package org.neo4j.bolt.security.auth;

import java.io.IOException;
import java.util.Map;
import org.neo4j.bolt.v1.transport.BoltMessagingProtocolV1Handler;
import org.neo4j.bolt.v1.transport.ChunkedOutput;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.api.security.SecurityContext;
import org.neo4j.kernel.api.security.UserManagerSupplier;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;

/* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthentication.class */
public class BasicAuthentication implements Authentication {
    private final AuthManager authManager;
    private final UserManagerSupplier userManagerSupplier;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.bolt.security.auth.BasicAuthentication$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthentication$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult = new int[org.neo4j.kernel.api.security.AuthenticationResult.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult[org.neo4j.kernel.api.security.AuthenticationResult.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult[org.neo4j.kernel.api.security.AuthenticationResult.PASSWORD_CHANGE_REQUIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult[org.neo4j.kernel.api.security.AuthenticationResult.TOO_MANY_ATTEMPTS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public BasicAuthentication(AuthManager authManager, UserManagerSupplier userManagerSupplier) {
        this.authManager = authManager;
        this.userManagerSupplier = userManagerSupplier;
    }

    @Override // org.neo4j.bolt.security.auth.Authentication
    public AuthenticationResult authenticate(Map<String, Object> map) throws AuthenticationException {
        return map.containsKey("new_credentials") ? update(map, false) : doAuthenticate(map);
    }

    private AuthenticationResult doAuthenticate(Map<String, Object> map) throws AuthenticationException {
        try {
            SecurityContext login = this.authManager.login(map);
            switch (AnonymousClass1.$SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult[login.subject().getAuthenticationResult().ordinal()]) {
                case BoltMessagingProtocolV1Handler.VERSION /* 1 */:
                case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                    return new BasicAuthenticationResult(login);
                case 3:
                    throw new AuthenticationException(Status.Security.AuthenticationRateLimit);
                default:
                    throw new AuthenticationException(Status.Security.Unauthorized);
            }
        } catch (InvalidAuthTokenException e) {
            throw new AuthenticationException(e.status(), e.getMessage());
        }
    }

    private AuthenticationResult update(Map<String, Object> map, boolean z) throws AuthenticationException {
        try {
            SecurityContext login = this.authManager.login(map);
            switch (AnonymousClass1.$SwitchMap$org$neo4j$kernel$api$security$AuthenticationResult[login.subject().getAuthenticationResult().ordinal()]) {
                case BoltMessagingProtocolV1Handler.VERSION /* 1 */:
                case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                    String safeCast = AuthToken.safeCast("new_credentials", map);
                    this.userManagerSupplier.getUserManager(login).setUserPassword(AuthToken.safeCast("principal", map), safeCast, z);
                    login.subject().setPasswordChangeNoLongerRequired();
                    return new BasicAuthenticationResult(login);
                default:
                    throw new AuthenticationException(Status.Security.Unauthorized);
            }
        } catch (IOException e) {
            throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
        } catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e2) {
            throw new AuthenticationException(e2.status(), e2.getMessage(), e2);
        }
    }
}
