package org.opensearch.identity.shiro.realm;

import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.pam.UnsupportedTokenException;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.opensearch.identity.NamedPrincipal;

/* loaded from: input_file:org/opensearch/identity/shiro/realm/OpenSearchRealm.class */
public class OpenSearchRealm extends AuthenticatingRealm {
    private static final String DEFAULT_REALM_NAME = "internal";
    public static final OpenSearchRealm INSTANCE = new Builder(DEFAULT_REALM_NAME).build();
    private final String realmName;
    private Map<String, User> internalUsers;

    /* loaded from: input_file:org/opensearch/identity/shiro/realm/OpenSearchRealm$Builder.class */
    public static final class Builder {
        private final String name;

        public Builder(String str) {
            this.name = (String) Objects.requireNonNull(str);
        }

        public OpenSearchRealm build() {
            User user = new User();
            user.setUsername(new NamedPrincipal("admin"));
            user.setBcryptHash("$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG");
            return new OpenSearchRealm(this.name, Map.of("admin", user));
        }
    }

    private OpenSearchRealm(String str, Map<String, User> map) {
        super(new BCryptPasswordMatcher());
        this.realmName = str;
        this.internalUsers = map;
        setAuthenticationTokenClass(UsernamePasswordToken.class);
    }

    public User getInternalUser(String str) throws UnknownAccountException {
        User user = this.internalUsers.get(str);
        if (user == null) {
            throw new UnknownAccountException("Incorrect credentials");
        }
        return user;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            throw new UnsupportedTokenException("Unable to support authentication token " + ((String) Optional.ofNullable(authenticationToken).map((v0) -> {
                return v0.getClass();
            }).map((v0) -> {
                return v0.getName();
            }).orElse("null")));
        }
        User internalUser = getInternalUser(((UsernamePasswordToken) authenticationToken).getUsername());
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(internalUser.getUsername(), internalUser.getBcryptHash(), this.realmName);
        if (getCredentialsMatcher().doCredentialsMatch(authenticationToken, simpleAuthenticationInfo)) {
            return simpleAuthenticationInfo;
        }
        throw new IncorrectCredentialsException("Incorrect credentials");
    }
}
