package com.mathworks.toolbox.distcomp.mjs.auth.modules;

import com.mathworks.toolbox.distcomp.mjs.auth.AllowedUserList;
import com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationFailedException;
import com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule;
import com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModuleConfig;
import com.mathworks.toolbox.distcomp.mjs.auth.CryptoException;
import com.mathworks.toolbox.distcomp.mjs.auth.CryptoModule;
import com.mathworks.toolbox.distcomp.mjs.auth.Erasable;
import com.mathworks.toolbox.distcomp.mjs.auth.InvalidAdminPasswordException;
import com.mathworks.toolbox.distcomp.mjs.auth.InvalidPasswordException;
import com.mathworks.toolbox.distcomp.mjs.auth.NoAuthorisedUserFoundException;
import com.mathworks.toolbox.distcomp.mjs.auth.NotAdminUserException;
import com.mathworks.toolbox.distcomp.mjs.auth.SecurityModuleProvider;
import com.mathworks.toolbox.distcomp.mjs.auth.UnknownUserException;
import com.mathworks.toolbox.distcomp.mjs.auth.UserCreationException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.AuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.ChainedAuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.CredentialCreationException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.CredentialRole;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.EncryptedUserCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.NontransferableCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.PlainCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.SaltedChainedAuthenticationToken;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.TransferableCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.UserCredentials;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.UserIdentity;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.CredentialProviderLocal;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.CredentialTransferException;
import com.mathworks.toolbox.distcomp.mjs.auth.credentials.store.NoCredentialsException;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialStorage;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialStorageErrorCode;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialStorageException;
import com.mathworks.toolbox.distcomp.mjs.storage.CredentialsNotFoundException;
import com.mathworks.toolbox.distcomp.mjs.storage.StorageException;
import com.mathworks.toolbox.distcomp.mjs.storage.StorageInitException;
import java.util.Collections;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleImpl.class */
abstract class AuthorisationModuleImpl implements AuthorisationModule {
    private static final byte[] SALT;
    private static final boolean STORE_ENCRYPTED = true;
    private final int fSecurityLevel;
    private final CryptoModuleProvider fTransferCryptoModule;
    private CryptoModule fStorageCryptoModule;
    private final CredentialStorage fCredentialStorage;
    private final UserIdentity fAdminUserIdentity;
    private final AllowedUserList fAllowedUsers;
    private UserIdentity fCachedUser;
    private CredentialProviderLocal fCachedProvider;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleImpl$CredentialDecryptionException.class */
    private static class CredentialDecryptionException extends CredentialStorageException {
        private static final long serialVersionUID = 1;

        CredentialDecryptionException(CryptoException cryptoException) {
            super(CredentialStorageErrorCode.CredentialDecryptionFailure, cryptoException, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/auth/modules/AuthorisationModuleImpl$CredentialEncryptionException.class */
    public static class CredentialEncryptionException extends CredentialStorageException {
        private static final long serialVersionUID = 1;

        CredentialEncryptionException(CryptoException cryptoException) {
            super(CredentialStorageErrorCode.CredentialEncryptionFailure, cryptoException, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorisationModuleImpl(AuthorisationModuleConfig authorisationModuleConfig) throws StorageInitException {
        this.fSecurityLevel = authorisationModuleConfig.getSecurityLevel();
        this.fTransferCryptoModule = authorisationModuleConfig.getTransferCryptoModule();
        this.fStorageCryptoModule = authorisationModuleConfig.getStorageCryptoModule();
        this.fCredentialStorage = authorisationModuleConfig.getStorageFactory().createCredentialStorage();
        this.fAdminUserIdentity = authorisationModuleConfig.getAdminUserIdentity();
        this.fAllowedUsers = authorisationModuleConfig.getAllowedUsers();
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public void checkCredentials(UserIdentity userIdentity, List<UserIdentity> list, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        list.add(this.fAdminUserIdentity);
        checkCredentialsOfUserAndAuthorisedUsers(userIdentity, list, credentialProviderLocal);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public void checkCredentialsAdminOnly(CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        try {
            checkUserCredentials(this.fAdminUserIdentity, credentialProviderLocal);
        } catch (InvalidPasswordException e) {
            throw new InvalidAdminPasswordException(this.fAdminUserIdentity, e);
        } catch (NoCredentialsException e2) {
            throw new NotAdminUserException(this.fAdminUserIdentity, e2);
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public void checkCredentialsUserOnly(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        checkCredentialsOfUserAndAuthorisedUsers(userIdentity, Collections.emptyList(), credentialProviderLocal);
    }

    private void checkCredentialsOfUserAndAuthorisedUsers(UserIdentity userIdentity, List<UserIdentity> list, CredentialProviderLocal credentialProviderLocal) throws NoAuthorisedUserFoundException, CredentialStorageException {
        try {
            checkUserCredentials(userIdentity, credentialProviderLocal);
        } catch (AuthorisationFailedException e) {
            NoAuthorisedUserFoundException noAuthorisedUserFoundException = new NoAuthorisedUserFoundException(userIdentity);
            noAuthorisedUserFoundException.put(userIdentity, e);
            for (UserIdentity userIdentity2 : list) {
                try {
                    checkUserCredentials(userIdentity2, credentialProviderLocal);
                    return;
                } catch (AuthorisationFailedException e2) {
                    noAuthorisedUserFoundException.put(userIdentity2, e2);
                }
            }
            throw noAuthorisedUserFoundException;
        }
    }

    private void checkUserCredentials(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        if (cachedSuccess(userIdentity, credentialProviderLocal)) {
            return;
        }
        try {
            checkTokens(retrieveUserAuthenticationToken(userIdentity), (VerifyUserCredentials) credentialProviderLocal.getCredentials(userIdentity, this.fTransferCryptoModule));
            cacheSuccess(userIdentity, credentialProviderLocal);
        } catch (CredentialsNotFoundException e) {
            throw new UnknownUserException(userIdentity, e);
        }
    }

    protected abstract void checkTokens(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken, VerifyUserCredentials verifyUserCredentials) throws InvalidPasswordException;

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public final UserCredentials getWorkerCredentials(UserIdentity userIdentity, boolean z) throws CredentialCreationException, CredentialStorageException, CredentialsNotFoundException {
        try {
            UserCredentials unpack = new EncryptedUserCredentials(userIdentity, this.fCredentialStorage.getAllCredentials(userIdentity)).unpack(SALT, this.fStorageCryptoModule.getDecryptor());
            if (z) {
                unpack.putCredentialsForRole(CredentialRole.AUTH_TOKEN, unpack.getCredentialsForRole(CredentialRole.WORKER_AUTH_TOKEN));
                unpack.removeCredentialsForRole(CredentialRole.WORKER_AUTH_TOKEN);
                unpack.removeCredentialsForRole(CredentialRole.JAVA_WORKER_AUTH_TOKEN);
            } else {
                unpack.putCredentialsForRole(CredentialRole.AUTH_TOKEN, unpack.getCredentialsForRole(CredentialRole.JAVA_WORKER_AUTH_TOKEN));
                unpack.removeCredentialsForRole(CredentialRole.WORKER_AUTH_TOKEN);
                unpack.removeCredentialsForRole(CredentialRole.JAVA_WORKER_AUTH_TOKEN);
            }
            return unpack;
        } catch (CryptoException e) {
            throw new CredentialDecryptionException(e);
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public boolean userExists(UserIdentity userIdentity) throws CredentialStorageException {
        try {
            this.fCredentialStorage.getCredentials(userIdentity, CredentialRole.AUTH_TOKEN);
            return true;
        } catch (CredentialsNotFoundException e) {
            return false;
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public final void addNewUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        if (userExists(userIdentity)) {
            return;
        }
        if (this.fAdminUserIdentity.equals(userIdentity) || !this.fAllowedUsers.isUserAllowed(userIdentity)) {
            throw new UserCreationException(userIdentity);
        }
        addUserToDatabase(retrieveUser(userIdentity, credentialProviderLocal));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NontransferableCredentials retrieveUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws CredentialTransferException, NoCredentialsException {
        return credentialProviderLocal.getCredentials(userIdentity, this.fTransferCryptoModule);
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public final void addAdminUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        if (userExists(userIdentity)) {
            return;
        }
        addUserToDatabase(retrieveAdminUser(userIdentity, credentialProviderLocal));
    }

    protected NontransferableCredentials retrieveAdminUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException {
        return credentialProviderLocal.getCredentials(userIdentity, this.fTransferCryptoModule);
    }

    private void addUserToDatabase(NontransferableCredentials nontransferableCredentials) throws CredentialCreationException, CredentialStorageException {
        try {
            this.fCredentialStorage.putMultipleCredentials(generateCredentialMapForUserCredentials(nontransferableCredentials));
        } finally {
            nontransferableCredentials.erase();
        }
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public void changeCredentialsOfExistingUser(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal, CredentialProviderLocal credentialProviderLocal2) throws AuthorisationFailedException, CredentialStorageException {
        if (!userExists(userIdentity)) {
            throw new UnknownUserException(userIdentity);
        }
        checkCredentialsOfUserAndAdmin(userIdentity, credentialProviderLocal);
        changePasswordInDatabase(retrieveUser(userIdentity, credentialProviderLocal2));
    }

    private void checkCredentialsOfUserAndAdmin(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) throws AuthorisationFailedException, CredentialStorageException {
        checkCredentialsOfUserAndAuthorisedUsers(userIdentity, Collections.singletonList(this.fAdminUserIdentity), credentialProviderLocal);
    }

    private void changePasswordInDatabase(NontransferableCredentials nontransferableCredentials) throws CredentialCreationException, CredentialTransferException, CredentialStorageException, NoCredentialsException {
        try {
            this.fCredentialStorage.updateMultipleCredentials(generateCredentialMapForUserCredentials(nontransferableCredentials));
        } finally {
            nontransferableCredentials.erase();
        }
    }

    private void addAuthenticationCredentials(Map<CredentialRole, TransferableCredentials> map, NontransferableCredentials nontransferableCredentials) throws CredentialCreationException {
        map.put(CredentialRole.AUTH_TOKEN, nontransferableCredentials.prepare(false, null, null));
    }

    private void addPasswordCredentials(Map<CredentialRole, TransferableCredentials> map, PlainCredentials plainCredentials) throws CredentialCreationException, CredentialEncryptionException {
        try {
            map.put(CredentialRole.PASSWORD, plainCredentials.prepare(true, SALT, this.fStorageCryptoModule.getEncryptor()));
        } catch (CryptoException e) {
            throw new CredentialEncryptionException(e);
        }
    }

    private void addJavaWorkerAuthenticationCredentials(Map<CredentialRole, TransferableCredentials> map, NontransferableCredentials nontransferableCredentials) throws CredentialCreationException {
        map.put(CredentialRole.JAVA_WORKER_AUTH_TOKEN, nontransferableCredentials.prepare(false, null, null));
    }

    private void addWorkerAuthenticationCredentials(Map<CredentialRole, TransferableCredentials> map, NontransferableCredentials nontransferableCredentials) throws CredentialCreationException {
        map.put(CredentialRole.WORKER_AUTH_TOKEN, nontransferableCredentials.prepare(false, null, null));
    }

    private Map<CredentialRole, TransferableCredentials> generateCredentialMapForUserCredentials(NontransferableCredentials nontransferableCredentials) throws CredentialCreationException, CredentialEncryptionException {
        SaltedChainedAuthenticationToken createDatabaseAuthenticationToken = createDatabaseAuthenticationToken((VerifyUserCredentials) nontransferableCredentials);
        EnumMap enumMap = new EnumMap(CredentialRole.class);
        addAuthenticationCredentials(enumMap, createDatabaseAuthenticationToken);
        if (SecurityModuleProvider.isRunAsUser(this.fSecurityLevel)) {
            Erasable password = ((RunAsUserCredentials) nontransferableCredentials).getPassword();
            if (!$assertionsDisabled && password == null) {
                throw new AssertionError("User system password not provided");
            }
            addPasswordCredentials(enumMap, new PlainCredentials(nontransferableCredentials.getUserIdentity(), password));
        }
        addWorkerAuthenticationCredentials(enumMap, createWorkerAuthenticationToken(createDatabaseAuthenticationToken));
        addJavaWorkerAuthenticationCredentials(enumMap, createJavaWorkerAuthenticationToken(createDatabaseAuthenticationToken));
        return enumMap;
    }

    protected abstract SaltedChainedAuthenticationToken createDatabaseAuthenticationToken(VerifyUserCredentials verifyUserCredentials);

    protected abstract ChainedAuthenticationToken createWorkerAuthenticationToken(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken);

    protected abstract AuthenticationToken createJavaWorkerAuthenticationToken(SaltedChainedAuthenticationToken saltedChainedAuthenticationToken);

    private SaltedChainedAuthenticationToken retrieveUserAuthenticationToken(UserIdentity userIdentity) throws CredentialCreationException, CredentialStorageException, CredentialsNotFoundException {
        return (SaltedChainedAuthenticationToken) this.fCredentialStorage.getCredentials(userIdentity, CredentialRole.AUTH_TOKEN).unpack(null, null);
    }

    private boolean cachedSuccess(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) {
        return userIdentity.equals(this.fCachedUser) && credentialProviderLocal.equals(this.fCachedProvider);
    }

    private void cacheSuccess(UserIdentity userIdentity, CredentialProviderLocal credentialProviderLocal) {
        this.fCachedUser = userIdentity;
        this.fCachedProvider = credentialProviderLocal;
    }

    @Override // com.mathworks.toolbox.distcomp.mjs.auth.AuthorisationModule
    public void close() throws StorageException {
        this.fCredentialStorage.close();
    }

    static {
        $assertionsDisabled = !AuthorisationModuleImpl.class.desiredAssertionStatus();
        SALT = new byte[0];
    }
}
