package io.streamthoughts.azkarra.http.security.jaas.spi;

import io.streamthoughts.azkarra.http.security.auth.BasicRolePrincipal;
import io.streamthoughts.azkarra.http.security.auth.BasicUserPrincipal;
import io.streamthoughts.azkarra.http.security.auth.PasswordCredentials;
import io.streamthoughts.azkarra.http.security.auth.PropertiesFileUsersIdentityManager;
import io.streamthoughts.azkarra.http.security.auth.UserDetails;
import io.streamthoughts.azkarra.http.security.auth.UsernamePasswordAuthentication;
import java.time.Duration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/jaas/spi/PropertiesFileLoginModule.class */
public class PropertiesFileLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger(PropertiesFileLoginModule.class);
    private static final Map<String, PropertiesFileUsersIdentityManager> USERS_MANAGERS = new HashMap();
    private static final String DEFAULT_FILE_NAME = "server.password";
    private static final String FILE_OPTION = "file";
    private static final String RELOAD_INTERVAL_OPTION = "reloadInterval";
    private static final String RELOAD_OPTION = "reload";
    private static final String DEBUG_OPTION = "debug";
    private Subject subject;
    private CallbackHandler callbackHandler;
    private String file;
    private Duration refreshInterval;
    private boolean reload;
    private JAASUserDetails current;
    private UsernamePasswordAuthentication authentication;
    private boolean debug = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/streamthoughts/azkarra/http/security/jaas/spi/PropertiesFileLoginModule$JAASUserDetails.class */
    public static class JAASUserDetails {
        private UserDetails userDetails;
        private List<BasicRolePrincipal> roles;
        private BasicUserPrincipal principal;
        private PasswordCredentials credentials;

        JAASUserDetails(UserDetails userDetails) {
            this.userDetails = userDetails;
        }

        private void associate(Subject subject) {
            this.principal = new BasicUserPrincipal(this.userDetails.name());
            this.roles = (List) this.userDetails.allGrantedAuthorities().stream().map(grantedAuthority -> {
                return new BasicRolePrincipal(grantedAuthority.get());
            }).collect(Collectors.toList());
            this.credentials = this.userDetails.credentials();
            subject.getPrincipals().add(this.principal);
            subject.getPrincipals().addAll(this.roles);
            subject.getPrivateCredentials().add(this.credentials);
        }

        private void disassociate(Subject subject) {
            subject.getPrincipals().remove(this.principal);
            subject.getPrincipals().removeAll(this.roles);
            subject.getPrivateCredentials().remove(this.credentials);
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        parseOptions(map2);
        if (USERS_MANAGERS.containsKey(this.file)) {
            return;
        }
        if (this.debug) {
            LOG.info("Creating a PropertiesFileUsersIdentityManager for: file='" + this.file + "', refreshInterval='" + this.refreshInterval + "'");
        }
        PropertiesFileUsersIdentityManager propertiesFileUsersIdentityManager = new PropertiesFileUsersIdentityManager(this.file, this.debug);
        if (this.reload) {
            propertiesFileUsersIdentityManager.startAutoReload(this.refreshInterval);
        }
        USERS_MANAGERS.put(this.file, propertiesFileUsersIdentityManager);
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("no callback handler");
        }
        try {
            AuthenticationCallback authenticationCallback = new AuthenticationCallback();
            this.callbackHandler.handle(new Callback[]{authenticationCallback});
            this.authentication = (UsernamePasswordAuthentication) authenticationCallback.getAuthentication();
            String name = this.authentication.getPrincipal().getName();
            mayLog("attempting to login user '" + name + "' using properties file '" + this.file + "'");
            UserDetails userDetails = getUserDetails(name);
            if (userDetails != null && userDetails.credentials().verify(this.authentication.getCredentials())) {
                this.current = new JAASUserDetails(userDetails);
                this.authentication.setUserDetails(userDetails);
                this.authentication.setAuthenticated(true);
                this.succeeded = true;
                if (this.debug) {
                    mayLog("user '" + name + "' have been successfully logged in.");
                }
            }
            return this.succeeded;
        } catch (Exception e) {
            throw new LoginException(e.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        this.commitSucceeded = false;
        if (!this.succeeded) {
            if (this.debug) {
                mayLog("did not add any Principals to Subject because own authentication failed.");
            }
            this.current = null;
            this.authentication = null;
        } else {
            if (this.subject.isReadOnly()) {
                this.commitSucceeded = false;
                throw new LoginException("commit Failed: Subject is Readonly");
            }
            this.current.associate(this.subject);
            this.commitSucceeded = true;
        }
        return this.commitSucceeded;
    }

    public boolean abort() throws LoginException {
        mayLog("aborted authentication attempt");
        if (!this.succeeded) {
            return false;
        }
        if (this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.current = null;
        this.authentication = null;
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            throw new LoginException("logout Failed: Subject is Readonly");
        }
        this.current.disassociate(this.subject);
        this.current = null;
        this.succeeded = false;
        this.commitSucceeded = false;
        this.authentication.setAuthenticated(false);
        this.authentication = null;
        mayLog("logged out Subject");
        return true;
    }

    private UserDetails getUserDetails(String str) {
        return USERS_MANAGERS.get(this.file).findUserByName(str);
    }

    private void parseOptions(Map<String, ?> map) {
        this.file = map.containsKey(FILE_OPTION) ? (String) map.get(FILE_OPTION) : DEFAULT_FILE_NAME;
        this.refreshInterval = map.containsKey(RELOAD_INTERVAL_OPTION) ? Duration.ofSeconds(Long.parseLong((String) map.get(RELOAD_INTERVAL_OPTION))) : Duration.ofMinutes(5L);
        this.debug = "true".equalsIgnoreCase((String) map.get(DEBUG_OPTION));
        this.reload = "true".equalsIgnoreCase((String) map.get(RELOAD_OPTION));
    }

    private void mayLog(String str) {
        if (this.debug) {
            LOG.info("[PropertiesFileLoginModule]: " + str);
        }
    }
}
