package org.neo4j.server.security.systemgraph;

import java.util.Map;
import org.neo4j.cypher.internal.security.FormatException;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.internal.kernel.api.security.SecurityContext;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.server.security.auth.AuthenticationStrategy;
import org.neo4j.server.security.auth.BasicLoginContext;

/* loaded from: input_file:org/neo4j/server/security/systemgraph/BasicSystemGraphRealm.class */
public class BasicSystemGraphRealm extends AuthManager {
    private final SystemGraphRealmHelper systemGraphRealmHelper;
    private final AuthenticationStrategy authenticationStrategy;

    public BasicSystemGraphRealm(SystemGraphRealmHelper systemGraphRealmHelper, AuthenticationStrategy authenticationStrategy) {
        this.systemGraphRealmHelper = systemGraphRealmHelper;
        this.authenticationStrategy = authenticationStrategy;
    }

    public LoginContext login(Map<String, Object> map) throws InvalidAuthTokenException {
        try {
            assertValidScheme(map);
            String safeCast = AuthToken.safeCast("principal", map);
            byte[] safeCastCredentials = AuthToken.safeCastCredentials("credentials", map);
            try {
                User user = this.systemGraphRealmHelper.getUser(safeCast);
                AuthenticationResult authenticate = this.authenticationStrategy.authenticate(user, safeCastCredentials);
                if (authenticate == AuthenticationResult.SUCCESS && user.passwordChangeRequired()) {
                    authenticate = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
                }
                BasicLoginContext basicLoginContext = new BasicLoginContext(user, authenticate);
                AuthToken.clearCredentials(map);
                return basicLoginContext;
            } catch (InvalidArgumentsException | FormatException e) {
                BasicLoginContext basicLoginContext2 = new BasicLoginContext(null, AuthenticationResult.FAILURE);
                AuthToken.clearCredentials(map);
                return basicLoginContext2;
            }
        } catch (Throwable th) {
            AuthToken.clearCredentials(map);
            throw th;
        }
    }

    public void log(String str, SecurityContext securityContext) {
    }

    private void assertValidScheme(Map<String, Object> map) throws InvalidAuthTokenException {
        String safeCast = AuthToken.safeCast("scheme", map);
        if (safeCast.equals("none")) {
            throw AuthToken.invalidToken(", scheme 'none' is only allowed when auth is disabled.");
        }
        if (!safeCast.equals("basic")) {
            throw AuthToken.invalidToken(", scheme '" + safeCast + "' is not supported.");
        }
    }
}
