package oracle.kv.impl.admin;

import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import javax.security.auth.Subject;
import oracle.kv.LoginCredentials;
import oracle.kv.impl.metadata.Metadata;
import oracle.kv.impl.security.Authenticator;
import oracle.kv.impl.security.ExecutionContext;
import oracle.kv.impl.security.KVStoreUserPrincipal;
import oracle.kv.impl.security.PasswordAuthenticator;
import oracle.kv.impl.security.UserVerifier;
import oracle.kv.impl.security.login.UserLoginCallbackHandler;
import oracle.kv.impl.security.metadata.KVStoreUser;
import oracle.kv.impl.security.metadata.SecurityMetadata;
import oracle.kv.impl.security.util.SecurityUtils;

/* loaded from: input_file:oracle/kv/impl/admin/AdminUserVerifier.class */
public class AdminUserVerifier implements UserVerifier {
    private final AdminService adminService;
    private final Authenticator defaultAuthenticator;
    private final Map<String, Authenticator> authenticators;

    /* loaded from: input_file:oracle/kv/impl/admin/AdminUserVerifier$AdminPasswordAuthenticator.class */
    private class AdminPasswordAuthenticator extends PasswordAuthenticator {
        private AdminPasswordAuthenticator() {
        }

        @Override // oracle.kv.impl.security.PasswordAuthenticator
        public KVStoreUser loadUserFromStore(String str) {
            SecurityMetadata securityMetadata = (SecurityMetadata) AdminUserVerifier.this.adminService.getAdmin().getMetadata(SecurityMetadata.class, Metadata.MetadataType.SECURITY);
            if (securityMetadata == null) {
                return null;
            }
            return securityMetadata.getUser(str);
        }

        @Override // oracle.kv.impl.security.PasswordAuthenticator
        public void logMessage(Level level, String str) {
            AdminUserVerifier.this.logMsg(level, str);
        }
    }

    public AdminUserVerifier(AdminService adminService) {
        this.adminService = adminService;
        if (adminService == null || adminService.getAdminSecurity() == null) {
            this.authenticators = new HashMap();
        } else {
            this.authenticators = adminService.getAdminSecurity().getAuthenticators();
        }
        this.defaultAuthenticator = new AdminPasswordAuthenticator();
    }

    @Override // oracle.kv.impl.security.UserVerifier
    public Subject verifyUser(LoginCredentials loginCredentials, UserLoginCallbackHandler userLoginCallbackHandler) {
        if (this.defaultAuthenticator.authenticate(loginCredentials, userLoginCallbackHandler)) {
            return makeUserSubject(loginCredentials.getUsername());
        }
        if (this.adminService == null) {
            return null;
        }
        for (String str : this.adminService.getParams().getGlobalParams().getUserExternalAuthMethods()) {
            Authenticator authenticator = this.authenticators.get(str);
            if (authenticator != null && authenticator.authenticate(loginCredentials, userLoginCallbackHandler)) {
                return userLoginCallbackHandler.getUserSessionInfo() != null ? userLoginCallbackHandler.getUserSessionInfo().getSubject() : makeUserSubject(loginCredentials.getUsername());
            }
        }
        return null;
    }

    @Override // oracle.kv.impl.security.UserVerifier
    public Subject verifyUser(Subject subject) {
        KVStoreUserPrincipal subjectUserPrincipal = ExecutionContext.getSubjectUserPrincipal(subject);
        if (subjectUserPrincipal == null) {
            return subject;
        }
        String userId = subjectUserPrincipal.getUserId();
        if (userId != null && userId.startsWith(SecurityUtils.IDCS_OAUTH_USER_ID_PREFIX)) {
            return subject;
        }
        SecurityMetadata securityMetadata = (SecurityMetadata) this.adminService.getAdmin().getMetadata(SecurityMetadata.class, Metadata.MetadataType.SECURITY);
        if (securityMetadata == null) {
            logMsg(Level.INFO, "Unable to verify user with no security metadata available");
            return null;
        }
        KVStoreUser user = securityMetadata.getUser(subjectUserPrincipal.getName());
        if (user != null && user.isEnabled()) {
            return subject;
        }
        logMsg(Level.INFO, "User " + subjectUserPrincipal.getName() + " is not valid");
        return null;
    }

    public boolean userDataExists() {
        SecurityMetadata securityMetadata = this.adminService.getAdmin() != null ? (SecurityMetadata) this.adminService.getAdmin().getMetadata(SecurityMetadata.class, Metadata.MetadataType.SECURITY) : null;
        return (securityMetadata == null || securityMetadata.getAllUsers().isEmpty()) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logMsg(Level level, String str) {
        if (this.adminService != null) {
            this.adminService.getLogger().log(level, str);
        }
    }

    private Subject makeUserSubject(String str) {
        SecurityMetadata securityMetadata = (SecurityMetadata) this.adminService.getAdmin().getMetadata(SecurityMetadata.class, Metadata.MetadataType.SECURITY);
        if (securityMetadata == null) {
            return null;
        }
        KVStoreUser user = securityMetadata.getUser(str);
        if (user != null && user.isEnabled()) {
            return user.makeKVSubject();
        }
        logMsg(Level.INFO, "User " + str + " is not valid");
        return null;
    }
}
