package oracle.kv.impl.security.metadata;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.KVStoreRolePrincipal;
import oracle.kv.impl.security.KVStoreUserPrincipal;
import oracle.kv.impl.security.RoleInstance;
import oracle.kv.impl.security.metadata.SecurityMetadata;

/* loaded from: input_file:oracle/kv/impl/security/metadata/KVStoreUser.class */
public class KVStoreUser extends SecurityMetadata.SecurityElement {
    private static final long serialVersionUID = 1;
    private static final Set<String> USER_V1_DEFAULT_ROLES = Collections.unmodifiableSet(new HashSet(Arrays.asList(RoleInstance.PUBLIC_NAME, RoleInstance.READWRITE_NAME)));
    private static final Set<String> ADMIN_V1_DEFAULT_ROLES = Collections.unmodifiableSet(new HashSet(Arrays.asList(RoleInstance.SYSADMIN_NAME, RoleInstance.READWRITE_NAME, RoleInstance.PUBLIC_NAME)));
    final String userName;
    private UserType userType;
    private PasswordHashDigest primaryPassword;
    private PasswordHashDigest retainedPassword;
    private SizedPrevPasswordList rememberedPasswords;
    private boolean enabled;
    boolean isAdmin;

    /* loaded from: input_file:oracle/kv/impl/security/metadata/KVStoreUser$KVStoreUserV2.class */
    static class KVStoreUserV2 extends KVStoreUser {
        private static final long serialVersionUID = 1;
        private final Set<String> grantedRoles;

        private KVStoreUserV2(String str) {
            super(str);
            this.grantedRoles = new HashSet();
            this.grantedRoles.add(RoleInstance.PUBLIC_NAME);
        }

        private KVStoreUserV2(KVStoreUser kVStoreUser) {
            super();
            this.grantedRoles = new HashSet();
            this.grantedRoles.addAll(kVStoreUser.getGrantedRoles());
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public KVStoreUserV2 setAdmin(boolean z) {
            if (z != isAdmin()) {
                this.isAdmin = z;
                if (this.isAdmin) {
                    this.grantedRoles.add(RoleInstance.SYSADMIN_NAME);
                } else {
                    this.grantedRoles.remove(RoleInstance.SYSADMIN_NAME);
                }
            }
            return this;
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public KVStoreUserV2 grantRoles(Collection<String> collection) {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                this.grantedRoles.add(RoleInstance.getNormalizedName(it.next()));
            }
            return this;
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public KVStoreUserV2 revokeRoles(Collection<String> collection) {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                this.grantedRoles.remove(RoleInstance.getNormalizedName(it.next()));
            }
            return this;
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public Set<String> getGrantedRoles() {
            return Collections.unmodifiableSet(this.grantedRoles);
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser, oracle.kv.impl.security.metadata.SecurityMetadata.SecurityElement
        /* renamed from: clone */
        public KVStoreUserV2 mo670clone() {
            return new KVStoreUserV2(this);
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public Subject makeKVSubject() {
            String elementId = getElementId();
            HashSet hashSet = new HashSet();
            Iterator<String> it = getGrantedRoles().iterator();
            while (it.hasNext()) {
                hashSet.add(KVStoreRolePrincipal.get(it.next()));
            }
            hashSet.add(new KVStoreUserPrincipal(this.userName, elementId));
            return new Subject(true, hashSet, new HashSet(), new HashSet());
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public /* bridge */ /* synthetic */ KVStoreUser revokeRoles(Collection collection) {
            return revokeRoles((Collection<String>) collection);
        }

        @Override // oracle.kv.impl.security.metadata.KVStoreUser
        public /* bridge */ /* synthetic */ KVStoreUser grantRoles(Collection collection) {
            return grantRoles((Collection<String>) collection);
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/metadata/KVStoreUser$SizedPrevPasswordList.class */
    private class SizedPrevPasswordList implements Serializable, Cloneable {
        private static final long serialVersionUID = 1;
        private static final int MAX_REMEMBER = 256;
        private final LinkedList<PasswordHashDigest> prevPassList;

        private SizedPrevPasswordList() {
            this.prevPassList = new LinkedList<>();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized void add(PasswordHashDigest passwordHashDigest) {
            while (this.prevPassList.size() >= MAX_REMEMBER) {
                this.prevPassList.remove();
            }
            this.prevPassList.add(passwordHashDigest.m691clone());
        }

        public synchronized PasswordHashDigest[] getRememberedPasswords(int i) {
            int size = this.prevPassList.size() >= i ? i : this.prevPassList.size();
            PasswordHashDigest[] passwordHashDigestArr = new PasswordHashDigest[size];
            int i2 = 0;
            Iterator<PasswordHashDigest> descendingIterator = this.prevPassList.descendingIterator();
            while (descendingIterator.hasNext()) {
                passwordHashDigestArr[i2] = descendingIterator.next().m691clone();
                i2++;
                if (i2 == size) {
                    break;
                }
            }
            return passwordHashDigestArr;
        }

        /* renamed from: clone, reason: merged with bridge method [inline-methods] */
        public synchronized SizedPrevPasswordList m689clone() {
            SizedPrevPasswordList sizedPrevPasswordList = new SizedPrevPasswordList();
            Iterator<PasswordHashDigest> it = this.prevPassList.iterator();
            while (it.hasNext()) {
                sizedPrevPasswordList.add(it.next().m691clone());
            }
            return sizedPrevPasswordList;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/metadata/KVStoreUser$UserDescription.class */
    public static class UserDescription implements Serializable {
        private static final long serialVersionUID = 1;
        private final String brief;
        private final String briefAsJSON;
        private final String details;
        private final String detailsAsJSON;

        public UserDescription(String str, String str2, String str3, String str4) {
            this.brief = str;
            this.briefAsJSON = str2;
            this.details = str3;
            this.detailsAsJSON = str4;
        }

        public String brief() {
            return this.brief;
        }

        public String briefAsJSON() {
            return this.briefAsJSON;
        }

        public String details() {
            return this.details;
        }

        public String detailsAsJSON() {
            return this.detailsAsJSON;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/metadata/KVStoreUser$UserType.class */
    public enum UserType {
        LOCAL,
        EXTERNAL
    }

    public static KVStoreUser newInstance(String str, boolean z) {
        return z ? new KVStoreUserV2(str) : new KVStoreUser(str);
    }

    private KVStoreUser(String str) {
        this.userType = UserType.LOCAL;
        this.userName = str;
    }

    private KVStoreUser(KVStoreUser kVStoreUser) {
        super(kVStoreUser);
        this.userType = UserType.LOCAL;
        this.userName = kVStoreUser.userName;
        this.userType = kVStoreUser.userType;
        this.enabled = kVStoreUser.enabled;
        this.isAdmin = kVStoreUser.isAdmin;
        this.primaryPassword = kVStoreUser.primaryPassword == null ? null : kVStoreUser.primaryPassword.m691clone();
        this.retainedPassword = kVStoreUser.retainedPassword == null ? null : kVStoreUser.retainedPassword.m691clone();
        this.rememberedPasswords = kVStoreUser.rememberedPasswords == null ? null : kVStoreUser.rememberedPasswords.m689clone();
    }

    public KVStoreUser setUserType(UserType userType) {
        this.userType = userType;
        return this;
    }

    public UserType getUserType() {
        return this.userType;
    }

    public String getName() {
        return this.userName;
    }

    public KVStoreUser setPassword(PasswordHashDigest passwordHashDigest) {
        if (this.userType == UserType.EXTERNAL) {
            throw new IllegalStateException("Cannnot set password for external user");
        }
        this.primaryPassword = passwordHashDigest;
        if (this.rememberedPasswords == null) {
            this.rememberedPasswords = new SizedPrevPasswordList();
        }
        this.rememberedPasswords.add(passwordHashDigest);
        return this;
    }

    public KVStoreUser setPasswordLifetime(long j) {
        if (this.userType == UserType.EXTERNAL) {
            throw new IllegalStateException("Cannnot set password lifetime for external user");
        }
        this.primaryPassword.setLifetime(j);
        return this;
    }

    public KVStoreUser retainPassword() {
        if (this.userType == UserType.EXTERNAL) {
            throw new IllegalStateException("Cannnot retain password for external user");
        }
        if (retainedPasswordValid()) {
            throw new IllegalStateException("Could not override an existing retained password.");
        }
        this.retainedPassword = this.primaryPassword;
        this.retainedPassword.refreshCreateTime();
        return this;
    }

    public PasswordHashDigest getPassword() {
        return this.primaryPassword;
    }

    public PasswordHashDigest getRetainedPassword() {
        return this.retainedPassword;
    }

    public PasswordHashDigest[] getRememberedPasswords(int i) {
        if (this.rememberedPasswords != null) {
            return this.rememberedPasswords.getRememberedPasswords(i);
        }
        return null;
    }

    public void clearRetainedPassword() {
        this.retainedPassword = null;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public boolean isAdmin() {
        return getGrantedRoles().contains(RoleInstance.SYSADMIN_NAME);
    }

    public boolean retainedPasswordValid() {
        return (this.retainedPassword == null || this.retainedPassword.isExpired()) ? false : true;
    }

    public KVStoreUser setAdmin(boolean z) {
        this.isAdmin = z;
        return this;
    }

    public KVStoreUser setEnabled(boolean z) {
        this.enabled = z;
        return this;
    }

    public UserDescription getDescription() {
        String format = retainedPasswordValid() ? String.format("active [expiration: %s]", String.format("%d minutes", Long.valueOf(TimeUnit.MILLISECONDS.toMinutes(this.retainedPassword.getLifetime())))) : "inactive";
        return new UserDescription(toString(), String.format("{\"id\":\"%s\", \"name\":\"%s\"}", super.getElementId(), this.userName), String.format("%s enabled=%b auth-type=%s" + (this.userType == UserType.EXTERNAL ? "" : " retain-passwd=" + format) + " granted-roles=%s", toString(), Boolean.valueOf(this.enabled), this.userType, getGrantedRoles()), String.format("{\"id\":\"%s\", \"name\":\"%s\", \"enabled\":\"%b\", \"type\":\"%s\", " + (this.userType == UserType.EXTERNAL ? "" : "\"retain-passwd\":\"" + format + "\", ") + "\"granted-roles\":%s}", getElementId(), this.userName, Boolean.valueOf(this.enabled), this.userType, grantedRolesAsJSON()));
    }

    public KVStoreUser grantRoles(Collection<String> collection) {
        return new KVStoreUserV2().grantRoles(collection);
    }

    public KVStoreUser revokeRoles(Collection<String> collection) {
        return new KVStoreUserV2().revokeRoles(collection);
    }

    public Set<String> getGrantedRoles() {
        return this.isAdmin ? ADMIN_V1_DEFAULT_ROLES : USER_V1_DEFAULT_ROLES;
    }

    private String grantedRolesAsJSON() {
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        boolean z = true;
        for (String str : getGrantedRoles()) {
            if (z) {
                z = false;
            } else {
                sb.append(ParameterUtils.HELPER_HOST_SEPARATOR);
            }
            sb.append("\"");
            sb.append(str);
            sb.append("\"");
        }
        sb.append("]");
        return sb.toString();
    }

    public boolean verifyPassword(char[] cArr) {
        if (this.userType == UserType.EXTERNAL) {
            throw new IllegalStateException("Cannnot verify password for external user");
        }
        if (cArr == null || cArr.length == 0 || !isEnabled()) {
            return false;
        }
        return getPassword().verifyPassword(cArr) || (retainedPasswordValid() && getRetainedPassword().verifyPassword(cArr));
    }

    public boolean isPasswordExpired() {
        if (this.userType == UserType.EXTERNAL) {
            throw new IllegalStateException("Cannnot determine the password expiration for external user");
        }
        return this.primaryPassword.isExpired();
    }

    public Subject makeKVSubject() {
        String elementId = getElementId();
        HashSet hashSet = new HashSet();
        hashSet.add(KVStoreRolePrincipal.AUTHENTICATED);
        if (this.isAdmin) {
            hashSet.add(KVStoreRolePrincipal.ADMIN);
        }
        hashSet.add(new KVStoreUserPrincipal(this.userName, elementId));
        return new Subject(true, hashSet, new HashSet(), new HashSet());
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMetadata.SecurityElement
    public SecurityMetadata.SecurityElementType getElementType() {
        return SecurityMetadata.SecurityElementType.KVSTOREUSER;
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMetadata.SecurityElement
    public int hashCode() {
        return 527 + (this.userName == null ? 0 : this.userName.hashCode());
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMetadata.SecurityElement
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof KVStoreUser) || !super.equals(obj)) {
            return false;
        }
        KVStoreUser kVStoreUser = (KVStoreUser) obj;
        return this.userName == null ? kVStoreUser.userName == null : this.userName.equals(kVStoreUser.userName);
    }

    public String toString() {
        return String.format("id=%s name=%s", super.getElementId(), this.userName);
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMetadata.SecurityElement
    /* renamed from: clone */
    public KVStoreUser mo670clone() {
        return new KVStoreUser(this);
    }
}
