package org.yamcs.security;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.YConfiguration;
import org.yamcs.utils.YObjectLoader;

/* loaded from: input_file:org/yamcs/security/SingleUserAuthModule.class */
public class SingleUserAuthModule implements AuthModule {
    protected static final String OPTION_USERNAME = "username";
    protected static final String OPTION_PASSWORD = "password";
    protected static final String OPTION_NAME = "name";
    protected static final String OPTION_EMAIL = "email";
    protected static final String OPTION_SUPERUSER = "superuser";
    protected static final String OPTION_PRIVILEGES = "privileges";
    protected static final String OPTION_HASHER = "hasher";
    private AuthenticationInfo authenticationInfo;
    private AuthorizationInfo authorizationInfo;
    private PasswordHasher passwordHasher;
    private String expectedHash;

    @Override // org.yamcs.security.AuthModule
    public Spec getSpec() {
        Spec spec = new Spec();
        spec.addOption("username", Spec.OptionType.STRING).withRequired(true);
        spec.addOption("password", Spec.OptionType.STRING).withRequired(true).withSecret(true);
        spec.addOption("name", Spec.OptionType.STRING);
        spec.addOption(OPTION_EMAIL, Spec.OptionType.STRING);
        spec.addOption(OPTION_SUPERUSER, Spec.OptionType.BOOLEAN).withDefault(false);
        spec.addOption(OPTION_PRIVILEGES, Spec.OptionType.ANY);
        spec.addOption(OPTION_HASHER, Spec.OptionType.STRING);
        return spec;
    }

    @Override // org.yamcs.security.AuthModule
    public void init(YConfiguration yConfiguration) throws InitException {
        String string = yConfiguration.getString("username");
        this.authenticationInfo = new AuthenticationInfo(this, string);
        this.expectedHash = yConfiguration.getString("password");
        this.authenticationInfo.setDisplayName(yConfiguration.getString("username", string));
        this.authenticationInfo.setEmail(yConfiguration.getString(OPTION_EMAIL, (String) null));
        this.authorizationInfo = new AuthorizationInfo();
        if (yConfiguration.getBoolean(OPTION_SUPERUSER)) {
            this.authorizationInfo.grantSuperuser();
        }
        if (yConfiguration.containsKey(OPTION_PRIVILEGES)) {
            YConfiguration config = yConfiguration.getConfig(OPTION_PRIVILEGES);
            for (String str : config.getKeys()) {
                List list = config.getList(str);
                if (str.equals("System")) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        this.authorizationInfo.addSystemPrivilege(new SystemPrivilege((String) it.next()));
                    }
                } else {
                    ObjectPrivilegeType objectPrivilegeType = new ObjectPrivilegeType(str);
                    Iterator it2 = list.iterator();
                    while (it2.hasNext()) {
                        this.authorizationInfo.addObjectPrivilege(new ObjectPrivilege(objectPrivilegeType, (String) it2.next()));
                    }
                }
            }
        }
        if (yConfiguration.containsKey(OPTION_HASHER)) {
            this.passwordHasher = (PasswordHasher) YObjectLoader.loadObject(yConfiguration.getString(OPTION_HASHER), new Object[0]);
        }
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        String principal = ((UsernamePasswordToken) authenticationToken).getPrincipal();
        char[] password = ((UsernamePasswordToken) authenticationToken).getPassword();
        if (!principal.equals(this.authenticationInfo.getUsername())) {
            return null;
        }
        if (this.passwordHasher != null) {
            if (!this.passwordHasher.validatePassword(password, this.expectedHash)) {
                throw new AuthenticationException("Password does not match");
            }
        } else if (!Arrays.equals(this.expectedHash.toCharArray(), password)) {
            throw new AuthenticationException("Password does not match");
        }
        return this.authenticationInfo;
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException {
        return authenticationInfo.getUsername().equals(authenticationInfo.getUsername()) ? this.authorizationInfo : new AuthorizationInfo();
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        return this.authenticationInfo.equals(authenticationInfo);
    }
}
