package org.apache.ignite.internal.security.authentication.basic;

import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ForkJoinPool;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.ignite.configuration.NamedListView;
import org.apache.ignite.configuration.validation.ValidationContext;
import org.apache.ignite.configuration.validation.ValidationIssue;
import org.apache.ignite.configuration.validation.Validator;
import org.gridgain.internal.rbac.password.PasswordEncoderRegistry;
import org.gridgain.internal.rbac.password.PasswordEncoding;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/ignite/internal/security/authentication/basic/UserPasswordEncodingValidatorImpl.class */
public class UserPasswordEncodingValidatorImpl implements Validator<UserPasswordEncodingValidator, NamedListView<? extends BasicUserView>> {
    public static final UserPasswordEncodingValidatorImpl INSTANCE = new UserPasswordEncodingValidatorImpl();
    private static final PasswordEncoderRegistry PASSWORD_ENCODER_REGISTRY = PasswordEncoderRegistry.createDefaultRegistry(ForkJoinPool.commonPool());

    public void validate(UserPasswordEncodingValidator userPasswordEncodingValidator, ValidationContext<NamedListView<? extends BasicUserView>> validationContext) {
        Map map = toMap((NamedListView) validationContext.getNewValue());
        Map map2 = toMap((NamedListView) validationContext.getOldValue());
        for (Map.Entry entry : map.entrySet()) {
            validateUserConfiguration(validationContext, (BasicUserView) entry.getValue(), (BasicUserView) map2.get(entry.getKey()));
        }
    }

    private static void validateUserConfiguration(ValidationContext<NamedListView<? extends BasicUserView>> validationContext, BasicUserView basicUserView, @Nullable BasicUserView basicUserView2) {
        if (basicUserView2 != null) {
            boolean equals = Objects.equals(basicUserView.passwordEncoding(), basicUserView2.passwordEncoding());
            boolean equals2 = Objects.equals(basicUserView.password(), basicUserView2.password());
            if (equals && equals2) {
                return;
            }
            if (equals2) {
                validationContext.addIssue(new ValidationIssue(validationContext.currentKey(), "Changing password encoding without changing the password is not supported."));
            }
        }
        if (isPasswordLooksLikeEncodedWithSpecificEncoding(basicUserView.password(), basicUserView.passwordEncoding())) {
            return;
        }
        validationContext.addIssue(new ValidationIssue(validationContext.currentKey(), "Specified user password is not encoded correctly."));
    }

    private static boolean isPasswordLooksLikeEncodedWithSpecificEncoding(String str, String str2) {
        return PASSWORD_ENCODER_REGISTRY.passwordEncoder(PasswordEncoding.valueOf(str2.toUpperCase())).isValidFormat(str);
    }

    private static <T> Map<String, T> toMap(@Nullable NamedListView<? extends T> namedListView) {
        if (namedListView == null) {
            return Collections.emptyMap();
        }
        Stream stream = namedListView.namedListKeys().stream();
        Function identity = Function.identity();
        Objects.requireNonNull(namedListView);
        return (Map) stream.collect(Collectors.toMap(identity, namedListView::get));
    }

    public /* bridge */ /* synthetic */ void validate(Annotation annotation, ValidationContext validationContext) {
        validate((UserPasswordEncodingValidator) annotation, (ValidationContext<NamedListView<? extends BasicUserView>>) validationContext);
    }
}
