package com.floragunn.searchguard.user;

import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.jayway.jsonpath.JsonPath;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchSecurityException;

/* loaded from: input_file:com/floragunn/searchguard/user/AuthCredentials.class */
public final class AuthCredentials implements UserInformation {
    private static final Logger log = LogManager.getLogger(AuthCredentials.class);
    private static final String DIGEST_ALGORITHM = "SHA-256";
    private final String username;
    private final String subUserName;
    private final AuthDomainInfo authDomainInfo;
    private byte[] password;
    private Object nativeCredentials;
    private final ImmutableSet<String> backendRoles;
    private final ImmutableSet<String> searchGuardRoles;
    private boolean complete;
    private final boolean authzComplete;
    private final byte[] internalPasswordHash;
    private boolean secretsCleared;
    private Exception secretsClearedAt;
    private String redirectUri;
    private final Map<String, String> attributes;
    private final Map<String, Object> structuredAttributes;
    private final Map<String, Object> claims;
    private final ImmutableMap<String, Object> attributesForUserMapping;

    /* loaded from: input_file:com/floragunn/searchguard/user/AuthCredentials$Builder.class */
    public static class Builder {
        private String userName;
        private String subUserName;
        private AuthDomainInfo authDomainInfo;
        private byte[] password;
        private Object nativeCredentials;
        private ImmutableSet.Builder<String> backendRoles;
        private ImmutableSet.Builder<String> searchGuardRoles;
        private boolean complete;
        private boolean authzComplete;
        private byte[] internalPasswordHash;
        private ImmutableMap.Builder<String, String> attributes;
        private ImmutableMap.Builder<String, Object> structuredAttributes;
        private ImmutableMap.Builder<String, Object> attributesForUserMapping;
        private ImmutableMap.Builder<String, Object> claims;
        private String redirectUri;

        public Builder() {
            this.authDomainInfo = AuthDomainInfo.UNKNOWN;
            this.backendRoles = new ImmutableSet.Builder<>();
            this.searchGuardRoles = new ImmutableSet.Builder<>();
            this.structuredAttributes = new ImmutableMap.Builder<>();
            this.attributes = new ImmutableMap.Builder<>();
            this.claims = new ImmutableMap.Builder<>();
            this.attributesForUserMapping = new ImmutableMap.Builder<>();
        }

        Builder(AuthCredentials authCredentials) {
            this.authDomainInfo = AuthDomainInfo.UNKNOWN;
            this.userName = authCredentials.username;
            this.subUserName = authCredentials.subUserName;
            this.password = authCredentials.password;
            this.backendRoles = new ImmutableSet.Builder<>(authCredentials.backendRoles);
            this.searchGuardRoles = new ImmutableSet.Builder<>(authCredentials.searchGuardRoles);
            this.complete = authCredentials.complete;
            this.internalPasswordHash = authCredentials.internalPasswordHash;
            this.attributes = new ImmutableMap.Builder<>(authCredentials.attributes);
            this.structuredAttributes = new ImmutableMap.Builder<>(authCredentials.structuredAttributes);
            this.attributesForUserMapping = new ImmutableMap.Builder<>(authCredentials.attributesForUserMapping);
            this.authDomainInfo = authCredentials.authDomainInfo;
            this.redirectUri = authCredentials.redirectUri;
            this.claims = new ImmutableMap.Builder<>(authCredentials.claims);
        }

        public Builder userName(String str) {
            this.userName = str;
            this.attributesForUserMapping.with("credentials", ImmutableMap.of("user_name", str));
            return this;
        }

        public Builder subUserName(String str) {
            this.subUserName = str;
            return this;
        }

        public Builder password(byte[] bArr) {
            if (bArr == null || bArr.length == 0) {
                throw new IllegalArgumentException("password must not be null or empty");
            }
            this.password = Arrays.copyOf(bArr, bArr.length);
            try {
                this.internalPasswordHash = MessageDigest.getInstance(AuthCredentials.DIGEST_ALGORITHM).digest(this.password);
                Arrays.fill(bArr, (byte) 0);
                return this;
            } catch (NoSuchAlgorithmException e) {
                throw new ElasticsearchSecurityException("Unable to digest password", e, new Object[0]);
            }
        }

        public Builder password(String str) {
            return password(str.getBytes(StandardCharsets.UTF_8));
        }

        public Builder nativeCredentials(Object obj) {
            if (obj == null) {
                throw new IllegalArgumentException("nativeCredentials must not be null or empty");
            }
            this.nativeCredentials = obj;
            return this;
        }

        public Builder backendRoles(String... strArr) {
            if (strArr == null) {
                return this;
            }
            this.backendRoles.addAll(strArr);
            return this;
        }

        public Builder backendRoles(Collection<String> collection) {
            if (collection == null) {
                return this;
            }
            this.backendRoles.addAll(collection);
            return this;
        }

        public Builder searchGuardRoles(Collection<String> collection) {
            if (this.backendRoles == null) {
                return this;
            }
            this.searchGuardRoles.addAll(collection);
            return this;
        }

        public Builder complete() {
            this.complete = true;
            return this;
        }

        public Builder oldAttribute(String str, String str2) {
            if (str != null && !str.isEmpty()) {
                this.attributes.put(str, str2);
            }
            return this;
        }

        public Builder authzComplete() {
            this.authzComplete = true;
            return this;
        }

        public Builder oldAttributes(Map<String, String> map) {
            this.attributes.putAll(map);
            return this;
        }

        public Builder prefixOldAttributes(String str, Map<String, ?> map) {
            for (Map.Entry<String, ?> entry : map.entrySet()) {
                this.attributes.put(str + entry.getKey(), entry.getValue() != null ? entry.getValue().toString() : null);
            }
            return this;
        }

        public Builder attribute(String str, Object obj) {
            Attributes.validate(obj);
            if (str != null && !str.isEmpty()) {
                this.structuredAttributes.put(str, obj);
            }
            return this;
        }

        public Builder attributes(Map<String, Object> map) {
            Attributes.validate(map);
            this.structuredAttributes.putAll(map);
            return this;
        }

        public Builder attributesByJsonPath(Map<String, JsonPath> map, Object obj) {
            Attributes.addAttributesByJsonPath(map, obj, this.structuredAttributes);
            return this;
        }

        public Builder userMappingAttribute(String str, Object obj) {
            if (str != null && !str.isEmpty()) {
                this.attributesForUserMapping.with(str, obj);
            }
            return this;
        }

        public Builder claims(Map<String, Object> map) {
            this.claims.putAll(map);
            return this;
        }

        public Builder authenticatorType(String str) {
            this.authDomainInfo = this.authDomainInfo.authenticatorType(str);
            return this;
        }

        public Builder authDomainInfo(AuthDomainInfo authDomainInfo) {
            this.authDomainInfo = this.authDomainInfo.add(authDomainInfo);
            return this;
        }

        public String getUserName() {
            return this.userName;
        }

        public String getRedirectUri() {
            return this.redirectUri;
        }

        public Builder redirectUri(String str) {
            this.redirectUri = str;
            return this;
        }

        public AuthCredentials build() {
            AuthCredentials authCredentials = new AuthCredentials(this.userName, this.subUserName, this.authDomainInfo, this.password, this.nativeCredentials, this.backendRoles.build(), this.searchGuardRoles.build(), this.complete, this.authzComplete, this.internalPasswordHash, this.structuredAttributes.build(), this.attributes.build(), this.attributesForUserMapping.build(), this.claims.build(), this.redirectUri);
            this.password = null;
            this.nativeCredentials = null;
            this.internalPasswordHash = null;
            return authCredentials;
        }
    }

    public static Builder forUser(String str) {
        return new Builder().userName(str);
    }

    private AuthCredentials(String str, String str2, AuthDomainInfo authDomainInfo, byte[] bArr, Object obj, ImmutableSet<String> immutableSet, ImmutableSet<String> immutableSet2, boolean z, boolean z2, byte[] bArr2, Map<String, Object> map, Map<String, String> map2, ImmutableMap<String, Object> immutableMap, Map<String, Object> map3, String str3) {
        this.username = str;
        this.subUserName = str2;
        this.authDomainInfo = authDomainInfo;
        this.password = bArr;
        this.nativeCredentials = obj;
        this.backendRoles = immutableSet;
        this.searchGuardRoles = immutableSet2;
        this.complete = z;
        this.authzComplete = z2;
        this.internalPasswordHash = bArr2;
        this.attributes = Collections.unmodifiableMap(map2);
        this.structuredAttributes = Collections.unmodifiableMap(map);
        this.attributesForUserMapping = immutableMap;
        this.claims = Collections.unmodifiableMap(map3);
        this.redirectUri = str3;
    }

    @Deprecated
    public AuthCredentials(String str, Object obj) {
        this(str, null, obj, new String[0]);
        if (obj == null) {
            throw new IllegalArgumentException("nativeCredentials must not be null or empty");
        }
    }

    @Deprecated
    public AuthCredentials(String str, byte[] bArr) {
        this(str, bArr, null, new String[0]);
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("password must not be null or empty");
        }
    }

    @Deprecated
    public AuthCredentials(String str, String... strArr) {
        this(str, null, null, strArr);
    }

    @Deprecated
    private AuthCredentials(String str, byte[] bArr, Object obj, String... strArr) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("username must not be null or empty");
        }
        this.username = str;
        this.password = bArr == null ? null : Arrays.copyOf(bArr, bArr.length);
        this.subUserName = null;
        this.complete = false;
        this.authzComplete = false;
        this.authDomainInfo = AuthDomainInfo.UNKNOWN;
        if (this.password != null) {
            try {
                this.internalPasswordHash = MessageDigest.getInstance(DIGEST_ALGORITHM).digest(this.password);
            } catch (NoSuchAlgorithmException e) {
                throw new ElasticsearchSecurityException("Unable to digest password", e, new Object[0]);
            }
        } else {
            this.internalPasswordHash = null;
        }
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        this.nativeCredentials = obj;
        if (strArr == null || strArr.length <= 0) {
            this.backendRoles = ImmutableSet.empty();
        } else {
            this.backendRoles = ImmutableSet.ofArray(strArr);
        }
        this.searchGuardRoles = ImmutableSet.empty();
        this.attributesForUserMapping = ImmutableMap.empty();
        this.attributes = new HashMap();
        this.structuredAttributes = new HashMap();
        this.claims = new HashMap();
    }

    public void clearSecrets() {
        if (this.secretsCleared) {
            return;
        }
        this.secretsCleared = true;
        if (log.isDebugEnabled()) {
            this.secretsClearedAt = new Exception("clearSecrets() called at:");
        }
        if (this.password != null) {
            Arrays.fill(this.password, (byte) 0);
            this.password = null;
        }
        this.nativeCredentials = null;
    }

    public String getUsername() {
        return this.username;
    }

    public String getSubUserName() {
        return this.subUserName;
    }

    public byte[] getPassword() {
        if (this.secretsCleared) {
            throw new IllegalStateException("Secrets for " + this + " have been already cleared", this.secretsClearedAt);
        }
        if (this.password == null) {
            return null;
        }
        return Arrays.copyOf(this.password, this.password.length);
    }

    public Object getNativeCredentials() {
        return this.nativeCredentials;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * 1) + Arrays.hashCode(this.internalPasswordHash))) + (this.username == null ? 0 : this.username.hashCode()))) + (this.subUserName == null ? 0 : this.subUserName.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AuthCredentials authCredentials = (AuthCredentials) obj;
        if (this.internalPasswordHash == null || authCredentials.internalPasswordHash == null || !MessageDigest.isEqual(this.internalPasswordHash, authCredentials.internalPasswordHash)) {
            return false;
        }
        if (this.username == null) {
            if (authCredentials.username != null) {
                return false;
            }
        } else if (!this.username.equals(authCredentials.username)) {
            return false;
        }
        return this.subUserName == null ? authCredentials.subUserName == null : this.subUserName.equals(authCredentials.subUserName);
    }

    public Set<String> getBackendRoles() {
        return this.backendRoles;
    }

    public boolean isComplete() {
        return this.complete;
    }

    public boolean isAuthzComplete() {
        return this.authzComplete;
    }

    public Map<String, String> getAttributes() {
        return this.attributes;
    }

    public AuthCredentials userName(String str) {
        return new AuthCredentials(str, this.subUserName, this.authDomainInfo, this.password, this.nativeCredentials, this.backendRoles, this.searchGuardRoles, this.complete, this.authzComplete, this.internalPasswordHash, this.structuredAttributes, this.attributes, this.attributesForUserMapping, this.claims, this.redirectUri);
    }

    public AuthCredentials with(AuthCredentials authCredentials) {
        return (authCredentials == this || authCredentials == null) ? this : new AuthCredentials(this.username, this.subUserName, this.authDomainInfo, this.password, this.nativeCredentials, this.backendRoles.with(authCredentials.backendRoles), this.searchGuardRoles.with(authCredentials.searchGuardRoles), this.complete, this.authzComplete, this.internalPasswordHash, mergeMaps(this.structuredAttributes, authCredentials.structuredAttributes), this.attributes, mergeMaps(this.attributesForUserMapping, authCredentials.attributesForUserMapping), this.claims, this.redirectUri);
    }

    public AuthCredentials with(AuthDomainInfo authDomainInfo) {
        return new AuthCredentials(this.username, this.subUserName, authDomainInfo, this.password, this.nativeCredentials, this.backendRoles, this.searchGuardRoles, this.complete, this.authzComplete, this.internalPasswordHash, this.structuredAttributes, this.attributes, this.attributesForUserMapping, this.claims, this.redirectUri);
    }

    public Builder copy() {
        return new Builder(this);
    }

    @Deprecated
    public AuthCredentials markComplete() {
        this.complete = true;
        return this;
    }

    @Deprecated
    public void addAttribute(String str, String str2) {
        if (str == null || str.isEmpty()) {
            return;
        }
        this.attributes.put(str, str2);
    }

    public Map<String, Object> getStructuredAttributes() {
        return this.structuredAttributes;
    }

    public Map<String, Object> getClaims() {
        return this.claims;
    }

    public AuthDomainInfo getAuthDomainInfo() {
        return this.authDomainInfo;
    }

    @Override // com.floragunn.searchguard.user.UserInformation
    public String getName() {
        return this.username;
    }

    @Override // com.floragunn.searchguard.user.UserInformation
    public String getSubName() {
        return this.subUserName;
    }

    @Override // com.floragunn.searchguard.user.UserInformation
    public String getAuthDomain() {
        if (this.authDomainInfo != null) {
            return this.authDomainInfo.toInfoString();
        }
        return null;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public ImmutableMap<String, Object> getAttributesForUserMapping() {
        return this.attributesForUserMapping;
    }

    public AuthCredentials userMappingAttributes(ImmutableMap<String, Object> immutableMap) {
        return new AuthCredentials(this.username, this.subUserName, this.authDomainInfo, this.password, this.nativeCredentials, this.backendRoles, this.searchGuardRoles, this.complete, this.authzComplete, this.internalPasswordHash, this.structuredAttributes, this.attributes, this.attributesForUserMapping.with(immutableMap), this.claims, this.redirectUri);
    }

    public AuthCredentials userMappingAttribute(String str, Object obj) {
        return new AuthCredentials(this.username, this.subUserName, this.authDomainInfo, this.password, this.nativeCredentials, this.backendRoles, this.searchGuardRoles, this.complete, this.authzComplete, this.internalPasswordHash, this.structuredAttributes, this.attributes, this.attributesForUserMapping.with(str, obj), this.claims, this.redirectUri);
    }

    public ImmutableSet<String> getSearchGuardRoles() {
        return this.searchGuardRoles;
    }

    public String toString() {
        return "AuthCredentials [username=" + this.username + ", subUserName=" + this.subUserName + ", authDomainInfo=" + this.authDomainInfo + ", password=" + (this.password != null ? "REDACTED" : null) + ", nativeCredentials=" + (this.nativeCredentials != null ? "REDACTED" : null) + ", backendRoles=" + this.backendRoles + ", searchGuardRoles=" + this.searchGuardRoles + ", complete=" + this.complete + ", authzComplete=" + this.authzComplete + ", redirectUri=" + this.redirectUri + ", attributes=" + this.attributes + ", structuredAttributes=" + this.structuredAttributes + ", claims=" + this.claims + ", attributesForUserMapping=" + this.attributesForUserMapping + "]";
    }

    private static ImmutableMap<String, Object> mergeMaps(Map<String, Object> map, Map<String, Object> map2) {
        if (map2 == null || map2.size() == 0) {
            return ImmutableMap.of(map);
        }
        if (map == null || map.size() == 0) {
            return ImmutableMap.of(map2);
        }
        ImmutableMap.Builder builder = new ImmutableMap.Builder(map);
        for (Map.Entry<String, Object> entry : map2.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            Object obj = builder.get(key);
            if (obj == null) {
                builder.put(key, value);
            } else if ((obj instanceof Collection) && (value instanceof Collection)) {
                if (obj instanceof Set) {
                    builder.put(key, ImmutableSet.of((Collection) obj).with((Collection) value));
                } else {
                    builder.put(key, ImmutableList.of((Collection) obj).with((Collection) value));
                }
            } else if ((obj instanceof Map) && (value instanceof Map)) {
                builder.put(key, mergeMaps((Map) obj, (Map) value));
            }
        }
        return builder.build();
    }
}
