package com.networknt.oauth.auth;

import com.hazelcast.map.IMap;
import com.networknt.ldap.LdapUtil;
import com.networknt.oauth.cache.CacheStartupHookProvider;
import com.networknt.oauth.cache.model.User;
import com.networknt.oauth.security.LightGSSContextCredential;
import com.networknt.oauth.security.LightPasswordCredential;
import com.networknt.utility.HashUtil;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/auth/DefaultAuthenticator.class */
public class DefaultAuthenticator extends AuthenticatorBase<DefaultAuth> {
    private static final Logger logger = LoggerFactory.getLogger(DefaultAuthenticator.class);

    @Override // com.networknt.oauth.auth.Authenticator
    public Account authenticate(final String str, Credential credential) {
        IMap map = CacheStartupHookProvider.hz.getMap("users");
        Account account = getAccount(str);
        if (credential instanceof LightPasswordCredential) {
            LightPasswordCredential lightPasswordCredential = (LightPasswordCredential) credential;
            char[] password = lightPasswordCredential.getPassword();
            lightPasswordCredential.getClientAuthClass();
            lightPasswordCredential.getUserType();
            try {
                boolean validatePassword = HashUtil.validatePassword(password, ((User) map.get(account.getPrincipal().getName())).getPassword());
                Arrays.fill(password, ' ');
                if (!validatePassword) {
                    return null;
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                logger.error("Exception:", e);
                return null;
            }
        } else if (credential instanceof LightGSSContextCredential) {
            return new Account() { // from class: com.networknt.oauth.auth.DefaultAuthenticator.1
                private Set<String> roles;
                private final Principal principal;

                {
                    this.roles = LdapUtil.authorize(str);
                    String str2 = str;
                    this.principal = () -> {
                        return str2;
                    };
                }

                public Principal getPrincipal() {
                    return this.principal;
                }

                public Set<String> getRoles() {
                    return this.roles;
                }
            };
        }
        return account;
    }

    private Account getAccount(final String str) {
        final IMap map = CacheStartupHookProvider.hz.getMap("users");
        if (map.containsKey(str)) {
            return new Account() { // from class: com.networknt.oauth.auth.DefaultAuthenticator.2
                private Set<String> roles;
                private final Principal principal;

                {
                    this.roles = DefaultAuthenticator.this.parseRoles(((User) map.get(str)).getRoles());
                    String str2 = str;
                    this.principal = () -> {
                        return str2;
                    };
                }

                public Principal getPrincipal() {
                    return this.principal;
                }

                public Set<String> getRoles() {
                    return this.roles;
                }
            };
        }
        return null;
    }

    public Set<String> parseRoles(String str) {
        Set<String> set = Collections.EMPTY_SET;
        if (str != null) {
            String trim = str.trim();
            if (trim.contains(" ")) {
                set = new HashSet(Arrays.asList(trim.split("\\s+")));
            } else {
                set = new HashSet();
                set.add(trim);
            }
        }
        return set;
    }
}
