package com.hazelcast.webmonitor.security.spi.impl;

import com.google.common.collect.ImmutableMap;
import com.hazelcast.webmonitor.controller.exception.InvalidOperationApiException;
import com.hazelcast.webmonitor.controller.exception.NoUserFoundApiException;
import com.hazelcast.webmonitor.model.sql.UserCredentialsModel;
import com.hazelcast.webmonitor.security.UserHasNoRolesException;
import com.hazelcast.webmonitor.security.spi.ReloadableSecurityProvider;
import com.hazelcast.webmonitor.security.spi.SecurityConfigApiException;
import com.hazelcast.webmonitor.security.spi.SecurityConfigParameter;
import com.hazelcast.webmonitor.security.spi.SecurityProvider;
import com.hazelcast.webmonitor.security.spi.UserManagementProvider;
import com.hazelcast.webmonitor.security.spi.impl.builtin.DevModeSecurityProvider;
import com.hazelcast.webmonitor.utils.StringUtil;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/security/spi/impl/AuthenticationManagerImpl.class
 */
/* loaded from: input_file:com/hazelcast/webmonitor/security/spi/impl/AuthenticationManagerImpl.class */
public class AuthenticationManagerImpl implements AuthenticationManager, AutoCloseable {
    private final SecurityConfigurationManager securityConfigurationManager;
    private final List<String> securityProviderList;
    private final Map<String, SecurityProvider> providerPool = new HashMap();
    private final DisableLoginStrategy disableLoginStrategy = new DisableLoginStrategy();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationManagerImpl(SecurityConfigurationManager securityConfigurationManager, List<SecurityProvider> list) {
        this.securityConfigurationManager = securityConfigurationManager;
        list.forEach(securityProvider -> {
            this.providerPool.put(securityProvider.getName(), securityProvider);
        });
        this.securityProviderList = (List) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        if (StringUtil.isNullOrEmptyAfterTrim(name)) {
            throw new BadCredentialsException("No username provided!");
        }
        this.disableLoginStrategy.checkIfDisabled(name);
        try {
            Authentication authenticate = getAuthenticationProvider().authenticate(authentication);
            if (authenticate.isAuthenticated()) {
                if (authenticate.getAuthorities().isEmpty()) {
                    throw new UserHasNoRolesException();
                }
                this.disableLoginStrategy.successfulLogin(name);
            }
            return authenticate;
        } catch (AuthenticationException e) {
            this.disableLoginStrategy.failedLoginAttempt(name);
            throw e;
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.disableLoginStrategy.close();
    }

    public boolean checkPassword(String str, String str2) {
        try {
            getAuthenticationProvider().authenticate(new UsernamePasswordAuthenticationToken(str, str2));
            return true;
        } catch (AuthenticationException e) {
            return false;
        }
    }

    public List<String> getSecurityProviders() {
        return this.securityProviderList;
    }

    public void saveSecurityProviderConfig(Map<String, String[]> map) {
        if (isSecurityProviderConfigured()) {
            throw securityAlreadyConfiguredException();
        }
        updateSecurityProviderConfig(map);
    }

    public void updateSecurityProviderConfig(Map<String, String[]> map) {
        String str = map.get("providerHiddenInput")[0];
        SecurityProvider currentSecurityProvider = getCurrentSecurityProvider();
        if (currentSecurityProvider != null && !DevModeSecurityProvider.NAME.equals(currentSecurityProvider.getName())) {
            throw securityAlreadyConfiguredException();
        }
        SecurityProvider securityProvider = this.providerPool.get(str);
        if (securityProvider == null) {
            throw new SecurityConfigApiException("Unknown security provider " + str + ".");
        }
        securityProvider.saveConfig(extractParameters(securityProvider, map));
        this.securityConfigurationManager.setCurrentSecurityProviderName(str);
    }

    public SecurityConfigApiException securityAlreadyConfiguredException() {
        return new SecurityConfigApiException("Security is already configured!");
    }

    public void activateDevMode() {
        saveSecurityProviderConfig(ImmutableMap.of("providerHiddenInput", new String[]{DevModeSecurityProvider.NAME}));
    }

    public Optional<String> testSecurityProviderConfig(String str, String str2, Map<String, String[]> map) {
        if (!map.containsKey("providerHiddenInput") || map.get("providerHiddenInput").length == 0 || StringUtil.isNullOrEmptyAfterTrim(map.get("providerHiddenInput")[0])) {
            throw new SecurityConfigApiException("Provider needs to be specified for testing security provider config.");
        }
        String str3 = map.get("providerHiddenInput")[0];
        SecurityProvider securityProvider = this.providerPool.get(str3);
        if (securityProvider == null) {
            throw new SecurityConfigApiException(String.format("No security provider found with name %s.", str3));
        }
        return securityProvider.testConfig(str, str2, extractParameters(securityProvider, map));
    }

    private Map<String, String> extractParameters(SecurityProvider securityProvider, Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        for (SecurityConfigParameter securityConfigParameter : securityProvider.getConfigParameters()) {
            String[] strArr = map.get(securityConfigParameter.getName() + "Input");
            if (strArr != null && strArr.length > 0) {
                hashMap.put(securityConfigParameter.getName(), strArr[0]);
            }
        }
        return hashMap;
    }

    public boolean isSecurityProviderConfigured() {
        return !StringUtil.isNullOrEmptyAfterTrim(this.securityConfigurationManager.getCurrentSecurityProviderName());
    }

    public boolean isReloadSecurityConfigSupported() {
        return isSecurityProviderConfigured() && (getCurrentSecurityProvider() instanceof ReloadableSecurityProvider);
    }

    public boolean isReloadSecurityConfigAvailable() {
        return isReloadSecurityConfigSupported() && ((ReloadableSecurityProvider) getCurrentSecurityProvider()).reloadConfigAvailable();
    }

    public void reloadSecurityConfig() {
        checkSecurityProviderConfigured();
        if (!isReloadSecurityConfigSupported()) {
            throw new UnsupportedOperationException("Reloading configuration is not supported for " + this.securityConfigurationManager.getCurrentSecurityProviderName());
        }
        ((ReloadableSecurityProvider) getCurrentSecurityProvider()).reloadConfig();
    }

    public boolean isUserManagementSupported() {
        return isSecurityProviderConfigured() && (getCurrentSecurityProvider() instanceof UserManagementProvider);
    }

    public List<String> getUsernames() {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        return getCurrentUserManagementProvider().getUsernames();
    }

    public UserCredentialsModel getUser(String str) {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        return getCurrentUserManagementProvider().getUser(str).orElseThrow(() -> {
            return new NoUserFoundApiException(str);
        });
    }

    public void deleteUser(String str) {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        getCurrentUserManagementProvider().deleteUser(str);
    }

    public void changePassword(String str, String str2) {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        getCurrentUserManagementProvider().changePassword(str, str2);
    }

    public void updateUser(String str, String str2) {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        getCurrentUserManagementProvider().updateUser(str, str2);
    }

    public void createUser(String str, String str2, String str3) {
        checkSecurityProviderConfigured();
        checkUserManagementSupported();
        getCurrentUserManagementProvider().createUser(str, str2, str3);
    }

    public String getCurrentSecurityProviderName() {
        return (String) Optional.ofNullable(getCurrentSecurityProvider()).map((v0) -> {
            return v0.getName();
        }).orElse(null);
    }

    public SecurityProvider getCurrentSecurityProvider() {
        return this.providerPool.get(this.securityConfigurationManager.getCurrentSecurityProviderName());
    }

    private AuthenticationProvider getAuthenticationProvider() {
        checkSecurityProviderConfigured();
        return getCurrentSecurityProvider().getAuthenticationProvider();
    }

    private void checkSecurityProviderConfigured() {
        if (!isSecurityProviderConfigured()) {
            throw new InvalidOperationApiException("Security provider needs to be configured first!");
        }
    }

    private void checkUserManagementSupported() {
        if (!isUserManagementSupported()) {
            throw new InvalidOperationApiException("User management not supported by " + this.securityConfigurationManager.getCurrentSecurityProviderName() + " security provider");
        }
    }

    private UserManagementProvider getCurrentUserManagementProvider() {
        return (UserManagementProvider) getCurrentSecurityProvider();
    }

    public boolean isDevModeActive() {
        return getCurrentSecurityProvider() == this.providerPool.get(DevModeSecurityProvider.NAME);
    }
}
