 0);
            Arrays.fill(decode.array(), (char) 0);
            Arrays.fill(cArr, (char) 0);
            throw th;
        }
    }

    @Override // com.floragunn.searchguard.auth.AuthenticationBackend, com.floragunn.searchguard.auth.AuthorizationBackend
    public String getType() {
        return "internal";
    }

    private Settings getConfigSettings() {
        return this.configurationRepository.getConfiguration(ConfigConstants.CONFIGNAME_INTERNAL_USERS);
    }

    @Override // com.floragunn.searchguard.auth.AuthorizationBackend
    public void fillRoles(User user, AuthCredentials authCredentials) throws ElasticsearchSecurityException {
        Settings configSettings = getConfigSettings();
        if (configSettings == null) {
            throw new ElasticsearchSecurityException("Internal authentication backend not configured. May be Search Guard is not initialized. See http://docs.search-guard.com/v6/sgadmin", new Object[0]);
        }
        List asList = configSettings.getAsList(authCredentials.getUsername() + ".roles", Collections.emptyList());
        if (asList == null || asList.isEmpty() || user == null) {
            return;
        }
        user.addRoles(asList);
    }
}
