package org.yamcs.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.YConfiguration;
import org.yamcs.commanding.PreparedCommand;
import org.yamcs.utils.YObjectLoader;

/* loaded from: input_file:org/yamcs/security/SingleUserAuthModule.class */
public class SingleUserAuthModule implements AuthModule {
    private AuthenticationInfo authenticationInfo;
    private AuthorizationInfo authorizationInfo;
    private PasswordHasher passwordHasher;
    private String expectedHash;

    @Override // org.yamcs.security.AuthModule
    public Spec getSpec() {
        Spec spec = new Spec();
        spec.addOption(PreparedCommand.CNAME_USERNAME, Spec.OptionType.STRING).withRequired(true);
        spec.addOption("password", Spec.OptionType.STRING).withRequired(true).withSecret(true);
        spec.addOption("name", Spec.OptionType.STRING);
        spec.addOption("email", Spec.OptionType.STRING);
        spec.addOption("superuser", Spec.OptionType.BOOLEAN);
        spec.addOption("privileges", Spec.OptionType.ANY);
        spec.addOption("hasher", Spec.OptionType.STRING);
        return spec;
    }

    @Override // org.yamcs.security.AuthModule
    public void init(YConfiguration yConfiguration) throws InitException {
        String string = yConfiguration.getString(PreparedCommand.CNAME_USERNAME);
        this.authenticationInfo = new AuthenticationInfo(this, string);
        this.expectedHash = yConfiguration.getString("password");
        this.authenticationInfo.setDisplayName(yConfiguration.getString("name", string));
        this.authenticationInfo.setEmail(yConfiguration.getString("email", (String) null));
        this.authorizationInfo = new AuthorizationInfo();
        if (yConfiguration.getBoolean("superuser")) {
            this.authorizationInfo.grantSuperuser();
        }
        if (yConfiguration.containsKey("privileges")) {
            YConfiguration config = yConfiguration.getConfig("privileges");
            for (String str : config.getKeys()) {
                List list = config.getList(str);
                if (str.equals("System")) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        this.authorizationInfo.addSystemPrivilege(new SystemPrivilege((String) it.next()));
                    }
                } else {
                    ObjectPrivilegeType objectPrivilegeType = new ObjectPrivilegeType(str);
                    Iterator it2 = list.iterator();
                    while (it2.hasNext()) {
                        this.authorizationInfo.addObjectPrivilege(new ObjectPrivilege(objectPrivilegeType, (String) it2.next()));
                    }
                }
            }
        }
        if (yConfiguration.containsKey("hasher")) {
            try {
                this.passwordHasher = (PasswordHasher) YObjectLoader.loadObject(yConfiguration.getString("hasher"), new Object[0]);
            } catch (IOException e) {
                throw new InitException("Could not load configured hasher", e);
            }
        }
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        String principal = ((UsernamePasswordToken) authenticationToken).getPrincipal();
        char[] password = ((UsernamePasswordToken) authenticationToken).getPassword();
        if (!principal.equals(this.authenticationInfo.getUsername())) {
            return null;
        }
        if (this.passwordHasher != null) {
            if (!this.passwordHasher.validatePassword(password, this.expectedHash)) {
                throw new AuthenticationException("Password does not match");
            }
        } else if (!Arrays.equals(this.expectedHash.toCharArray(), password)) {
            throw new AuthenticationException("Password does not match");
        }
        return this.authenticationInfo;
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException {
        return authenticationInfo.getUsername().equals(this.authenticationInfo.getUsername()) ? this.authorizationInfo : new AuthorizationInfo();
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        return this.authenticationInfo.equals(authenticationInfo);
    }
}
