package org.apache.geronimo.security.login;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownServiceException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Properties;
import java.util.Set;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.crypto.EncryptionManager;
import org.apache.geronimo.crypto.encoders.Base64;
import org.apache.geronimo.crypto.encoders.HexTranslator;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.SingleElementCollection;
import org.apache.geronimo.security.SecurityNames;
import org.apache.geronimo.security.jaas.LoginModuleSettings;
import org.apache.geronimo.security.realm.providers.FileAuditLoginModule;
import org.apache.geronimo.system.serverinfo.ServerInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/geronimo/security/login/PropertiesLoginModuleManager.class */
public class PropertiesLoginModuleManager implements GBeanLifecycle {
    private static final Logger log = LoggerFactory.getLogger(PropertiesLoginModuleManager.class);
    private ServerInfo serverInfo;
    private SingleElementCollection<LoginModuleSettings> loginModule;
    private Properties users = new Properties();
    private Properties groups = new Properties();
    private static final String usersKey = "usersURI";
    private static final String groupsKey = "groupsURI";
    private static final String digestKey = "digest";
    private static final String encodingKey = "encoding";
    public static final GBeanInfo GBEAN_INFO;

    public PropertiesLoginModuleManager(ServerInfo serverInfo, Collection<LoginModuleSettings> collection) {
        this.serverInfo = serverInfo;
        this.loginModule = new SingleElementCollection<>(collection);
    }

    public boolean isAvailable() {
        return this.loginModule.getElement() != null;
    }

    private void refreshUsers() throws GeronimoSecurityException {
        this.users.clear();
        InputStream inputStream = null;
        try {
            try {
                inputStream = this.serverInfo.resolveServer(getUsersURI()).toURL().openStream();
                this.users.load(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                throw new GeronimoSecurityException(e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private void refreshGroups() throws GeronimoSecurityException {
        this.groups.clear();
        InputStream inputStream = null;
        try {
            try {
                inputStream = this.serverInfo.resolveServer(getGroupsURI()).toURL().openStream();
                this.groups.load(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                throw new GeronimoSecurityException(e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private void clearAll() {
        this.users.clear();
        this.groups.clear();
    }

    public void refreshAll() throws GeronimoSecurityException {
        refreshGroups();
        refreshUsers();
    }

    public String[] getUsers() throws GeronimoSecurityException {
        refreshUsers();
        return (String[]) this.users.keySet().toArray(new String[0]);
    }

    public String[] getGroups() throws GeronimoSecurityException {
        refreshGroups();
        return (String[]) this.groups.keySet().toArray(new String[0]);
    }

    public void addUserPrincipal(Hashtable<String, String> hashtable) throws GeronimoSecurityException {
        refreshUsers();
        String str = hashtable.get("UserName");
        if (this.users.getProperty(str) != null) {
            log.warn("addUserPrincipal() UserName=" + str + " already exists.");
            throw new GeronimoSecurityException("User principal=" + str + " already exists.");
        }
        try {
            String str2 = hashtable.get("Password");
            if (str2 != null) {
                String digest = getDigest();
                if (digest != null && !digest.equals("")) {
                    str2 = digestPassword(str2, digest, getEncoding());
                }
                str2 = EncryptionManager.encrypt(str2);
            }
            this.users.setProperty(str, str2);
            store(this.users, this.serverInfo.resolveServer(getUsersURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot add user principal: " + e.getMessage(), e);
        }
    }

    public void removeUserPrincipal(String str) throws GeronimoSecurityException {
        refreshUsers();
        try {
            this.users.remove(str);
            store(this.users, this.serverInfo.resolveServer(getUsersURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot remove user principal " + str + ": " + e.getMessage(), e);
        }
    }

    public void updateUserPrincipal(Hashtable<String, String> hashtable) throws GeronimoSecurityException {
        refreshUsers();
        String str = hashtable.get("UserName");
        if (this.users.getProperty(str) == null) {
            log.warn("updateUserPrincipal() UserName=" + str + " does not exist.");
            throw new GeronimoSecurityException("User principal=" + str + " does not exist.");
        }
        try {
            String str2 = hashtable.get("Password");
            if (str2 != null) {
                String digest = getDigest();
                if (digest != null && !digest.equals("")) {
                    str2 = digestPassword(str2, digest, getEncoding());
                }
                str2 = EncryptionManager.encrypt(str2);
            }
            this.users.setProperty(str, str2);
            store(this.users, this.serverInfo.resolveServer(getUsersURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot update user principal: " + e.getMessage(), e);
        }
    }

    public void addGroupPrincipal(Hashtable<String, String> hashtable) throws GeronimoSecurityException {
        refreshGroups();
        String str = hashtable.get("GroupName");
        if (this.groups.getProperty(str) != null) {
            log.warn("addGroupPrincipal() GroupName=" + str + " already exists.");
            throw new GeronimoSecurityException("Group principal=" + str + " already exists.");
        }
        try {
            this.groups.setProperty(str, hashtable.get("Members"));
            store(this.groups, this.serverInfo.resolveServer(getGroupsURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot add group principal: " + e.getMessage(), e);
        }
    }

    public void removeGroupPrincipal(String str) throws GeronimoSecurityException {
        refreshGroups();
        try {
            this.groups.remove(str);
            store(this.groups, this.serverInfo.resolveServer(getGroupsURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot remove group principal: " + e.getMessage(), e);
        }
    }

    public void updateGroupPrincipal(Hashtable<String, String> hashtable) throws GeronimoSecurityException {
        refreshGroups();
        String str = hashtable.get("GroupName");
        if (this.groups.getProperty(str) == null) {
            log.warn("updateGroupPrincipal() GroupName=" + str + " does not exist.");
            throw new GeronimoSecurityException("Group principal=" + str + " does not exist.");
        }
        try {
            this.groups.setProperty(str, hashtable.get("Members"));
            store(this.groups, this.serverInfo.resolveServer(getGroupsURI()).toURL());
        } catch (Exception e) {
            throw new GeronimoSecurityException("Cannot update group principal: " + e.getMessage(), e);
        }
    }

    public void addToGroup(String str, String str2) throws GeronimoSecurityException {
        throw new GeronimoSecurityException("Not implemented for properties file security realm...");
    }

    public void removeFromGroup(String str, String str2) throws GeronimoSecurityException {
        throw new GeronimoSecurityException("Not implemented for properties file security realm...");
    }

    public String getPassword(String str) throws GeronimoSecurityException {
        refreshUsers();
        if (this.users.getProperty(str) == null) {
            log.warn("getPassword() User=" + str + " does not exist.");
            throw new GeronimoSecurityException("User principal=" + str + " does not exist.");
        }
        String property = this.users.getProperty(str);
        if (property != null) {
            property = (String) EncryptionManager.decrypt(property);
        }
        return property;
    }

    public Set<String> getGroupMembers(String str) throws GeronimoSecurityException {
        HashSet hashSet = new HashSet();
        if (str == null || str.equals("")) {
            return hashSet;
        }
        refreshGroups();
        if (this.groups.getProperty(str) == null) {
            log.warn("getGroupMembers() Group=" + str + " does not exist.");
            return hashSet;
        }
        hashSet.addAll(Arrays.asList(this.groups.getProperty(str).split(",")));
        return hashSet;
    }

    private String getUsersURI() {
        return (String) ((LoginModuleSettings) this.loginModule.getElement()).getOptions().get("usersURI");
    }

    private String getGroupsURI() {
        return (String) ((LoginModuleSettings) this.loginModule.getElement()).getOptions().get("groupsURI");
    }

    private String getDigest() {
        return (String) ((LoginModuleSettings) this.loginModule.getElement()).getOptions().get("digest");
    }

    private String getEncoding() {
        return (String) ((LoginModuleSettings) this.loginModule.getElement()).getOptions().get("encoding");
    }

    private void encryptAllPasswords() throws GeronimoSecurityException {
        log.debug("Checking passwords to see if any need encrypting");
        refreshAll();
        try {
            boolean z = false;
            Enumeration keys = this.users.keys();
            while (keys.hasMoreElements()) {
                String str = (String) keys.nextElement();
                String property = this.users.getProperty(str);
                if (property != null) {
                    String encrypt = EncryptionManager.encrypt(property);
                    if (!property.equals(encrypt)) {
                        this.users.setProperty(str, encrypt);
                        z = true;
                    }
                }
            }
            if (z) {
                log.debug("Found password(s) that needed encrypting");
                store(this.users, this.serverInfo.resolveServer(getUsersURI()).toURL());
            }
        } catch (Exception e) {
            log.error("encryptAllPasswords failed", e);
            throw new GeronimoSecurityException(e);
        }
    }

    private void store(Properties properties, URL url) throws Exception {
        OutputStream outputStream = null;
        log.debug("Updating properties file=" + url.toExternalForm());
        try {
            try {
                URLConnection openConnection = url.openConnection();
                openConnection.setDoOutput(true);
                outputStream = openConnection.getOutputStream();
            } catch (Exception e) {
                if (!FileAuditLoginModule.LOG_FILE_OPTION.equalsIgnoreCase(url.getProtocol()) || !(e instanceof UnknownServiceException)) {
                    throw e;
                }
                outputStream = new FileOutputStream(new File(url.getFile()));
            }
            properties.store(outputStream, (String) null);
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (IOException e2) {
                }
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private String digestPassword(String str, String str2, String str3) throws NoSuchAlgorithmException {
        byte[] digest = MessageDigest.getInstance(str2).digest(str.getBytes());
        if (str3 != null && !"hex".equalsIgnoreCase(str3)) {
            return "base64".equalsIgnoreCase(str3) ? new String(Base64.encode(digest)) : "";
        }
        byte[] bArr = new byte[digest.length * 2];
        new HexTranslator().encode(digest, 0, digest.length, bArr, 0);
        return new String(bArr);
    }

    public void doFail() {
        log.warn("Failed");
    }

    public void doStart() throws Exception {
        log.debug("Starting gbean");
        if (!isAvailable()) {
            log.warn("Could not find the default properties-login login module");
        } else {
            encryptAllPasswords();
            log.debug("Started gbean");
        }
    }

    public void doStop() throws Exception {
        log.debug("Stopping gbean");
        clearAll();
        log.debug("Stopped gbean");
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static {
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic("PropertiesLoginModuleManager", PropertiesLoginModuleManager.class);
        createStatic.addOperation("addUserPrincipal", new Class[]{Hashtable.class}, Void.TYPE.getName());
        createStatic.addOperation("removeUserPrincipal", new Class[]{String.class}, Void.TYPE.getName());
        createStatic.addOperation("updateUserPrincipal", new Class[]{Hashtable.class}, Void.TYPE.getName());
        createStatic.addOperation("getGroups", String[].class.getName());
        createStatic.addOperation("getUsers", String[].class.getName());
        createStatic.addOperation("refreshAll", Void.TYPE.getName());
        createStatic.addOperation("updateUserPrincipal", new Class[]{Hashtable.class}, Void.TYPE.getName());
        createStatic.addOperation("getPassword", new Class[]{String.class}, Void.TYPE.getName());
        createStatic.addOperation("getGroupMembers", new Class[]{String.class}, Void.TYPE.getName());
        createStatic.addOperation("addGroupPrincipal", new Class[]{Hashtable.class}, Void.TYPE.getName());
        createStatic.addOperation("removeGroupPrincipal", new Class[]{String.class}, Void.TYPE.getName());
        createStatic.addOperation("updateGroupPrincipal", new Class[]{Hashtable.class}, Void.TYPE.getName());
        createStatic.addOperation("addToGroup", new Class[]{String.class, String.class}, Void.TYPE.getName());
        createStatic.addOperation("removeFromGroup", new Class[]{String.class, String.class}, Void.TYPE.getName());
        createStatic.addOperation("isAvailable", Boolean.TYPE.getName());
        createStatic.addReference("ServerInfo", ServerInfo.class, "GBean");
        createStatic.addReference(SecurityNames.LOGIN_MODULE, LoginModuleSettings.class, SecurityNames.LOGIN_MODULE);
        createStatic.setConstructor(new String[]{"ServerInfo", SecurityNames.LOGIN_MODULE});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
