package org.apache.druid.security.basic.authentication;

import com.google.common.annotations.VisibleForTesting;
import java.security.Principal;
import java.time.Instant;
import java.util.Arrays;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import javax.naming.directory.SearchResult;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials;
import org.apache.druid.security.basic.authentication.validator.PasswordHashGenerator;

/* loaded from: input_file:org/apache/druid/security/basic/authentication/LdapUserPrincipal.class */
public class LdapUserPrincipal implements Principal {
    private static final Logger LOG = new Logger(LdapUserPrincipal.class);
    private final String name;
    private final BasicAuthenticatorCredentials credentials;
    private final SearchResult searchResult;
    private final Instant createdAt;
    private final AtomicReference<Instant> lastVerified;

    public LdapUserPrincipal(String str, BasicAuthenticatorCredentials basicAuthenticatorCredentials, SearchResult searchResult) {
        this(str, basicAuthenticatorCredentials, searchResult, Instant.now());
    }

    @VisibleForTesting
    public LdapUserPrincipal(String str, BasicAuthenticatorCredentials basicAuthenticatorCredentials, SearchResult searchResult, Instant instant) {
        this.lastVerified = new AtomicReference<>();
        Objects.requireNonNull(str, "name is required");
        Objects.requireNonNull(basicAuthenticatorCredentials, "credentials is required");
        Objects.requireNonNull(searchResult, "searchResult is required");
        Objects.requireNonNull(instant, "createdAt is required");
        this.name = str;
        this.credentials = basicAuthenticatorCredentials;
        this.searchResult = searchResult;
        this.createdAt = instant;
        this.lastVerified.set(instant);
    }

    @Override // java.security.Principal
    public String getName() {
        return this.name;
    }

    public SearchResult getSearchResult() {
        return this.searchResult;
    }

    public Instant getCreatedAt() {
        return this.createdAt;
    }

    public Instant getLastVerified() {
        return this.lastVerified.get();
    }

    public boolean hasSameCredentials(char[] cArr) {
        if (!Arrays.equals(PasswordHashGenerator.computePasswordHash(cArr, this.credentials.getSalt(), this.credentials.getIterations()), this.credentials.getHash())) {
            return false;
        }
        this.lastVerified.set(Instant.now());
        LOG.debug("Refereshing lastVerified principal user '%s'", new Object[]{this.name});
        return true;
    }

    public boolean isExpired(int i, int i2) {
        return isExpired(i, i2, System.currentTimeMillis());
    }

    @VisibleForTesting
    boolean isExpired(int i, int i2, long j) {
        if (this.createdAt.toEpochMilli() < j - (i2 * 1000)) {
            return true;
        }
        return this.lastVerified.get().toEpochMilli() < j - (((long) i) * 1000);
    }

    @Override // java.security.Principal
    public String toString() {
        return StringUtils.format("LdapUserPrincipal[name=%s, searchResult=%s, createdAt=%s, lastVerified=%s]", new Object[]{this.name, this.searchResult, this.createdAt, this.lastVerified});
    }
}
