package org.apache.qpid.server.security.auth.database;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PasswordPrincipal;
import org.apache.qpid.server.security.auth.sasl.PasswordSource;
import org.apache.qpid.server.util.FileHelper;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.class */
public abstract class AbstractPasswordFilePrincipalDatabase<U extends PasswordPrincipal> implements PrincipalDatabase {
    protected static final String DEFAULT_ENCODING = "utf-8";
    private final Pattern _regexp = Pattern.compile(":");
    private final Map<String, U> _userMap = new HashMap();
    private final ReentrantLock _userUpdate = new ReentrantLock();
    private final FileHelper _fileHelper = new FileHelper();
    private final PasswordCredentialManagingAuthenticationProvider<?> _authenticationProvider;
    private File _passwordFile;

    public AbstractPasswordFilePrincipalDatabase(PasswordCredentialManagingAuthenticationProvider<?> passwordCredentialManagingAuthenticationProvider) {
        this._authenticationProvider = passwordCredentialManagingAuthenticationProvider;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public final PasswordCredentialManagingAuthenticationProvider<?> getAuthenticationProvider() {
        return this._authenticationProvider;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public final void open(File file) throws IOException {
        getLogger().debug("PasswordFile using file : {}", file.getAbsolutePath());
        this._passwordFile = file;
        if (!file.exists()) {
            throw new FileNotFoundException("Cannot find password file " + file);
        }
        if (!file.canRead()) {
            throw new FileNotFoundException("Cannot read password file " + file + ". Check permissions.");
        }
        loadPasswordFile();
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public final void setPassword(Principal principal, PasswordCallback passwordCallback) throws AccountNotFoundException {
        if (this._passwordFile == null) {
            throw new AccountNotFoundException("Unable to locate principal since no password file was specified during initialisation");
        }
        if (principal == null) {
            throw new IllegalArgumentException("principal must not be null");
        }
        char[] lookupPassword = lookupPassword(principal.getName());
        if (lookupPassword == null) {
            throw new AccountNotFoundException("No account found for principal " + principal);
        }
        passwordCallback.setPassword(lookupPassword);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final char[] lookupPassword(String str) {
        U u = this._userMap.get(str);
        if (u == null) {
            return null;
        }
        return u.getPassword();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean compareCharArray(char[] cArr, char[] cArr2) {
        boolean z = false;
        if (cArr.length == cArr2.length) {
            z = true;
            for (int i = 0; z && i < cArr.length; i++) {
                z = cArr[i] == cArr2[i];
            }
        }
        return z;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean updatePassword(Principal principal, char[] cArr) throws AccountNotFoundException {
        U u = this._userMap.get(principal.getName());
        if (u == null) {
            throw new AccountNotFoundException(principal.getName());
        }
        for (char c : cArr) {
            if (c == ':') {
                throw new IllegalArgumentException("Illegal character in password");
            }
        }
        char[] password = u.getPassword();
        this._userUpdate.lock();
        try {
            try {
                u.setPassword(cArr);
                savePasswordFile();
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                getLogger().error("Unable to save password file due to '{}', password change for user '{}' discarded", e.getMessage(), principal);
                u.restorePassword(password);
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordSource getPasswordSource() {
        return this::lookupPassword;
    }

    private void loadPasswordFile() throws IOException {
        try {
            this._userUpdate.lock();
            HashMap hashMap = new HashMap();
            BufferedReader bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        getLogger().debug("Loaded {} user(s) from {}", Integer.valueOf(hashMap.size()), this._passwordFile);
                        this._userMap.clear();
                        this._userMap.putAll(hashMap);
                        this._userUpdate.unlock();
                        return;
                    }
                    String[] split = this._regexp.split(readLine);
                    if (split != null && split.length >= 2 && !split[0].startsWith("#")) {
                        U createUserFromFileData = createUserFromFileData(split);
                        hashMap.put(createUserFromFileData.getName(), createUserFromFileData);
                    }
                } finally {
                }
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    protected abstract U createUserFromFileData(String[] strArr);

    protected abstract Logger getLogger();

    protected void savePasswordFile() throws IOException {
        try {
            this._userUpdate.lock();
            this._fileHelper.writeFileSafely(this._passwordFile.toPath(), this::writeToFile);
        } finally {
            this._userUpdate.unlock();
        }
    }

    private void writeToFile(File file) throws IOException {
        try {
            PrintStream printStream = new PrintStream(file);
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String[] split = this._regexp.split(readLine);
                        if (split == null || split.length < 2 || split[0].startsWith("#")) {
                            printStream.write(readLine.getBytes(DEFAULT_ENCODING));
                            printStream.println();
                        } else {
                            U u = this._userMap.get(split[0]);
                            if (u == null) {
                                printStream.write(readLine.getBytes(DEFAULT_ENCODING));
                                printStream.println();
                            } else if (!u.isDeleted()) {
                                if (u.isModified()) {
                                    byte[] encodedPassword = u.getEncodedPassword();
                                    printStream.write((u.getName() + ":").getBytes(DEFAULT_ENCODING));
                                    printStream.write(encodedPassword);
                                    printStream.println();
                                    u.saved();
                                } else {
                                    printStream.write(readLine.getBytes(DEFAULT_ENCODING));
                                    printStream.println();
                                }
                            }
                        }
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                }
                for (U u2 : this._userMap.values()) {
                    if (u2.isModified()) {
                        byte[] encodedPassword2 = u2.getEncodedPassword();
                        printStream.write((u2.getName() + ":").getBytes(DEFAULT_ENCODING));
                        printStream.write(encodedPassword2);
                        printStream.println();
                        u2.saved();
                    }
                }
                bufferedReader.close();
                printStream.close();
            } finally {
            }
        } catch (IOException e) {
            getLogger().error("Unable to create the new password file", e);
            throw new IOException("Unable to create the new password file", e);
        }
    }

    protected abstract U createUserFromPassword(Principal principal, char[] cArr);

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public void reload() throws IOException {
        loadPasswordFile();
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public List<Principal> getUsers() {
        return new LinkedList(this._userMap.values());
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public Principal getUser(String str) {
        if (this._userMap.containsKey(str)) {
            return new UsernamePrincipal(str, getAuthenticationProvider());
        }
        return null;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean deletePrincipal(Principal principal) throws AccountNotFoundException {
        U u = this._userMap.get(principal.getName());
        if (u == null) {
            throw new AccountNotFoundException(principal.getName());
        }
        try {
            this._userUpdate.lock();
            u.delete();
            try {
                savePasswordFile();
                this._userMap.remove(u.getName());
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                getLogger().error("Unable to remove user '{}' from password file.", u.getName());
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean createPrincipal(Principal principal, char[] cArr) {
        if (this._userMap.get(principal.getName()) != null) {
            return false;
        }
        if (principal.getName().contains(":")) {
            throw new IllegalArgumentException("Username must not contain colons (\":\").");
        }
        for (char c : cArr) {
            if (c == ':') {
                throw new IllegalArgumentException("Illegal character in password");
            }
        }
        U createUserFromPassword = createUserFromPassword(principal, cArr);
        try {
            this._userUpdate.lock();
            this._userMap.put(createUserFromPassword.getName(), createUserFromPassword);
            try {
                savePasswordFile();
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                this._userMap.remove(createUserFromPassword.getName());
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }
}
