package org.apache.qpid.server.security.auth.manager;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.PreferencesProvider;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.class */
public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>> extends AbstractAuthenticationManager<T> implements ExternalFileBasedAuthenticationManager<T> {
    private static final Logger LOGGER = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class);
    private final Map<Principal, PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> _userMap;
    private PrincipalDatabase _principalDatabase;

    @ManagedAttributeField
    private String _path;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager$PrincipalAdapter.class */
    public class PrincipalAdapter extends AbstractConfiguredObject<PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> implements User<PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter> {
        private final Principal _user;
        private State _state;

        @ManagedAttributeField
        private String _password;

        public PrincipalAdapter(Principal principal) {
            super(parentsMap(PrincipalDatabaseAuthenticationManager.this), PrincipalDatabaseAuthenticationManager.createPrincipalAttributes(PrincipalDatabaseAuthenticationManager.this, principal));
            this._state = State.UNINITIALIZED;
            this._user = principal;
        }

        @Override // org.apache.qpid.server.model.AbstractConfiguredObject
        public void onValidate() {
            super.onValidate();
            if (!isDurable()) {
                throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.qpid.server.model.AbstractConfiguredObject
        public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
            super.validateChange(configuredObject, set);
            if (set.contains(ConfiguredObject.DURABLE) && !configuredObject.isDurable()) {
                throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
            }
        }

        @Override // org.apache.qpid.server.model.User
        public String getPassword() {
            return this._password;
        }

        @Override // org.apache.qpid.server.model.User
        public void setPassword(String str) {
            try {
                PrincipalDatabaseAuthenticationManager.this.setPassword(this._user.getName(), str);
            } catch (AccountNotFoundException e) {
                throw new IllegalStateException((Throwable) e);
            }
        }

        @Override // org.apache.qpid.server.model.ConfiguredObject
        public State getState() {
            return this._state;
        }

        @Override // org.apache.qpid.server.model.AbstractConfiguredObject
        public boolean changeAttribute(String str, Object obj, Object obj2) throws IllegalStateException, AccessControlException, IllegalArgumentException {
            if (!str.equals("password")) {
                return super.changeAttribute(str, obj, obj2);
            }
            setPassword((String) obj2);
            return true;
        }

        @StateTransition(currentState = {State.UNINITIALIZED}, desiredState = State.ACTIVE)
        private void activate() {
            this._state = State.ACTIVE;
        }

        @StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED)
        private void doDelete() {
            try {
                String name = this._user.getName();
                PrincipalDatabaseAuthenticationManager.this.deleteUserFromDatabase(name);
                PreferencesProvider preferencesProvider = getPreferencesProvider();
                if (preferencesProvider != null) {
                    preferencesProvider.deletePreferences(name);
                }
                deleted();
                this._state = State.DELETED;
            } catch (AccountNotFoundException e) {
                PrincipalDatabaseAuthenticationManager.LOGGER.warn("Failed to delete user " + this._user, e);
            }
        }

        @Override // org.apache.qpid.server.model.User
        public Map<String, Object> getPreferences() {
            PreferencesProvider preferencesProvider = getPreferencesProvider();
            if (preferencesProvider == null) {
                return null;
            }
            return preferencesProvider.getPreferences(getName());
        }

        @Override // org.apache.qpid.server.model.User
        public Object getPreference(String str) {
            Map<String, Object> preferences = getPreferences();
            if (preferences == null) {
                return null;
            }
            return preferences.get(str);
        }

        @Override // org.apache.qpid.server.model.User
        public Map<String, Object> setPreferences(Map<String, Object> map) {
            PreferencesProvider preferencesProvider = getPreferencesProvider();
            if (preferencesProvider == null) {
                return null;
            }
            return preferencesProvider.setPreferences(getName(), map);
        }

        @Override // org.apache.qpid.server.model.User
        public boolean deletePreferences() {
            PreferencesProvider preferencesProvider = getPreferencesProvider();
            return preferencesProvider != null && preferencesProvider.deletePreferences(getName()).length == 1;
        }

        private PreferencesProvider getPreferencesProvider() {
            return PrincipalDatabaseAuthenticationManager.this.getPreferencesProvider();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrincipalDatabaseAuthenticationManager(Map<String, Object> map, Broker broker) {
        super(map, broker);
        this._userMap = new ConcurrentHashMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onCreate() {
        super.onCreate();
        try {
            File file = new File(this._path);
            if (!file.exists()) {
                file.createNewFile();
            } else if (!file.canRead()) {
                throw new IllegalConfigurationException("Cannot read password file" + this._path + ". Check permissions.");
            }
        } catch (IOException e) {
            throw new IllegalConfigurationException("Cannot use password database at :" + this._path, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager, org.apache.qpid.server.model.AbstractConfiguredObject
    public void onOpen() {
        super.onOpen();
        this._principalDatabase = createDatabase();
        try {
            initialise();
            for (Principal principal : this._principalDatabase == null ? Collections.emptyList() : this._principalDatabase.getUsers()) {
                PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = new PrincipalAdapter(principal);
                principalAdapter.registerWithParents();
                principalAdapter.open();
                this._userMap.put(principal, principalAdapter);
            }
        } catch (IllegalConfigurationException e) {
            updateState(getState(), State.ERRORED);
        }
    }

    protected abstract PrincipalDatabase createDatabase();

    @Override // org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager
    public String getPath() {
        return this._path;
    }

    public void initialise() {
        try {
            this._principalDatabase.open(new File(this._path));
        } catch (FileNotFoundException e) {
            throw new IllegalConfigurationException("Exception opening password database: " + e.getMessage(), e);
        } catch (IOException e2) {
            throw new IllegalConfigurationException("Cannot use password database at :" + this._path, e2);
        }
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return this._principalDatabase.getMechanisms();
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        return this._principalDatabase.createSaslServer(str, str2, principal);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
            }
        }
        return saslServer.isComplete() ? new AuthenticationResult(new UsernamePrincipal(saslServer.getAuthorizationID())) : new AuthenticationResult(saslServer.evaluateResponse(bArr2), AuthenticationResult.AuthenticationStatus.CONTINUE);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        try {
            return this._principalDatabase.verifyPassword(str, str2.toCharArray()) ? new AuthenticationResult(new UsernamePrincipal(str)) : new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE);
        } catch (AccountNotFoundException e) {
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
    }

    public PrincipalDatabase getPrincipalDatabase() {
        return this._principalDatabase;
    }

    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager
    @StateTransition(currentState = {State.ACTIVE, State.QUIESCED, State.ERRORED}, desiredState = State.DELETED)
    public void doDelete() {
        File file = new File(this._path);
        if (file.exists() && file.isFile()) {
            file.delete();
        }
        deleted();
        setState(State.DELETED);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public boolean createUser(String str, String str2, Map<String, String> map) {
        getSecurityManager().authoriseUserOperation(Operation.CREATE, str);
        boolean createPrincipal = getPrincipalDatabase().createPrincipal(new UsernamePrincipal(str), str2.toCharArray());
        if (createPrincipal) {
            Principal user = getPrincipalDatabase().getUser(str);
            PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = new PrincipalAdapter(user);
            principalAdapter.create();
            this._userMap.put(user, principalAdapter);
        }
        return createPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteUserFromDatabase(String str) throws AccountNotFoundException {
        getSecurityManager().authoriseUserOperation(Operation.DELETE, str);
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal(str);
        getPrincipalDatabase().deletePrincipal(usernamePrincipal);
        this._userMap.remove(usernamePrincipal);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void deleteUser(String str) throws AccountNotFoundException {
        PrincipalDatabaseAuthenticationManager<T>.PrincipalAdapter principalAdapter = this._userMap.get(new UsernamePrincipal(str));
        if (principalAdapter != null) {
            principalAdapter.delete();
        } else {
            deleteUserFromDatabase(str);
        }
    }

    private SecurityManager getSecurityManager() {
        return getBroker().getSecurityManager();
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void setPassword(String str, String str2) throws AccountNotFoundException {
        getSecurityManager().authoriseUserOperation(Operation.UPDATE, str);
        getPrincipalDatabase().updatePassword(new UsernamePrincipal(str), str2.toCharArray());
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public Map<String, Map<String, String>> getUsers() {
        HashMap hashMap = new HashMap();
        Iterator<Principal> it = getPrincipalDatabase().getUsers().iterator();
        while (it.hasNext()) {
            hashMap.put(it.next().getName(), Collections.emptyMap());
        }
        return hashMap;
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void reload() throws IOException {
        getPrincipalDatabase().reload();
    }

    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager, org.apache.qpid.server.model.AbstractConfiguredObject
    public <C extends ConfiguredObject> C addChild(Class<C> cls, Map<String, Object> map, ConfiguredObject... configuredObjectArr) {
        if (cls != User.class) {
            return (C) super.addChild(cls, map, configuredObjectArr);
        }
        String str = (String) map.get(ConfiguredObject.NAME);
        String str2 = (String) map.get("password");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal(str);
        if (createUser(str, str2, null)) {
            return this._userMap.get(usernamePrincipal);
        }
        LOGGER.info("Failed to create user " + str + ". User already exists?");
        return null;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject, org.apache.qpid.server.model.ConfiguredObject
    public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> cls) {
        return super.getChildren(cls);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void childAdded(ConfiguredObject configuredObject) {
        if (configuredObject instanceof User) {
            return;
        }
        super.childAdded(configuredObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void childRemoved(ConfiguredObject configuredObject) {
        if (configuredObject instanceof User) {
            return;
        }
        super.childRemoved(configuredObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager, org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        ExternalFileBasedAuthenticationManager externalFileBasedAuthenticationManager = (ExternalFileBasedAuthenticationManager) configuredObject;
        if (set.contains(ConfiguredObject.NAME) && !getName().equals(externalFileBasedAuthenticationManager.getName())) {
            throw new IllegalConfigurationException("Changing the name of authentication provider is not supported");
        }
        if (set.contains(ConfiguredObject.TYPE) && !getType().equals(externalFileBasedAuthenticationManager.getType())) {
            throw new IllegalConfigurationException("Changing the type of authentication provider is not supported");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void changeAttributes(Map<String, Object> map) {
        super.changeAttributes(map);
        if (getState() == State.DELETED || getDesiredState() == State.DELETED) {
            return;
        }
        try {
            initialise();
            updateState(State.ERRORED, State.ACTIVE);
        } catch (RuntimeException e) {
            if (getState() != State.ERRORED) {
                throw e;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, Object> createPrincipalAttributes(PrincipalDatabaseAuthenticationManager principalDatabaseAuthenticationManager, Principal principal) {
        HashMap hashMap = new HashMap();
        hashMap.put(ConfiguredObject.ID, UUID.randomUUID());
        hashMap.put(ConfiguredObject.NAME, principal.getName());
        return hashMap;
    }
}
