package org.apache.ignite3.internal.security.authentication.basic;

import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.ignite3.internal.security.authentication.AuthenticationRequest;
import org.apache.ignite3.internal.security.authentication.Authenticator;
import org.apache.ignite3.internal.security.authentication.UserDetails;
import org.apache.ignite3.internal.security.authentication.UsernamePasswordRequest;
import org.apache.ignite3.security.exception.InvalidCredentialsException;
import org.apache.ignite3.security.exception.UnsupportedAuthenticationTypeException;
import org.gridgain.internal.rbac.password.PasswordEncoderRegistry;

/* loaded from: input_file:org/apache/ignite3/internal/security/authentication/basic/BasicAuthenticator.class */
public class BasicAuthenticator implements Authenticator {
    private static final PasswordEncoderRegistry PASSWORD_ENCODER_REGISTRY = PasswordEncoderRegistry.DEFAULT;
    private final String providerName;
    private final Map<String, BasicUser> users;

    public BasicAuthenticator(String str, List<BasicUser> list) {
        this.providerName = str;
        this.users = (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.name();
        }, Function.identity()));
    }

    @Override // org.apache.ignite3.internal.security.authentication.Authenticator
    public CompletableFuture<UserDetails> authenticateAsync(AuthenticationRequest<?, ?> authenticationRequest) {
        if (!(authenticationRequest instanceof UsernamePasswordRequest)) {
            throw new UnsupportedAuthenticationTypeException("Unsupported authentication type: " + authenticationRequest.getClass().getName());
        }
        String str = (String) authenticationRequest.getIdentity();
        String str2 = (String) authenticationRequest.getSecret();
        BasicUser basicUser = this.users.get(str.toLowerCase());
        if (basicUser == null || !PASSWORD_ENCODER_REGISTRY.passwordEncoder(basicUser.passwordEncoding()).match(str2, basicUser.password())) {
            throw new InvalidCredentialsException("Invalid credentials");
        }
        return CompletableFuture.completedFuture(new UserDetails(basicUser.displayName(), this.providerName, Set.of((Object[]) basicUser.roles())));
    }
}
