package org.yamcs.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yamcs.YConfiguration;
import org.yamcs.utils.YObjectLoader;

/* loaded from: input_file:org/yamcs/security/YamlAuthModule.class */
public class YamlAuthModule implements AuthModule {
    private static final Logger log = LoggerFactory.getLogger(YamlAuthModule.class);
    private boolean required;
    private PasswordHasher passwordHasher;
    private Map<String, Map<String, Object>> userDefs;
    private Map<String, Map<String, Object>> roleDefs;

    public YamlAuthModule() throws IOException {
        this(Collections.emptyMap());
    }

    public YamlAuthModule(Map<String, Object> map) throws IOException {
        this.userDefs = new HashMap();
        this.roleDefs = new HashMap();
        this.required = YConfiguration.getBoolean(map, "required", false);
        if (map.containsKey("hasher")) {
            this.passwordHasher = (PasswordHasher) YObjectLoader.loadObject(YConfiguration.getString(map, "hasher"), new Object[0]);
        }
        if (YConfiguration.isDefined("users")) {
            Map root = YConfiguration.getConfiguration("users").getRoot();
            for (String str : root.keySet()) {
                if (YConfiguration.isNull(root, str)) {
                    this.userDefs.put(str, Collections.emptyMap());
                } else {
                    this.userDefs.put(str, YConfiguration.getMap(root, str));
                }
            }
        }
        if (YConfiguration.isDefined("roles")) {
            Map root2 = YConfiguration.getConfiguration("roles").getRoot();
            for (String str2 : root2.keySet()) {
                if (!YConfiguration.isNull(root2, str2)) {
                    this.roleDefs.put(str2, YConfiguration.getMap(root2, str2));
                }
            }
        }
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        String principal = authenticationToken.getPrincipal();
        char[] password = ((UsernamePasswordToken) authenticationToken).getPassword();
        Map<String, Object> map = this.userDefs.get(principal);
        if (map == null || !map.containsKey("password") || YConfiguration.getString(map, "password").trim().isEmpty()) {
            log.debug("User does not exist");
            return null;
        }
        String string = YConfiguration.getString(map, "password");
        if (this.passwordHasher != null) {
            try {
                if (!this.passwordHasher.validatePassword(password, string)) {
                    throw new AuthenticationException("Password does not match");
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new AuthenticationException(e);
            }
        } else if (!Arrays.equals(string.toCharArray(), password)) {
            throw new AuthenticationException("Password does not match");
        }
        return new AuthenticationInfo(this, principal);
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException {
        String principal = authenticationInfo.getPrincipal();
        AuthorizationInfo authorizationInfo = new AuthorizationInfo();
        Map<String, Object> map = this.userDefs.get(principal);
        if (map != null) {
            if (YConfiguration.getBoolean(map, "superuser", false)) {
                authorizationInfo.grantSuperuser();
            }
            if (map.containsKey("roles")) {
                for (String str : YConfiguration.getList(map, "roles")) {
                    if (this.roleDefs.containsKey(str)) {
                        this.roleDefs.get(str).forEach((str2, obj) -> {
                            if (str2.equals("System")) {
                                Iterator it = ((List) obj).iterator();
                                while (it.hasNext()) {
                                    authorizationInfo.addSystemPrivilege(new SystemPrivilege((String) it.next()));
                                }
                            } else {
                                ObjectPrivilegeType objectPrivilegeType = new ObjectPrivilegeType(str2);
                                Iterator it2 = ((List) obj).iterator();
                                while (it2.hasNext()) {
                                    authorizationInfo.addObjectPrivilege(new ObjectPrivilege(objectPrivilegeType, (String) it2.next()));
                                }
                            }
                        });
                    }
                }
            }
        } else if (this.required) {
            throw new AuthorizationException("Cannot find user '" + principal + "' in users.yaml");
        }
        return authorizationInfo;
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(User user) {
        return true;
    }
}
