package org.apache.qpid.server.security.auth.database;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
import org.apache.log4j.Logger;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.amqplain.AmqPlainInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser;

/* loaded from: input_file:org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.class */
public class PlainPasswordFilePrincipalDatabase implements PrincipalDatabase {
    public static final String DEFAULT_ENCODING = "utf-8";
    private static final Logger _logger = Logger.getLogger(PlainPasswordFilePrincipalDatabase.class);
    private File _passwordFile;
    private Pattern _regexp = Pattern.compile(":");
    private Map<String, PlainUser> _users = new HashMap();
    private ReentrantLock _userUpdate = new ReentrantLock();
    private Map<String, AuthenticationProviderInitialiser> _saslServers = new HashMap();

    public PlainPasswordFilePrincipalDatabase() {
        AmqPlainInitialiser amqPlainInitialiser = new AmqPlainInitialiser();
        amqPlainInitialiser.initialise(this);
        PlainInitialiser plainInitialiser = new PlainInitialiser();
        plainInitialiser.initialise(this);
        CRAMMD5Initialiser cRAMMD5Initialiser = new CRAMMD5Initialiser();
        cRAMMD5Initialiser.initialise(this);
        this._saslServers.put(amqPlainInitialiser.getMechanismName(), amqPlainInitialiser);
        this._saslServers.put(plainInitialiser.getMechanismName(), plainInitialiser);
        this._saslServers.put(cRAMMD5Initialiser.getMechanismName(), cRAMMD5Initialiser);
    }

    public void setPasswordFile(String str) throws IOException {
        File file = new File(str);
        _logger.info("PlainPasswordFile using file " + file.getAbsolutePath());
        this._passwordFile = file;
        if (!file.exists()) {
            throw new FileNotFoundException("Cannot find password file " + file);
        }
        if (!file.canRead()) {
            throw new FileNotFoundException("Cannot read password file " + file + ". Check permissions.");
        }
        loadPasswordFile();
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public void setPassword(Principal principal, PasswordCallback passwordCallback) throws AccountNotFoundException {
        if (this._passwordFile == null) {
            throw new AccountNotFoundException("Unable to locate principal since no password file was specified during initialisation");
        }
        if (principal == null) {
            throw new IllegalArgumentException("principal must not be null");
        }
        char[] lookupPassword = lookupPassword(principal.getName());
        if (lookupPassword == null) {
            throw new AccountNotFoundException("No account found for principal " + principal);
        }
        passwordCallback.setPassword(lookupPassword);
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean verifyPassword(String str, char[] cArr) throws AccountNotFoundException {
        char[] lookupPassword = lookupPassword(str);
        if (lookupPassword == null) {
            throw new AccountNotFoundException("Unable to lookup the specfied users password");
        }
        return compareCharArray(lookupPassword, cArr);
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean updatePassword(Principal principal, char[] cArr) throws AccountNotFoundException {
        PlainUser plainUser = this._users.get(principal.getName());
        if (plainUser == null) {
            throw new AccountNotFoundException(principal.getName());
        }
        char[] password = plainUser.getPassword();
        this._userUpdate.lock();
        try {
            try {
                plainUser.setPassword(cArr);
                savePasswordFile();
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                _logger.error("Unable to save password file due to '" + e.getMessage() + "', password change for user '" + principal + "' discarded");
                plainUser.setPassword(password);
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean createPrincipal(Principal principal, char[] cArr) {
        if (this._users.get(principal.getName()) != null) {
            return false;
        }
        PlainUser plainUser = new PlainUser(principal.getName(), cArr);
        try {
            this._userUpdate.lock();
            this._users.put(plainUser.getName(), plainUser);
            try {
                savePasswordFile();
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                this._users.remove(plainUser.getName());
                _logger.warn("Unable to create user '" + plainUser.getName());
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public boolean deletePrincipal(Principal principal) throws AccountNotFoundException {
        PlainUser plainUser = this._users.get(principal.getName());
        if (plainUser == null) {
            throw new AccountNotFoundException(principal.getName());
        }
        try {
            this._userUpdate.lock();
            plainUser.delete();
            try {
                savePasswordFile();
                this._users.remove(plainUser.getName());
                this._userUpdate.unlock();
                return true;
            } catch (IOException e) {
                _logger.error("Unable to remove user '" + plainUser.getName() + "' from password file.");
                this._userUpdate.unlock();
                return false;
            }
        } catch (Throwable th) {
            this._userUpdate.unlock();
            throw th;
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public Map<String, AuthenticationProviderInitialiser> getMechanisms() {
        return this._saslServers;
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public List<Principal> getUsers() {
        return new LinkedList(this._users.values());
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public Principal getUser(String str) {
        if (this._users.containsKey(str)) {
            return new UsernamePrincipal(str);
        }
        return null;
    }

    private boolean compareCharArray(char[] cArr, char[] cArr2) {
        boolean z = false;
        if (cArr.length == cArr2.length) {
            z = true;
            for (int i = 0; z && i < cArr.length; i++) {
                z = cArr[i] == cArr2[i];
            }
        }
        return z;
    }

    private char[] lookupPassword(String str) {
        PlainUser plainUser = this._users.get(str);
        if (plainUser == null) {
            return null;
        }
        return plainUser.getPassword();
    }

    private void loadPasswordFile() throws IOException {
        try {
            this._userUpdate.lock();
            this._users.clear();
            BufferedReader bufferedReader = null;
            try {
                bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String[] split = this._regexp.split(readLine);
                    if (split != null && split.length >= 2 && !split[0].startsWith("#")) {
                        PlainUser plainUser = new PlainUser(split);
                        _logger.info("Created user:" + plainUser);
                        this._users.put(plainUser.getName(), plainUser);
                    }
                }
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                throw th;
            }
        } finally {
            this._userUpdate.unlock();
        }
    }

    private void savePasswordFile() throws IOException {
        File file;
        try {
            this._userUpdate.lock();
            BufferedReader bufferedReader = null;
            PrintStream printStream = null;
            Random random = new Random();
            do {
                file = new File(this._passwordFile.getPath() + random.nextInt() + ".tmp");
            } while (file.exists());
            file.deleteOnExit();
            try {
                try {
                    printStream = new PrintStream(file);
                    bufferedReader = new BufferedReader(new FileReader(this._passwordFile));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String[] split = this._regexp.split(readLine);
                        if (split == null || split.length < 2 || split[0].startsWith("#")) {
                            printStream.write(readLine.getBytes("utf-8"));
                            printStream.println();
                        } else {
                            PlainUser plainUser = this._users.get(split[0]);
                            if (plainUser == null) {
                                printStream.write(readLine.getBytes("utf-8"));
                                printStream.println();
                            } else if (!plainUser.isDeleted()) {
                                if (plainUser.isModified()) {
                                    byte[] passwordBytes = plainUser.getPasswordBytes();
                                    printStream.write((plainUser.getName() + ":").getBytes("utf-8"));
                                    printStream.write(passwordBytes);
                                    printStream.println();
                                    plainUser.saved();
                                } else {
                                    printStream.write(readLine.getBytes("utf-8"));
                                    printStream.println();
                                }
                            }
                        }
                    }
                    for (PlainUser plainUser2 : this._users.values()) {
                        if (plainUser2.isModified()) {
                            byte[] passwordBytes2 = plainUser2.getPasswordBytes();
                            printStream.write((plainUser2.getName() + ":").getBytes("utf-8"));
                            printStream.write(passwordBytes2);
                            printStream.println();
                            plainUser2.saved();
                        }
                    }
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                    if (printStream != null) {
                        printStream.close();
                    }
                    File file2 = new File(this._passwordFile.getAbsoluteFile() + ".old");
                    if (file2.exists()) {
                        file2.delete();
                    }
                    if (!this._passwordFile.renameTo(file2)) {
                        _logger.error("Could not backup the existing password file");
                        throw new IOException("Could not backup the existing password file");
                    }
                    if (file.renameTo(this._passwordFile)) {
                        return;
                    }
                    if (file2.renameTo(this._passwordFile)) {
                        _logger.error("Could not rename the new password file into place");
                        throw new IOException("Could not rename the new password file into place");
                    }
                    _logger.error("Could not rename the new password file into place, and unable to restore original file");
                    throw new IOException("Could not rename the new password file into place, and unable to restore original file");
                } catch (IOException e) {
                    _logger.error("Unable to create the new password file: " + e);
                    throw new IOException("Unable to create the new password file" + e);
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                if (printStream != null) {
                    printStream.close();
                }
                throw th;
            }
        } finally {
            this._userUpdate.unlock();
        }
    }

    @Override // org.apache.qpid.server.security.auth.database.PrincipalDatabase
    public void reload() throws IOException {
        loadPasswordFile();
    }
}
