package org.apache.qpid.server.security.auth.database;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
import joptsimple.internal.Strings;
import org.apache.activemq.transport.stomp.Stomp;
import org.apache.log4j.Logger;
import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser;

/* loaded from: input_file:org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.class */
public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase {
    private static final Logger _logger = Logger.getLogger(Base64MD5PasswordFilePrincipalDatabase.class);
    private File _passwordFile;
    AMQUserManagementMBean _mbean;
    public static final String DEFAULT_ENCODING = "utf-8";
    private Pattern _regexp = Pattern.compile(Stomp.Headers.SEPERATOR);
    private Map<String, HashedUser> _users = new HashMap();
    private ReentrantLock _userUpdate = new ReentrantLock();
    private Map<String, AuthenticationProviderInitialiser> _saslServers = new HashMap();

    public Base64MD5PasswordFilePrincipalDatabase() {
        CRAMMD5HashedInitialiser cRAMMD5HashedInitialiser = new CRAMMD5HashedInitialiser();
        cRAMMD5HashedInitialiser.initialise(this);
        this._saslServers.put(cRAMMD5HashedInitialiser.getMechanismName(), cRAMMD5HashedInitialiser);
        CRAMMD5HexInitialiser cRAMMD5HexInitialiser = new CRAMMD5HexInitialiser();
        cRAMMD5HexInitialiser.initialise(this);
        this._saslServers.put(cRAMMD5HexInitialiser.getMechanismName(), cRAMMD5HexInitialiser);
    }

    public void setPasswordFile(String str) throws IOException {
        File file = new File(str);
        _logger.info("PasswordFilePrincipalDatabase using file " + file.getAbsolutePath());
        this._passwordFile = file;
        if (!file.exists()) {
            throw new FileNotFoundException("Cannot find password file " + file);
        }
        if (!file.canRead()) {
            throw new FileNotFoundException("Cannot read password file " + file + ". Check permissions.");
        }
        loadPasswordFile();
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public void setPassword(Principal principal, PasswordCallback passwordCallback) throws AccountNotFoundException {
        if (this._passwordFile == null) {
            throw new AccountNotFoundException("Unable to locate principal since no password file was specified during initialisation");
        }
        if (principal == null) {
            throw new IllegalArgumentException("principal must not be null");
        }
        char[] lookupPassword = lookupPassword(principal.getName());
        if (lookupPassword == null) {
            throw new AccountNotFoundException("No account found for principal " + principal);
        }
        passwordCallback.setPassword(lookupPassword);
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean verifyPassword(String str, char[] cArr) throws AccountNotFoundException {
        char[] lookupPassword = lookupPassword(str);
        if (lookupPassword == null) {
            throw new AccountNotFoundException("Unable to lookup the specfied users password");
        }
        byte[] bArr = new byte[cArr.length];
        int i = 0;
        for (char c : cArr) {
            int i2 = i;
            i++;
            bArr[i2] = (byte) c;
        }
        try {
            byte[] md5 = HashedUser.getMD5(bArr);
            char[] cArr2 = new char[md5.length];
            int i3 = 0;
            for (byte b : md5) {
                int i4 = i3;
                i3++;
                cArr2[i4] = (char) b;
            }
            return compareCharArray(lookupPassword, cArr2);
        } catch (Exception e) {
            _logger.warn("Unable to hash password for user '" + str + "' for comparison");
            return false;
        }
    }

    private boolean compareCharArray(char[] cArr, char[] cArr2) {
        boolean z = false;
        if (cArr.length == cArr2.length) {
            z = true;
            for (int i = 0; z && i < cArr.length; i++) {
                z = cArr[i] == cArr2[i];
            }
        }
        return z;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean updatePassword(Principal principal, char[] cArr) throws AccountNotFoundException {
        HashedUser hashedUser = this._users.get(principal.getName());
        try {
            if (hashedUser == null) {
                throw new AccountNotFoundException(principal.getName());
            }
            try {
                this._userUpdate.lock();
                char[] password = hashedUser.getPassword();
                hashedUser.setPassword(cArr, false);
                try {
                    savePasswordFile();
                    return true;
                } catch (IOException e) {
                    _logger.error("Unable to save password file, password change for user'" + principal + "' will revert at restart");
                    hashedUser.setPassword(password, true);
                    this._userUpdate.unlock();
                    return false;
                }
            } finally {
                this._userUpdate.unlock();
            }
        } catch (Exception e2) {
            return false;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean createPrincipal(Principal principal, char[] cArr) {
        if (this._users.get(principal.getName()) != null) {
            return false;
        }
        try {
            HashedUser hashedUser = new HashedUser(principal.getName(), cArr);
            try {
                this._userUpdate.lock();
                this._users.put(hashedUser.getName(), hashedUser);
                try {
                    savePasswordFile();
                    this._userUpdate.unlock();
                    return true;
                } catch (IOException e) {
                    this._users.remove(hashedUser.getName());
                    this._userUpdate.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this._userUpdate.unlock();
                throw th;
            }
        } catch (Exception e2) {
            _logger.warn("Unable to create new user '" + principal.getName() + Strings.SINGLE_QUOTE);
            return false;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean deletePrincipal(Principal principal) throws AccountNotFoundException {
        HashedUser hashedUser = this._users.get(principal.getName());
        if (hashedUser == null) {
            throw new AccountNotFoundException(principal.getName());
        }
        try {
            this._userUpdate.lock();
            hashedUser.delete();
            try {
                savePasswordFile();
                this._users.remove(hashedUser.getName());
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                _logger.warn("Unable to remove user '" + hashedUser.getName() + "' from password file.");
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public Map<String, AuthenticationProviderInitialiser> getMechanisms() {
        return this._saslServers;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public List<Principal> getUsers() {
        return new LinkedList(this._users.values());
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public Principal getUser(String str) {
        if (this._users.containsKey(str)) {
            return new UsernamePrincipal(str);
        }
        return null;
    }

    private char[] lookupPassword(String str) {
        HashedUser hashedUser = this._users.get(str);
        if (hashedUser == null) {
            return null;
        }
        return hashedUser.getPassword();
    }

    private void loadPasswordFile() throws IOException {
        try {
            this._userUpdate.lock();
            this._users.clear();
            BufferedReader bufferedReader = null;
            try {
                bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String[] split = this._regexp.split(readLine);
                    if (split != null && split.length >= 2 && !split[0].startsWith("#")) {
                        HashedUser hashedUser = new HashedUser(split);
                        _logger.info("Created user:" + hashedUser);
                        this._users.put(hashedUser.getName(), hashedUser);
                    }
                }
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                throw th;
            }
        } finally {
            this._userUpdate.unlock();
        }
    }

    private void savePasswordFile() throws IOException {
        File file;
        try {
            this._userUpdate.lock();
            BufferedReader bufferedReader = null;
            PrintStream printStream = null;
            Random random = new Random();
            do {
                file = new File(this._passwordFile.getPath() + random.nextInt() + ".tmp");
            } while (file.exists());
            file.deleteOnExit();
            try {
                try {
                    printStream = new PrintStream(file);
                    bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String[] split = this._regexp.split(readLine);
                        if (split == null || split.length < 2 || split[0].startsWith("#")) {
                            printStream.write(readLine.getBytes("utf-8"));
                            printStream.println();
                        } else {
                            HashedUser hashedUser = this._users.get(split[0]);
                            if (hashedUser == null) {
                                printStream.write(readLine.getBytes("utf-8"));
                                printStream.println();
                            } else if (!hashedUser.isDeleted()) {
                                if (hashedUser.isModified()) {
                                    try {
                                        byte[] encodedPassword = hashedUser.getEncodedPassword();
                                        printStream.write((hashedUser.getName() + Stomp.Headers.SEPERATOR).getBytes("utf-8"));
                                        printStream.write(encodedPassword);
                                        printStream.println();
                                        hashedUser.saved();
                                    } catch (Exception e) {
                                        _logger.warn("Unable to encode new password reverting to old password.");
                                        printStream.write(readLine.getBytes("utf-8"));
                                        printStream.println();
                                    }
                                } else {
                                    printStream.write(readLine.getBytes("utf-8"));
                                    printStream.println();
                                }
                            }
                        }
                    }
                    for (HashedUser hashedUser2 : this._users.values()) {
                        if (hashedUser2.isModified()) {
                            try {
                                byte[] encodedPassword2 = hashedUser2.getEncodedPassword();
                                printStream.write((hashedUser2.getName() + Stomp.Headers.SEPERATOR).getBytes("utf-8"));
                                printStream.write(encodedPassword2);
                                printStream.println();
                                hashedUser2.saved();
                            } catch (Exception e2) {
                                _logger.warn("Unable to get Encoded password for user'" + hashedUser2.getName() + "' password not saved");
                            }
                        }
                    }
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                    if (printStream != null) {
                        printStream.close();
                    }
                    File file2 = new File(this._passwordFile.getAbsoluteFile() + ".old");
                    if (file2.exists()) {
                        file2.delete();
                    }
                    if (!this._passwordFile.renameTo(file2)) {
                        _logger.error("Could not backup the existing password file");
                        throw new IOException("Could not backup the existing password file");
                    }
                    if (file.renameTo(this._passwordFile)) {
                        return;
                    }
                    if (file2.renameTo(this._passwordFile)) {
                        _logger.error("Could not rename the new password file into place");
                        throw new IOException("Could not rename the new password file into place");
                    }
                    _logger.error("Could not rename the new password file into place, and unable to restore original file");
                    throw new IOException("Could not rename the new password file into place, and unable to restore original file");
                } catch (IOException e3) {
                    _logger.error("Unable to create the new password file: " + e3);
                    throw new IOException("Unable to create the new password file" + e3);
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                if (printStream != null) {
                    printStream.close();
                }
                throw th;
            }
        } finally {
            this._userUpdate.unlock();
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public void reload() throws IOException {
        loadPasswordFile();
    }
}
