package org.neo4j.bolt.security.auth;

import java.io.IOException;
import java.util.Map;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.api.security.UserManagerSupplier;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;

/* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthentication.class */
public class BasicAuthentication implements Authentication {
    private final AuthManager authManager;
    private final UserManagerSupplier userManagerSupplier;

    public BasicAuthentication(AuthManager authManager, UserManagerSupplier userManagerSupplier) {
        this.authManager = authManager;
        this.userManagerSupplier = userManagerSupplier;
    }

    @Override // org.neo4j.bolt.security.auth.Authentication
    public AuthenticationResult authenticate(Map<String, Object> map) throws AuthenticationException {
        return map.containsKey(AuthToken.NEW_CREDENTIALS) ? update(map) : doAuthenticate(map);
    }

    private AuthenticationResult doAuthenticate(Map<String, Object> map) throws AuthenticationException {
        try {
            LoginContext login = this.authManager.login(map);
            switch (login.subject().getAuthenticationResult()) {
                case SUCCESS:
                case PASSWORD_CHANGE_REQUIRED:
                    return new BasicAuthenticationResult(login);
                case TOO_MANY_ATTEMPTS:
                    throw new AuthenticationException(Status.Security.AuthenticationRateLimit);
                default:
                    throw new AuthenticationException(Status.Security.Unauthorized);
            }
        } catch (InvalidAuthTokenException e) {
            throw new AuthenticationException(e.status(), e.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private AuthenticationResult update(Map<String, Object> map) throws AuthenticationException {
        try {
            byte[] bArr = (byte[]) AuthToken.safeCastCredentials(AuthToken.NEW_CREDENTIALS, map).clone();
            LoginContext login = this.authManager.login(map);
            switch (login.subject().getAuthenticationResult()) {
                case SUCCESS:
                case PASSWORD_CHANGE_REQUIRED:
                    this.userManagerSupplier.getUserManager(login.subject(), false).setUserPassword(AuthToken.safeCast(AuthToken.PRINCIPAL, map), bArr, false);
                    login.subject().setPasswordChangeNoLongerRequired();
                    return new BasicAuthenticationResult(login);
                default:
                    throw new AuthenticationException(Status.Security.Unauthorized);
            }
        } catch (IOException e) {
            throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
        } catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e2) {
            throw new AuthenticationException(((Status.HasStatus) e2).status(), e2.getMessage(), e2);
        }
    }
}
