package org.yamcs.security;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.YConfiguration;
import org.yamcs.http.HttpServer;
import org.yamcs.http.auth.LoginRequest;
import org.yamcs.utils.YObjectLoader;

/* loaded from: input_file:org/yamcs/security/YamlAuthModule.class */
public class YamlAuthModule implements AuthModule {
    private boolean required;
    private PasswordHasher passwordHasher;
    private Map<String, Map<String, Object>> userDefs = new HashMap();
    private Map<String, Map<String, Object>> roleDefs = new HashMap();

    @Override // org.yamcs.security.AuthModule
    public Spec getSpec() {
        Spec spec = new Spec();
        spec.addOption("required", Spec.OptionType.BOOLEAN).withDefault(false);
        spec.addOption("hasher", Spec.OptionType.STRING);
        return spec;
    }

    @Override // org.yamcs.security.AuthModule
    public void init(YConfiguration yConfiguration) throws InitException {
        this.required = yConfiguration.getBoolean("required");
        if (yConfiguration.containsKey("hasher")) {
            this.passwordHasher = (PasswordHasher) YObjectLoader.loadObject(yConfiguration.getString("hasher"), new Object[0]);
        }
        if (YConfiguration.isDefined("users")) {
            Map<String, Object> root = YConfiguration.getConfiguration("users").getRoot();
            for (String str : root.keySet()) {
                if (YConfiguration.isNull(root, str)) {
                    this.userDefs.put(str, Collections.emptyMap());
                } else {
                    this.userDefs.put(str, YConfiguration.getMap(root, str));
                }
            }
        }
        if (YConfiguration.isDefined("roles")) {
            Map<String, Object> root2 = YConfiguration.getConfiguration("roles").getRoot();
            for (String str2 : root2.keySet()) {
                if (!YConfiguration.isNull(root2, str2)) {
                    this.roleDefs.put(str2, YConfiguration.getMap(root2, str2));
                }
            }
        }
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        String principal = ((UsernamePasswordToken) authenticationToken).getPrincipal();
        char[] password = ((UsernamePasswordToken) authenticationToken).getPassword();
        Map<String, Object> map = this.userDefs.get(principal);
        if (map == null || !map.containsKey(LoginRequest.PASSWORD) || YConfiguration.getString(map, LoginRequest.PASSWORD).trim().isEmpty()) {
            return null;
        }
        String string = YConfiguration.getString(map, LoginRequest.PASSWORD);
        if (this.passwordHasher != null) {
            if (!this.passwordHasher.validatePassword(password, string)) {
                throw new AuthenticationException("Password does not match");
            }
        } else if (!Arrays.equals(string.toCharArray(), password)) {
            throw new AuthenticationException("Password does not match");
        }
        AuthenticationInfo authenticationInfo = new AuthenticationInfo(this, principal);
        authenticationInfo.addExternalIdentity(getClass().getName(), principal);
        String trim = YConfiguration.getString(map, "displayName", HttpServer.TYPE_URL_PREFIX).trim();
        if (!trim.isEmpty()) {
            authenticationInfo.setDisplayName(trim);
        }
        String trim2 = YConfiguration.getString(map, "email", HttpServer.TYPE_URL_PREFIX).trim();
        if (!trim2.isEmpty()) {
            authenticationInfo.setEmail(trim2);
        }
        return authenticationInfo;
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException {
        String username = authenticationInfo.getUsername();
        AuthorizationInfo authorizationInfo = new AuthorizationInfo();
        Map<String, Object> map = this.userDefs.get(username);
        if (map != null) {
            if (YConfiguration.getBoolean(map, "superuser", false)) {
                authorizationInfo.grantSuperuser();
            }
            if (map.containsKey("roles")) {
                for (String str : YConfiguration.getList(map, "roles")) {
                    if (this.roleDefs.containsKey(str)) {
                        this.roleDefs.get(str).forEach((str2, obj) -> {
                            if (str2.equals("System")) {
                                Iterator it = ((List) obj).iterator();
                                while (it.hasNext()) {
                                    authorizationInfo.addSystemPrivilege(new SystemPrivilege((String) it.next()));
                                }
                            } else {
                                if (str2.equals("default")) {
                                    return;
                                }
                                ObjectPrivilegeType objectPrivilegeType = new ObjectPrivilegeType(str2);
                                Iterator it2 = ((List) obj).iterator();
                                while (it2.hasNext()) {
                                    authorizationInfo.addObjectPrivilege(new ObjectPrivilege(objectPrivilegeType, (String) it2.next()));
                                }
                            }
                        });
                    }
                }
            }
        } else if (this.required) {
            throw new AuthorizationException("Cannot find user '" + username + "' in users.yaml");
        }
        return authorizationInfo;
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        return true;
    }
}
