package org.apache.druid.security.basic.authentication.validator;

import com.fasterxml.jackson.annotation.JacksonInject;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.google.inject.Provider;
import java.util.Arrays;
import java.util.Map;
import javax.annotation.Nullable;
import org.apache.druid.java.util.common.IAE;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.security.basic.BasicAuthUtils;
import org.apache.druid.security.basic.BasicSecurityAuthenticationException;
import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser;
import org.apache.druid.server.security.AuthenticationResult;

@JsonTypeName("metadata")
/* loaded from: input_file:org/apache/druid/security/basic/authentication/validator/MetadataStoreCredentialsValidator.class */
public class MetadataStoreCredentialsValidator implements CredentialsValidator {
    private static final Logger LOG = new Logger(MetadataStoreCredentialsValidator.class);
    private final Provider<BasicAuthenticatorCacheManager> cacheManager;

    @JsonCreator
    public MetadataStoreCredentialsValidator(@JacksonInject Provider<BasicAuthenticatorCacheManager> provider) {
        this.cacheManager = provider;
    }

    @Override // org.apache.druid.security.basic.authentication.validator.CredentialsValidator
    @Nullable
    public AuthenticationResult validateCredentials(String str, String str2, String str3, char[] cArr) {
        BasicAuthenticatorCredentials credentials;
        Map<String, BasicAuthenticatorUser> userMap = ((BasicAuthenticatorCacheManager) this.cacheManager.get()).getUserMap(str);
        if (userMap == null) {
            throw new IAE("No userMap is available for authenticator with prefix: [%s]", new Object[]{str});
        }
        BasicAuthenticatorUser basicAuthenticatorUser = userMap.get(str3);
        if (basicAuthenticatorUser == null || (credentials = basicAuthenticatorUser.getCredentials()) == null) {
            return null;
        }
        if (Arrays.equals(BasicAuthUtils.hashPassword(cArr, credentials.getSalt(), credentials.getIterations()), credentials.getHash())) {
            return new AuthenticationResult(str3, str2, str, (Map) null);
        }
        LOG.debug("Password incorrect for metadata store user %s", new Object[]{str3});
        throw new BasicSecurityAuthenticationException("Unauthorized", new Object[0]);
    }
}
