package com.mathworks.toolbox.distcomp.mjs.auth.modules;

import com.mathworks.resource_core.BaseMsgID;
import com.mathworks.resources.parallel.cluster.mjs;
import com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException;
import com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModuleConfig;
import com.mathworks.toolbox.distcomp.mjs.auth.CredentialsCheckerConfig;
import com.mathworks.toolbox.distcomp.mjs.auth.Erasable;
import com.mathworks.toolbox.distcomp.mjs.auth.InvalidPasswordException;
import com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule;
import com.mathworks.toolbox.distcomp.mjs.auth.SecurityModuleProvider;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.AuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.ChainedAuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.CredentialCreationException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.CredentialRole;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.CredentialVerificationException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.DigestAlgorithm;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.NontransferableCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.PlainCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.SaltedChainedAuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.SignedPlainCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.UserCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.UserIdentity;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.consumer.ChangePasswordReturn;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.consumer.CredentialConsumerConfig;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.consumer.CurrentTokenReturn;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.consumer.NewPasswordReturn;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.consumer.NoCredentialsEnteredException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.CredentialProviderLocal;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.CredentialStore;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.CredentialStoreFactory;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialStorageException;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialsNotFoundException;
import com.mathworks.toolbox.distcomp.mjs.storage.StorageException;
import com.mathworks.toolbox.distcomp.mjs.storage.StorageInitException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;

/* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleWithPasswordImpl.class */
public class AuthorisationModuleWithPasswordImpl extends AuthorisationModuleImpl {
    private static final SignatureModuleKeyPairImpl SIGNATURE_MODULE;
    private final boolean fRequiresSystemUser;
    private final boolean fIsRunAsUser;
    protected final CredentialConsumerConfig fConsumerConfig;
    private final CredentialsCheckerConfig fCheckerConfig;
    protected final CredentialStoreFactory fStoreFactory;
    private final int fFinalDigestSaltLength;
    private final DigestChainer fDigestChainer;
    private final List<DatabaseDigestAlgorithm> fDatabaseDigestAlgorithms;
    private final PasswordChecker fPasswordChecker;
    private final Map<UserIdentity, Long> fLastPasswordCheckTime;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleWithPasswordImpl$DeserializeClassNotFoundException.class */
    public static final class DeserializeClassNotFoundException extends CredentialVerificationException {
        private final BaseMsgID fBaseMsgID;

        private DeserializeClassNotFoundException(UserIdentity userIdentity, Throwable th) {
            super(userIdentity, th);
            this.fBaseMsgID = new mjs.DeserializeClassNotFound();
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledMessage() {
            return this.fBaseMsgID;
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledLocalizedMessage() {
            return this.fBaseMsgID;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleWithPasswordImpl$DeserializeIOException.class */
    public static final class DeserializeIOException extends CredentialVerificationException {
        private final BaseMsgID fBaseMsgID;

        private DeserializeIOException(UserIdentity userIdentity, Throwable th) {
            super(userIdentity, th);
            this.fBaseMsgID = new mjs.DeserializeIO();
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledMessage() {
            return this.fBaseMsgID;
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledLocalizedMessage() {
            return this.fBaseMsgID;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleWithPasswordImpl$NonSignedPlainCredentialsException.class */
    public static final class NonSignedPlainCredentialsException extends CredentialVerificationException {
        private final BaseMsgID fBaseMsgID;

        private NonSignedPlainCredentialsException(UserIdentity userIdentity) {
            super(userIdentity);
            this.fBaseMsgID = new mjs.NonSignedPlainCredentials();
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledMessage() {
            return this.fBaseMsgID;
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException
        protected BaseMsgID getFilledLocalizedMessage() {
            return this.fBaseMsgID;
        }
    }

    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleWithPasswordImpl$RemoteAMWithPasswordImpl.class */
    protected static class RemoteAMWithPasswordImpl extends RemoteAuthorisationModuleImpl {
        private static final long serialVersionUID = -2085164124220683458L;
        private final CredentialStoreFactory fStoreFactory;

        protected RemoteAMWithPasswordImpl(CredentialConsumerConfig credentialConsumerConfig, CredentialStoreFactory credentialStoreFactory) {
            super(credentialConsumerConfig);
            this.fStoreFactory = credentialStoreFactory;
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public CurrentTokenReturn promptForCurrentPassword(UserIdentity userIdentity, Throwable th) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            errorIfNotInteractive(userIdentity);
            return getConsumer(userIdentity).promptForCurrentPassword(userIdentity, th);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public NewPasswordReturn promptForNewPassword(UserIdentity userIdentity) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            return promptForNewPassword(userIdentity, null);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public NewPasswordReturn promptForNewPassword(UserIdentity userIdentity, Throwable th) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            errorIfNotInteractive(userIdentity);
            return getConsumer(userIdentity).promptForNewPassword(userIdentity, th);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public ChangePasswordReturn promptForChangePassword(UserIdentity userIdentity, UserIdentity userIdentity2) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            return promptForChangePassword(userIdentity, userIdentity2, null);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public ChangePasswordReturn promptForChangePassword(UserIdentity userIdentity, UserIdentity userIdentity2, Throwable th) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            errorIfNotInteractive(userIdentity);
            return getConsumer(userIdentity).promptForChangePassword(userIdentity, userIdentity2, th);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public CurrentTokenReturn promptForTemporaryUserSwitch(UserIdentity userIdentity) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            errorIfNotInteractive(userIdentity);
            return getConsumer(userIdentity).promptForTemporaryUserSwitch(userIdentity);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public UserIdentity promptForIdentity(UserIdentity userIdentity) throws DialogUnavailableException, NoCredentialsEnteredException, PasswordPromptDisabledException {
            errorIfNotInteractive(userIdentity);
            return getConsumer(userIdentity).promptForIdentity(userIdentity);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public final CredentialStore<AuthenticationToken> createCredentialStore(String str) {
            return this.fStoreFactory.createCredentialStore(str);
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.RemoteAuthorisationModule
        public RemoteAMWithPasswordImpl copy() {
            return new RemoteAMWithPasswordImpl(getConsumerConfig(), this.fStoreFactory);
        }
    }

    public AuthorisationModuleWithPasswordImpl(AuthorisationModuleConfig authorisationModuleConfig) throws StorageInitException {
        super(authorisationModuleConfig);
        this.fLastPasswordCheckTime = new ConcurrentHashMap();
        this.fRequiresSystemUser = authorisationModuleConfig.requiresSystemUser();
        this.fIsRunAsUser = SecurityModuleProvider.isRunAsUser(authorisationModuleConfig.getSecurityLevel());
        this.fConsumerConfig = authorisationModuleConfig.createCredentialConsumerConfig();
        this.fCheckerConfig = authorisationModuleConfig.getCredentialsCheckerConfig();
        this.fStoreFactory = authorisationModuleConfig.createCredentialStoreFactory();
        this.fDatabaseDigestAlgorithms = new ArrayList(authorisationModuleConfig.getDigestChain());
        this.fDatabaseDigestAlgorithms.add(authorisationModuleConfig.getDatabaseDigestAlgorithm());
        this.fFinalDigestSaltLength = authorisationModuleConfig.getDatabaseDigestSaltLength();
        this.fDigestChainer = new DigestChainer(this.fDatabaseDigestAlgorithms, (List) this.fDatabaseDigestAlgorithms.stream().map((v0) -> {
            return v0.createDatabaseDigest();
        }).collect(Collectors.toList()), new DigestCache());
        this.fPasswordChecker = this.fCheckerConfig.createPasswordChecker();
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public boolean requiresSystemUser() {
        return this.fRequiresSystemUser;
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public boolean verifiesSystemCredentials() {
        return this.fPasswordChecker != null;
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected void checkCredentials(PlainCredentials plainCredentials) throws InvalidPasswordException {
        if (this.fPasswordChecker != null) {
            UserIdentity userIdentity = plainCredentials.getUserIdentity();
            Long l = this.fLastPasswordCheckTime.get(userIdentity);
            if (l != null && l.longValue() < 0) {
                throw new InvalidPasswordException(userIdentity, true, true);
            }
            if (l == null || System.currentTimeMillis() - l.longValue() > this.fCheckerConfig.getTimeBetweenPasswordChecksMillis()) {
                try {
                    this.fPasswordChecker.checkPassword(userIdentity, plainCredentials.getPassword());
                    this.fLastPasswordCheckTime.put(userIdentity, Long.valueOf(System.currentTimeMillis()));
                } catch (InvalidPasswordException e) {
                    this.fLastPasswordCheckTime.put(userIdentity, -1L);
                    throw e;
                }
            }
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected void checkTokens(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken, VerifyUserCredentials verifyUserCredentials) throws InvalidPasswordException {
        if ((verifyUserCredentials instanceof AuthenticationToken) && verifyUserCredentials.equals(createJavaWorkerAuthenticationToken(saltedChainedAuthenticationToken))) {
            return;
        }
        SaltedChainedAuthenticationToken digest = verifyUserCredentials.digest(this.fDigestChainer, saltedChainedAuthenticationToken.getFinalChainSalt());
        if (digest == null || !saltedChainedAuthenticationToken.equals(digest)) {
            throw new InvalidPasswordException(verifyUserCredentials.getUserIdentity(), verifiesSystemCredentials(), false);
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public final UserCredentials getWorkerCredentials(UserIdentity userIdentity, boolean z) throws CredentialCreationException, CredentialStorageException, CredentialsNotFoundException {
        UserCredentials workerCredentials = super.getWorkerCredentials(userIdentity, z);
        if (!this.fIsRunAsUser) {
            workerCredentials.removeCredentialsForRole(CredentialRole.PASSWORD);
        }
        return workerCredentials;
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected SaltedChainedAuthenticationToken createDatabaseAuthenticationToken(VerifyUserCredentials verifyUserCredentials) {
        SaltedChainedAuthenticationToken digest = verifyUserCredentials.digest(this.fDigestChainer, CryptoModuleHelper.INSTANCE.createSalt(this.fFinalDigestSaltLength));
        if ($assertionsDisabled || digest != null) {
            return digest;
        }
        throw new AssertionError("Failed to create database authentication token from user provided token");
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected PlainCredentials createCredentialsWithCheck(VerifyUserCredentials verifyUserCredentials) throws InvalidPasswordException {
        if (!this.fRequiresSystemUser) {
            return null;
        }
        Erasable password = ((RunAsUserCredentials) verifyUserCredentials).getPassword();
        if (!$assertionsDisabled && password == null) {
            throw new AssertionError("User system password not provided");
        }
        if (this.fPasswordChecker != null) {
            this.fPasswordChecker.checkPassword(verifyUserCredentials.getUserIdentity(), password);
        }
        return new PlainCredentials(verifyUserCredentials.getUserIdentity(), password);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected ChainedAuthenticationToken createWorkerAuthenticationToken(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken) {
        return new ChainedAuthenticationToken(saltedChainedAuthenticationToken.getUserIdentity(), saltedChainedAuthenticationToken.getHashedBytes(), this.fDatabaseDigestAlgorithms);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected AuthenticationToken createJavaWorkerAuthenticationToken(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken) {
        return new AuthenticationToken(saltedChainedAuthenticationToken.getUserIdentity(), saltedChainedAuthenticationToken.getHashedBytes(), DigestAlgorithm.SHA1);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected NontransferableCredentials retrieveAdminUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException {
        NontransferableCredentials retrieveUser = retrieveUser(userIdentity, credentialProviderLocal);
        checkSignedPlainCredentials(retrieveUser);
        return retrieveUser;
    }

    private static void checkSignedPlainCredentials(NontransferableCredentials nontransferableCredentials) throws CredentialVerificationException {
        if (!(nontransferableCredentials instanceof SignedPlainCredentials)) {
            throw new NonSignedPlainCredentialsException(nontransferableCredentials.getUserIdentity());
        }
        try {
            ((SignedPlainCredentials) nontransferableCredentials).checkSignature(SignatureModuleKeyPairImpl.readPublicKeyFromProperties(), SIGNATURE_MODULE.getVerifier());
        } catch (IOException e) {
            throw new DeserializeIOException(nontransferableCredentials.getUserIdentity(), e);
        } catch (ClassNotFoundException e2) {
            throw new DeserializeClassNotFoundException(nontransferableCredentials.getUserIdentity(), e2);
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl
    protected void credentialsUpdated(UserIdentity userIdentity) {
        if (this.fPasswordChecker != null) {
            this.fLastPasswordCheckTime.put(userIdentity, Long.valueOf(System.currentTimeMillis()));
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public RemoteAuthorisationModule getRemoteAuthorisationModule() {
        return new RemoteAMWithPasswordImpl(this.fConsumerConfig.requiresSystemUser() ? new CredentialConsumerConfig(this.fConsumerConfig.getHasher(), this.fConsumerConfig.getAllowClientPasswordCache(), 3, this.fConsumerConfig.requiresSystemUser(), this.fConsumerConfig.verifiesSystemCredentials(), this.fConsumerConfig.getJobManagerName(), this.fConsumerConfig.getJobManagerHostname(), this.fConsumerConfig.getAdminUserIdentity()) : this.fConsumerConfig, this.fStoreFactory);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ void close() throws StorageException {
        super.close();
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ void changeCredentialsOfExistingUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal, CredentialProviderLocal credentialProviderLocal2) throws AuthorisationFailedException, CredentialStorageException {
        super.changeCredentialsOfExistingUser(userIdentity, credentialProviderLocal, credentialProviderLocal2);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ boolean userExistsAndIsValid(UserIdentity userIdentity) throws CredentialStorageException, CredentialCreationException {
        return super.userExistsAndIsValid(userIdentity);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ boolean userExists(UserIdentity userIdentity) throws CredentialStorageException {
        return super.userExists(userIdentity);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ void checkCredentialsUserOnly(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        super.checkCredentialsUserOnly(userIdentity, credentialProviderLocal);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ void checkCredentialsAdminOnly(CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        super.checkCredentialsAdminOnly(credentialProviderLocal);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.modules.AuthorisationModuleImpl, com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public /* bridge */ /* synthetic */ void checkCredentials(UserIdentity userIdentity, List list, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        super.checkCredentials(userIdentity, list, credentialProviderLocal);
    }

    static {
        $assertionsDisabled = !AuthorisationModuleWithPasswordImpl.class.desiredAssertionStatus();
        SIGNATURE_MODULE = new SignatureModuleKeyPairImpl();
    }
}
