package org.apache.qpid.server.security.auth.manager;

import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.login.AccountNotFoundException;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.SystemConfig;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.util.FileHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.class */
public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>> extends AbstractAuthenticationManager<T> implements ExternalFileBasedAuthenticationManager<T> {
    private static final Logger LOGGER = LoggerFactory.getLogger(PrincipalDatabaseAuthenticationManager.class);
    private final Map<Principal, PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> _userMap;
    private PrincipalDatabase _principalDatabase;

    @ManagedAttributeField
    private String _path;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager$PrincipalAdapter.class */
    public class PrincipalAdapter extends AbstractConfiguredObject<PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> implements User<PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> {
        private final Principal _user;

        @ManagedAttributeField
        private String _password;

        public PrincipalAdapter(Principal principal) {
            super(PrincipalDatabaseAuthenticationManager.this, PrincipalDatabaseAuthenticationManager.createPrincipalAttributes(PrincipalDatabaseAuthenticationManager.this, principal));
            this._user = principal;
        }

        @Override // org.apache.qpid.server.model.AbstractConfiguredObject
        public void onValidate() {
            super.onValidate();
            if (!isDurable()) {
                throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
            }
        }

        @Override // org.apache.qpid.server.model.User
        public String getPassword() {
            return this._password;
        }

        @Override // org.apache.qpid.server.model.User
        public void setPassword(String str) {
            setAttributes(Collections.singletonMap("password", str));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.qpid.server.model.AbstractConfiguredObject
        public void changeAttributes(Map<String, Object> map) {
            if (map.containsKey("password")) {
                try {
                    if (!PrincipalDatabaseAuthenticationManager.this.getPrincipalDatabase().updatePassword(this._user, ((String) map.get("password")).toCharArray())) {
                        throw new IllegalStateException(String.format("Failed to user password for user : '%s'", getName()));
                    }
                } catch (AccountNotFoundException e) {
                    throw new IllegalStateException((Throwable) e);
                }
            }
            super.changeAttributes(map);
        }

        @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
        private ListenableFuture<Void> activate() {
            setState(State.ACTIVE);
            return Futures.immediateFuture((Object) null);
        }

        @StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED)
        private ListenableFuture<Void> doDelete() {
            try {
                PrincipalDatabaseAuthenticationManager.this.deleteUserFromDatabase(this._user.getName());
            } catch (AccountNotFoundException e) {
            }
            deleted();
            setState(State.DELETED);
            return Futures.immediateFuture((Object) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrincipalDatabaseAuthenticationManager(Map<String, Object> map, Container<?> container) {
        super(map, container);
        this._userMap = new ConcurrentHashMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateOnCreate() {
        super.validateOnCreate();
        File file = new File(this._path);
        if (file.exists() && !file.canRead()) {
            throw new IllegalConfigurationException(String.format("Cannot read password file '%s'. Please check permissions.", this._path));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onCreate() {
        super.onCreate();
        File file = new File(this._path);
        if (file.exists()) {
            return;
        }
        try {
            if (Files.exists(new FileHelper().createNewFile(file, (String) getContextValue(String.class, SystemConfig.POSIX_FILE_PERMISSIONS)), new LinkOption[0])) {
            } else {
                throw new IllegalConfigurationException(String.format("Cannot create password file at '%s'", this._path));
            }
        } catch (IOException e) {
            throw new IllegalConfigurationException(String.format("Cannot create password file at '%s'", this._path), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onOpen() {
        super.onOpen();
        initialise();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void postResolve() {
        super.postResolve();
        this._principalDatabase = createDatabase();
    }

    protected abstract PrincipalDatabase createDatabase();

    @Override // org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager
    public String getPath() {
        return this._path;
    }

    public void initialise() {
        try {
            this._principalDatabase.open(new File(this._path));
        } catch (FileNotFoundException e) {
            throw new IllegalConfigurationException("Exception opening password database: " + e.getMessage(), e);
        } catch (IOException e2) {
            throw new IllegalConfigurationException("Cannot use password database at :" + this._path, e2);
        }
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return this._principalDatabase.getMechanisms();
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslNegotiator createSaslNegotiator(String str, SaslSettings saslSettings, NamedAddressSpace namedAddressSpace) {
        return this._principalDatabase.createSaslNegotiator(str, saslSettings);
    }

    @Override // org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        try {
            return this._principalDatabase.verifyPassword(str, str2.toCharArray()) ? new AuthenticationResult(new UsernamePrincipal(str, this)) : new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
        } catch (AccountNotFoundException e) {
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
        }
    }

    public PrincipalDatabase getPrincipalDatabase() {
        return this._principalDatabase;
    }

    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager
    @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
    public ListenableFuture<Void> activate() {
        final SettableFuture create = SettableFuture.create();
        final List<Principal> emptyList = this._principalDatabase == null ? Collections.emptyList() : this._principalDatabase.getUsers();
        this._userMap.clear();
        if (emptyList.isEmpty()) {
            setState(State.ACTIVE);
            return Futures.immediateFuture((Object) null);
        }
        for (final Principal principal : emptyList) {
            final PrincipalAdapter principalAdapter = new PrincipalAdapter(principal);
            principalAdapter.registerWithParents();
            principalAdapter.openAsync().addListener(new Runnable() { // from class: org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.1
                @Override // java.lang.Runnable
                public void run() {
                    PrincipalDatabaseAuthenticationManager.this._userMap.put(principal, principalAdapter);
                    if (PrincipalDatabaseAuthenticationManager.this._userMap.size() == emptyList.size()) {
                        PrincipalDatabaseAuthenticationManager.this.setState(State.ACTIVE);
                        create.set((Object) null);
                    }
                }
            }, getTaskExecutor());
        }
        return create;
    }

    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager
    @StateTransition(currentState = {State.ACTIVE, State.QUIESCED, State.ERRORED, State.UNINITIALIZED}, desiredState = State.DELETED)
    public ListenableFuture<Void> doDelete() {
        File file = new File(this._path);
        if (file.exists() && file.isFile()) {
            file.delete();
        }
        deleted();
        setState(State.DELETED);
        return Futures.immediateFuture((Object) null);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public boolean createUser(String str, String str2, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", str);
        hashMap.put("password", str2);
        return ((User) createChild(User.class, hashMap)) != null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteUserFromDatabase(String str) throws AccountNotFoundException {
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal(str, this);
        getPrincipalDatabase().deletePrincipal(usernamePrincipal);
        this._userMap.remove(usernamePrincipal);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void deleteUser(String str) throws AccountNotFoundException {
        PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = this._userMap.get(new UsernamePrincipal(str, this));
        if (principalAdapter == null) {
            throw new AccountNotFoundException("No such user: '" + str + "'");
        }
        principalAdapter.delete();
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void setPassword(String str, String str2) throws AccountNotFoundException {
        PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = this._userMap.get(new UsernamePrincipal(str, this));
        if (principalAdapter != null) {
            principalAdapter.setPassword(str2);
        }
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public Map<String, Map<String, String>> getUsers() {
        HashMap hashMap = new HashMap();
        Iterator<Principal> it = getPrincipalDatabase().getUsers().iterator();
        while (it.hasNext()) {
            hashMap.put(it.next().getName(), Collections.emptyMap());
        }
        return hashMap;
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void reload() throws IOException {
        getPrincipalDatabase().reload();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public <C extends ConfiguredObject> ListenableFuture<C> addChildAsync(Class<C> cls, Map<String, Object> map) {
        if (cls != User.class) {
            return super.addChildAsync(cls, map);
        }
        String str = (String) map.get("name");
        String str2 = (String) map.get("password");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal(str, this);
        PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = new PrincipalAdapter(usernamePrincipal);
        principalAdapter.create();
        try {
            if (!getPrincipalDatabase().createPrincipal(usernamePrincipal, str2.toCharArray())) {
                throw new IllegalArgumentException("User '" + str + "' was not added into principal database");
            }
            this._userMap.put(usernamePrincipal, principalAdapter);
            return Futures.immediateFuture(principalAdapter);
        } catch (RuntimeException e) {
            principalAdapter.deleteAsync();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        ExternalFileBasedAuthenticationManager externalFileBasedAuthenticationManager = (ExternalFileBasedAuthenticationManager) configuredObject;
        if (set.contains("name") && !getName().equals(externalFileBasedAuthenticationManager.getName())) {
            throw new IllegalConfigurationException("Changing the name of authentication provider is not supported");
        }
        if (set.contains("type") && !getType().equals(externalFileBasedAuthenticationManager.getType())) {
            throw new IllegalConfigurationException("Changing the type of authentication provider is not supported");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void changeAttributes(Map<String, Object> map) {
        super.changeAttributes(map);
        if (getState() == State.DELETED || getDesiredState() == State.DELETED) {
            return;
        }
        try {
            initialise();
            setState(State.ACTIVE);
        } catch (RuntimeException e) {
            if (getState() != State.ERRORED) {
                throw e;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, Object> createPrincipalAttributes(PrincipalDatabaseAuthenticationManager principalDatabaseAuthenticationManager, Principal principal) {
        HashMap hashMap = new HashMap();
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("name", principal.getName());
        return hashMap;
    }
}
