package com.couchbase.client.core.env;

import com.couchbase.client.core.annotation.Stability;
import com.couchbase.client.core.deps.io.grpc.CallCredentials;
import com.couchbase.client.core.deps.io.grpc.Metadata;
import com.couchbase.client.core.deps.io.grpc.Status;
import com.couchbase.client.core.deps.io.netty.channel.ChannelHandler;
import com.couchbase.client.core.deps.io.netty.channel.ChannelPipeline;
import com.couchbase.client.core.deps.io.netty.handler.codec.http.HttpHeaderNames;
import com.couchbase.client.core.deps.io.netty.handler.codec.http.HttpRequest;
import com.couchbase.client.core.endpoint.EndpointContext;
import com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler;
import com.couchbase.client.core.io.netty.kv.SaslListMechanismsHandler;
import com.couchbase.client.core.io.netty.kv.sasl.SaslHelper;
import com.couchbase.client.core.service.ServiceType;
import com.couchbase.client.core.util.CbCollections;
import com.couchbase.client.core.util.Validators;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.function.Supplier;
import reactor.util.annotation.Nullable;

/* loaded from: input_file:com/couchbase/client/core/env/PasswordAuthenticator.class */
public class PasswordAuthenticator implements Authenticator {
    private static final Set<SaslMechanism> DEFAULT_SASL_MECHANISMS = EnumSet.of(SaslMechanism.SCRAM_SHA512, SaslMechanism.SCRAM_SHA256, SaslMechanism.SCRAM_SHA1);
    private final Supplier<UsernameAndPassword> usernameAndPassword;
    private final Set<SaslMechanism> allowedSaslMechanisms;

    @Nullable
    private final String cachedHttpAuthHeader;

    /* loaded from: input_file:com/couchbase/client/core/env/PasswordAuthenticator$Builder.class */
    public static class Builder {
        private Supplier<String> username;
        private Supplier<String> password;
        private Set<SaslMechanism> allowedSaslMechanisms;
        private Supplier<Boolean> platformHasSaslPlain;
        private Supplier<UsernameAndPassword> usernameAndPassword;
        private boolean dynamicCredentials;

        private Builder(Supplier<UsernameAndPassword> supplier) {
            this.allowedSaslMechanisms = PasswordAuthenticator.DEFAULT_SASL_MECHANISMS;
            this.platformHasSaslPlain = SaslHelper::platformHasSaslPlain;
            this.usernameAndPassword = (Supplier) Objects.requireNonNull(supplier);
            this.dynamicCredentials = true;
        }

        private Builder(String str, String str2) {
            this.allowedSaslMechanisms = PasswordAuthenticator.DEFAULT_SASL_MECHANISMS;
            this.platformHasSaslPlain = SaslHelper::platformHasSaslPlain;
            UsernameAndPassword usernameAndPassword = new UsernameAndPassword(str, str2);
            this.usernameAndPassword = () -> {
                return usernameAndPassword;
            };
            this.dynamicCredentials = false;
        }

        @Deprecated
        public Builder() {
            this.allowedSaslMechanisms = PasswordAuthenticator.DEFAULT_SASL_MECHANISMS;
            this.platformHasSaslPlain = SaslHelper::platformHasSaslPlain;
        }

        @Deprecated
        public Builder username(String str) {
            requireDeprecatedConstructor();
            Validators.notNullOrEmpty(str, "Username");
            this.username = () -> {
                return str;
            };
            return this;
        }

        @Deprecated
        public Builder username(Supplier<String> supplier) {
            requireDeprecatedConstructor();
            Validators.notNull(supplier, "Username");
            this.username = supplier;
            this.dynamicCredentials = true;
            return this;
        }

        @Deprecated
        public Builder password(String str) {
            requireDeprecatedConstructor();
            Validators.notNullOrEmpty(str, "Password");
            this.password = () -> {
                return str;
            };
            return this;
        }

        @Deprecated
        public Builder password(Supplier<String> supplier) {
            requireDeprecatedConstructor();
            Validators.notNull(supplier, "Password");
            this.password = supplier;
            this.dynamicCredentials = true;
            return this;
        }

        public Builder allowedSaslMechanisms(Set<SaslMechanism> set) {
            Validators.notNullOrEmpty((Set) set, "AllowedSaslMechanisms");
            if (set.equals(CbCollections.setOf(SaslMechanism.PLAIN)) && !this.platformHasSaslPlain.get().booleanValue()) {
                throw new RuntimeException("This JVM is running in a restricted mode that prevents using SASL PLAIN for authentication.");
            }
            this.allowedSaslMechanisms = CbCollections.setCopyOf(set);
            return this;
        }

        public Builder enablePlainSaslMechanism() {
            return allowedSaslMechanisms(EnumSet.allOf(SaslMechanism.class));
        }

        public Builder onlyEnablePlainSaslMechanism() {
            return allowedSaslMechanisms(EnumSet.of(SaslMechanism.PLAIN));
        }

        @Stability.Internal
        Builder setPlatformHasSaslPlain(Supplier<Boolean> supplier) {
            this.platformHasSaslPlain = (Supplier) Objects.requireNonNull(supplier);
            return this;
        }

        public PasswordAuthenticator build() {
            return new PasswordAuthenticator(this);
        }

        private void requireDeprecatedConstructor() {
            if (this.usernameAndPassword != null) {
                throw new IllegalStateException("Username and password were specified when this builder was created, and cannot be changed.");
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Supplier<UsernameAndPassword> resolveUsernameAndPasswordSupplier() {
            if (this.usernameAndPassword != null) {
                return this.usernameAndPassword;
            }
            Validators.notNull(this.username, "Must specify username");
            Validators.notNull(this.password, "Must specify password");
            if (this.dynamicCredentials) {
                return () -> {
                    return new UsernameAndPassword(this.username.get(), this.password.get());
                };
            }
            UsernameAndPassword usernameAndPassword = new UsernameAndPassword(this.username.get(), this.password.get());
            return () -> {
                return usernameAndPassword;
            };
        }
    }

    @Deprecated
    public static Builder builder() {
        return new Builder();
    }

    public static Builder builder(String str, String str2) {
        return new Builder(str, str2);
    }

    public static Builder builder(Supplier<UsernameAndPassword> supplier) {
        return new Builder(supplier);
    }

    public static PasswordAuthenticator create(String str, String str2) {
        return builder(str, str2).build();
    }

    public static PasswordAuthenticator ldapCompatible(String str, String str2) {
        return builder(str, str2).onlyEnablePlainSaslMechanism().build();
    }

    private PasswordAuthenticator(Builder builder) {
        EnumSet noneOf = EnumSet.noneOf(SaslMechanism.class);
        noneOf.addAll(builder.allowedSaslMechanisms);
        this.allowedSaslMechanisms = Collections.unmodifiableSet(noneOf);
        this.usernameAndPassword = builder.resolveUsernameAndPasswordSupplier();
        this.cachedHttpAuthHeader = builder.dynamicCredentials ? null : encodeAuthHttpHeader(this.usernameAndPassword.get());
    }

    String getAuthHeaderValue() {
        return this.cachedHttpAuthHeader != null ? this.cachedHttpAuthHeader : encodeAuthHttpHeader(this.usernameAndPassword.get());
    }

    private static String encodeAuthHttpHeader(UsernameAndPassword usernameAndPassword) {
        return "Basic " + Base64.getEncoder().encodeToString((usernameAndPassword.username() + ":" + usernameAndPassword.password()).getBytes(StandardCharsets.UTF_8));
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public void authKeyValueConnection(EndpointContext endpointContext, ChannelPipeline channelPipeline) {
        boolean z = endpointContext.environment().securityConfig().tlsEnabled() && SaslHelper.platformHasSaslPlain();
        UsernameAndPassword usernameAndPassword = this.usernameAndPassword.get();
        channelPipeline.addLast(new SaslListMechanismsHandler(endpointContext));
        ChannelHandler[] channelHandlerArr = new ChannelHandler[1];
        channelHandlerArr[0] = new SaslAuthenticationHandler(endpointContext, usernameAndPassword.username(), usernameAndPassword.password(), z ? EnumSet.of(SaslMechanism.PLAIN) : this.allowedSaslMechanisms);
        channelPipeline.addLast(channelHandlerArr);
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public void authHttpRequest(ServiceType serviceType, HttpRequest httpRequest) {
        httpRequest.headers().add(HttpHeaderNames.AUTHORIZATION, getAuthHeaderValue());
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public CallCredentials protostellarCallCredentials() {
        return new CallCredentials() { // from class: com.couchbase.client.core.env.PasswordAuthenticator.1
            @Override // com.couchbase.client.core.deps.io.grpc.CallCredentials
            public void applyRequestMetadata(CallCredentials.RequestInfo requestInfo, Executor executor, CallCredentials.MetadataApplier metadataApplier) {
                executor.execute(() -> {
                    try {
                        Metadata metadata = new Metadata();
                        metadata.put(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER), PasswordAuthenticator.this.getAuthHeaderValue());
                        metadataApplier.apply(metadata);
                    } catch (Throwable th) {
                        metadataApplier.fail(Status.UNAUTHENTICATED.withCause(th));
                    }
                });
            }

            @Override // com.couchbase.client.core.deps.io.grpc.CallCredentials
            public void thisUsesUnstableApi() {
            }
        };
    }
}
