package com.networknt.oauth.auth;

import com.networknt.db.provider.DbProviderConfig;
import com.networknt.ldap.LdapUtil;
import com.networknt.oauth.security.LightGSSContextCredential;
import com.networknt.oauth.security.LightPasswordCredential;
import com.networknt.utility.Constants;
import com.networknt.utility.HashUtil;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/auth/DefaultAuthenticator.class */
public class DefaultAuthenticator extends AuthenticatorBase<DefaultAuth> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultAuthenticator.class);
    private static final Map<String, Object> users = new ConcurrentHashMap();

    public DefaultAuthenticator() {
        HashMap hashMap = new HashMap();
        hashMap.put(DbProviderConfig.USERNAME, "stevehu@gmail.com");
        hashMap.put(DbProviderConfig.PASSWORD, "1000:5b39342c202d37372c203132302c202d3132302c2034372c2032332c2034352c202d34342c202d31362c2034372c202d35392c202d35362c2039302c202d352c202d38322c202d32385d:949e6fcf9c4bb8a3d6a8c141a3a9182a572fb95fe8ccdc93b54ba53df8ef2e930f7b0348590df0d53f242ccceeae03aef6d273a34638b49c559ada110ec06992");
        hashMap.put(Constants.ROLES, "admin user");
        users.put("stevehu@gmail.com", hashMap);
    }

    @Override // com.networknt.oauth.auth.Authenticator
    public Account authenticate(final String str, Credential credential) {
        Account account = getAccount(str);
        if (account == null) {
            return null;
        }
        if (credential instanceof LightPasswordCredential) {
            LightPasswordCredential lightPasswordCredential = (LightPasswordCredential) credential;
            char[] password = lightPasswordCredential.getPassword();
            lightPasswordCredential.getClientAuthClass();
            lightPasswordCredential.getUserType();
            try {
                boolean validatePassword = HashUtil.validatePassword(password, (String) ((Map) users.get(account.getPrincipal().getName())).get(DbProviderConfig.PASSWORD));
                Arrays.fill(password, ' ');
                if (!validatePassword) {
                    return null;
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                logger.error("Exception:", e);
                return null;
            }
        } else if (credential instanceof LightGSSContextCredential) {
            return new Account() { // from class: com.networknt.oauth.auth.DefaultAuthenticator.1
                private Set<String> roles;
                private final Principal principal;

                {
                    this.roles = LdapUtil.authorize(str);
                    String str2 = str;
                    this.principal = () -> {
                        return str2;
                    };
                }

                @Override // io.undertow.security.idm.Account
                public Principal getPrincipal() {
                    return this.principal;
                }

                @Override // io.undertow.security.idm.Account
                public Set<String> getRoles() {
                    return this.roles;
                }
            };
        }
        return account;
    }

    private Account getAccount(final String str) {
        if (users.containsKey(str)) {
            return new Account() { // from class: com.networknt.oauth.auth.DefaultAuthenticator.2
                Map<String, Object> user;
                private Set<String> roles;
                private final Principal principal;

                {
                    this.user = (Map) DefaultAuthenticator.users.get(str);
                    this.roles = DefaultAuthenticator.this.parseRoles((String) this.user.get(Constants.ROLES));
                    String str2 = str;
                    this.principal = () -> {
                        return str2;
                    };
                }

                @Override // io.undertow.security.idm.Account
                public Principal getPrincipal() {
                    return this.principal;
                }

                @Override // io.undertow.security.idm.Account
                public Set<String> getRoles() {
                    return this.roles;
                }
            };
        }
        return null;
    }

    public Set<String> parseRoles(String str) {
        Set<String> set = Collections.EMPTY_SET;
        if (str != null) {
            String trim = str.trim();
            if (trim.contains(" ")) {
                set = new HashSet(Arrays.asList(trim.split("\\s+")));
            } else {
                set = new HashSet();
                set.add(trim);
            }
        }
        return set;
    }
}
