package com.sun.sgs.impl.auth;

import com.sun.sgs.auth.Identity;
import com.sun.sgs.auth.IdentityAuthenticator;
import com.sun.sgs.auth.IdentityCredentials;
import com.sun.sgs.impl.kernel.StandardProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StreamTokenizer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Properties;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.CredentialException;

/* loaded from: input_file:com/sun/sgs/impl/auth/NamePasswordAuthenticator.class */
public class NamePasswordAuthenticator implements IdentityAuthenticator {
    public static final String PASSWORD_FILE_PROPERTY = "com.sun.sgs.impl.auth.NamePasswordAuthenticator.PasswordFile";
    public static final String DEFAULT_FILE_NAME = "passwords";
    private final HashMap<String, byte[]> passwordMap;
    private MessageDigest digest;

    public NamePasswordAuthenticator(Properties properties) throws IOException, NoSuchAlgorithmException {
        if (properties == null) {
            throw new NullPointerException("Null properties not allowed");
        }
        String property = properties.getProperty(PASSWORD_FILE_PROPERTY);
        if (property == null) {
            property = properties.getProperty(StandardProperties.APP_ROOT) + File.separator + DEFAULT_FILE_NAME;
        }
        StreamTokenizer streamTokenizer = new StreamTokenizer(new InputStreamReader(new FileInputStream(property)));
        streamTokenizer.eolIsSignificant(false);
        this.passwordMap = new HashMap<>();
        while (streamTokenizer.nextToken() != -1) {
            String str = streamTokenizer.sval;
            if (streamTokenizer.nextToken() == -1) {
                throw new IOException("Unexpected EOL at line " + streamTokenizer.lineno());
            }
            this.passwordMap.put(str, decodeBytes(streamTokenizer.sval.getBytes("UTF-8")));
        }
        this.digest = MessageDigest.getInstance("SHA-256");
    }

    public static byte[] decodeBytes(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length / 2];
        for (int i = 0; i < bArr2.length; i++) {
            int i2 = i * 2;
            bArr2[i] = (byte) (((bArr[i2] - 97) << 4) + (bArr[i2 + 1] - 97));
        }
        return bArr2;
    }

    public static byte[] encodeBytes(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i * 2;
            bArr2[i2] = (byte) (((bArr[i] & 240) >> 4) + 97);
            bArr2[i2 + 1] = (byte) ((bArr[i] & 15) + 97);
        }
        return bArr2;
    }

    public String[] getSupportedCredentialTypes() {
        return new String[]{NamePasswordCredentials.TYPE_IDENTIFIER};
    }

    public Identity authenticateIdentity(IdentityCredentials identityCredentials) throws AccountNotFoundException, CredentialException {
        byte[] digest;
        if (!(identityCredentials instanceof NamePasswordCredentials)) {
            throw new CredentialException("unsupported credentials");
        }
        NamePasswordCredentials namePasswordCredentials = (NamePasswordCredentials) identityCredentials;
        String name = namePasswordCredentials.getName();
        byte[] bArr = this.passwordMap.get(name);
        if (bArr == null) {
            throw new AccountNotFoundException("Unknown user: " + name);
        }
        synchronized (this.digest) {
            this.digest.reset();
            try {
                digest = this.digest.digest(new String(namePasswordCredentials.getPassword()).getBytes("UTF-8"));
            } catch (IOException e) {
                throw new CredentialException("Could not get password: " + e.getMessage());
            }
        }
        if (Arrays.equals(bArr, digest)) {
            return new IdentityImpl(name);
        }
        throw new CredentialException("Invalid credentials");
    }
}
