package org.yamcs.security;

import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.YConfiguration;
import org.yamcs.YamcsServer;

/* loaded from: input_file:org/yamcs/security/DirectoryAuthModule.class */
public class DirectoryAuthModule implements AuthModule {
    @Override // org.yamcs.security.AuthModule
    public Spec getSpec() {
        return new Spec();
    }

    @Override // org.yamcs.security.AuthModule
    public void init(YConfiguration yConfiguration) throws InitException {
        throw new UnsupportedOperationException(getClass() + " is a built-in. Remove it from etc/security.yaml");
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        Directory directory = YamcsServer.getServer().getSecurityStore().getDirectory();
        if (authenticationToken instanceof UsernamePasswordToken) {
            String principal = ((UsernamePasswordToken) authenticationToken).getPrincipal();
            User user = directory.getUser(principal);
            if (user == null || user.isExternallyManaged() || user.getHash() == null) {
                return null;
            }
            if (directory.validateUserPassword(principal, ((UsernamePasswordToken) authenticationToken).getPassword())) {
                return new AuthenticationInfo(this, user.getName());
            }
            throw new AuthenticationException("Password does not match");
        }
        if (!(authenticationToken instanceof ApplicationCredentials)) {
            return null;
        }
        String applicationId = ((ApplicationCredentials) authenticationToken).getApplicationId();
        String applicationSecret = ((ApplicationCredentials) authenticationToken).getApplicationSecret();
        String become = ((ApplicationCredentials) authenticationToken).getBecome();
        Account accountForApplication = directory.getAccountForApplication(applicationId);
        if (accountForApplication == null) {
            return null;
        }
        if (!directory.validateApplicationPassword(applicationId, applicationSecret.toCharArray())) {
            throw new AuthenticationException("Secret does not match");
        }
        if (become == null) {
            return new AuthenticationInfo(this, accountForApplication.getName());
        }
        if (directory.getAccount(become) != null) {
            return new AuthenticationInfo(this, become);
        }
        throw new AuthenticationException("Unknown account " + become);
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException {
        return new AuthorizationInfo();
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        return true;
    }
}
