package com.caucho.security;

import com.caucho.config.Admin;
import com.caucho.config.CauchoDeployment;
import com.caucho.config.Service;
import com.caucho.distcache.AbstractCache;
import com.caucho.distcache.ClusterByteStreamCache;
import com.caucho.distcache.ExtCacheEntry;
import com.caucho.util.Alarm;
import com.caucho.util.Base64;
import com.caucho.util.Crc64;
import com.caucho.util.L10N;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.enterprise.inject.Default;
import javax.inject.Named;

@CauchoDeployment
@Default
@Named("resin-admin-authenticator")
@Service
@Admin
/* loaded from: input_file:com/caucho/security/AdminAuthenticator.class */
public class AdminAuthenticator extends XmlAuthenticator {
    private static final Logger log = Logger.getLogger(AdminAuthenticator.class.getName());
    private static final L10N L = new L10N(AdminAuthenticator.class);
    private static final long UPDATE_CHECK_INTERVAL = 5000;
    private static final String ADMIN_AUTH_MAP_KEY = "resin-admin-authenticator-map";
    private String _remoteCookie;
    private boolean _isComplete;
    private AbstractCache _authStore;
    private Hashtable<String, PasswordUser> _userMap = new Hashtable<>();
    private long _lastCheck = -1;

    public final void initStore() {
        if (this._authStore != null) {
            return;
        }
        AbstractCache matchingCache = AbstractCache.getMatchingCache("resin:authenticator");
        if (matchingCache == null) {
            ClusterByteStreamCache clusterByteStreamCache = new ClusterByteStreamCache();
            clusterByteStreamCache.setIdleTimeoutMillis(4611686018427387000L);
            clusterByteStreamCache.setExpireTimeoutMillis(4611686018427387000L);
            clusterByteStreamCache.setName("resin:authenticator");
            clusterByteStreamCache.setScopeMode(AbstractCache.Scope.POD);
            clusterByteStreamCache.setBackup(true);
            clusterByteStreamCache.setTriplicate(true);
            matchingCache = clusterByteStreamCache.createIfAbsent();
        }
        this._authStore = matchingCache;
    }

    private synchronized void reloadFromStore() {
        Hashtable<String, PasswordUser> hashtable = (Hashtable) this._authStore.get(ADMIN_AUTH_MAP_KEY);
        if (hashtable != null) {
            this._userMap = hashtable;
        }
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "admin authenticator loaded " + hashtable);
        }
    }

    private synchronized void updateStore() {
        this._authStore.put(ADMIN_AUTH_MAP_KEY, this._userMap);
    }

    private boolean isModified() {
        ExtCacheEntry extCacheEntry;
        long currentTime = Alarm.getCurrentTime();
        long j = this._lastCheck;
        this._lastCheck = currentTime;
        if (j == -1) {
            return true;
        }
        return j + UPDATE_CHECK_INTERVAL <= currentTime && (extCacheEntry = (ExtCacheEntry) this._authStore.getCacheEntry(ADMIN_AUTH_MAP_KEY)) != null && extCacheEntry.getLastUpdateTime() > j;
    }

    public boolean isComplete() {
        return this._isComplete;
    }

    public void setComplete(boolean z) {
        this._isComplete = true;
    }

    public synchronized void addUser(String str, char[] cArr, String[] strArr) {
        if (isModified()) {
            reloadFromStore();
        }
        if (super.getUserMap().containsKey(str)) {
            throw new IllegalArgumentException(L.l("user `{0}' already exists", str));
        }
        if (this._userMap.containsKey(str)) {
            throw new IllegalArgumentException(L.l("user `{0}' already exists", str));
        }
        this._userMap.put(str, new PasswordUser(str, getPasswordDigest(str, cArr), strArr));
        updateStore();
    }

    public synchronized void removeUser(String str) {
        if (isModified()) {
            reloadFromStore();
        }
        if (super.getUserMap().containsKey(str)) {
            throw new IllegalArgumentException(L.l("can not delete user `{0}'", str));
        }
        if (!this._userMap.containsKey(str)) {
            throw new IllegalArgumentException(L.l("unknown user `{0}'", str));
        }
        this._userMap.remove(str);
        updateStore();
    }

    @Override // com.caucho.security.XmlAuthenticator
    public synchronized Hashtable<String, PasswordUser> getUserMap() {
        if (isModified()) {
            reloadFromStore();
        }
        Hashtable<String, PasswordUser> hashtable = new Hashtable<>();
        hashtable.putAll(super.getUserMap());
        hashtable.putAll(this._userMap);
        return hashtable;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.caucho.security.XmlAuthenticator, com.caucho.security.AbstractAuthenticator
    public PasswordUser getPasswordUser(String str) {
        PasswordUser passwordUser;
        if ("admin.resin".equals(str)) {
            String hash = getHash();
            com.caucho.server.security.PasswordDigest passwordDigest = getPasswordDigest();
            if (passwordDigest != null) {
                hash = passwordDigest.getPasswordDigest(str, hash);
            }
            return new PasswordUser(str, hash);
        }
        PasswordUser passwordUser2 = super.getPasswordUser(str);
        if (passwordUser2 != null) {
            return passwordUser2;
        }
        synchronized (this) {
            if (isModified()) {
                reloadFromStore();
            }
            passwordUser = this._userMap.get(str);
        }
        return passwordUser;
    }

    public String getHash() {
        if (this._remoteCookie == null) {
            long j = 0;
            for (PasswordUser passwordUser : getUserMap().values()) {
                if (!passwordUser.isDisabled()) {
                    j = Crc64.generate(Crc64.generate(Crc64.generate(j, passwordUser.getPrincipal().getName()), ":"), new String(passwordUser.getPassword()));
                }
            }
            if (j != 0) {
                StringBuilder sb = new StringBuilder();
                Base64.encode(sb, j);
                this._remoteCookie = sb.toString();
            }
        }
        return this._remoteCookie;
    }

    @Override // com.caucho.security.XmlAuthenticator
    public String getDefaultGroup() {
        return "resin-admin";
    }
}
