package com.couchbase.client.core.env;

import com.couchbase.client.core.annotation.Stability;
import com.couchbase.client.core.deps.io.grpc.Metadata;
import com.couchbase.client.core.deps.io.netty.channel.ChannelHandler;
import com.couchbase.client.core.deps.io.netty.channel.ChannelPipeline;
import com.couchbase.client.core.deps.io.netty.handler.codec.http.HttpHeaderNames;
import com.couchbase.client.core.deps.io.netty.handler.codec.http.HttpRequest;
import com.couchbase.client.core.endpoint.EndpointContext;
import com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler;
import com.couchbase.client.core.io.netty.kv.SaslListMechanismsHandler;
import com.couchbase.client.core.io.netty.kv.sasl.SaslHelper;
import com.couchbase.client.core.service.ServiceType;
import com.couchbase.client.core.util.CbCollections;
import com.couchbase.client.core.util.Validators;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.EnumSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;

/* loaded from: input_file:com/couchbase/client/core/env/PasswordAuthenticator.class */
public class PasswordAuthenticator implements Authenticator {
    private static final Set<SaslMechanism> DEFAULT_SASL_MECHANISMS = EnumSet.of(SaslMechanism.SCRAM_SHA512, SaslMechanism.SCRAM_SHA256, SaslMechanism.SCRAM_SHA1);
    private final Supplier<String> username;
    private final Supplier<String> password;
    private final Set<SaslMechanism> allowedSaslMechanisms;
    private final String cachedHttpAuthHeader;

    /* loaded from: input_file:com/couchbase/client/core/env/PasswordAuthenticator$Builder.class */
    public static class Builder {
        private Supplier<String> username;
        private Supplier<String> password;
        private Set<SaslMechanism> allowedSaslMechanisms = PasswordAuthenticator.DEFAULT_SASL_MECHANISMS;
        private Supplier<Boolean> platformHasSaslPlain = SaslHelper::platformHasSaslPlain;

        public Builder username(String str) {
            Validators.notNullOrEmpty(str, "Username");
            return username(new OwnedSupplier(str));
        }

        public Builder username(Supplier<String> supplier) {
            Validators.notNull(supplier, "Username");
            this.username = supplier;
            return this;
        }

        public Builder password(String str) {
            Validators.notNullOrEmpty(str, "Password");
            return password(new OwnedSupplier(str));
        }

        public Builder password(Supplier<String> supplier) {
            Validators.notNull(supplier, "Password");
            this.password = supplier;
            return this;
        }

        public Builder allowedSaslMechanisms(Set<SaslMechanism> set) {
            Validators.notNullOrEmpty((Set) set, "AllowedSaslMechanisms");
            if (set.equals(CbCollections.setOf(SaslMechanism.PLAIN)) && !this.platformHasSaslPlain.get().booleanValue()) {
                throw new RuntimeException("This JVM is running in a restricted mode that prevents using SASL PLAIN for authentication.");
            }
            this.allowedSaslMechanisms = set;
            return this;
        }

        public Builder enablePlainSaslMechanism() {
            return allowedSaslMechanisms(EnumSet.allOf(SaslMechanism.class));
        }

        public Builder onlyEnablePlainSaslMechanism() {
            return allowedSaslMechanisms(EnumSet.of(SaslMechanism.PLAIN));
        }

        @Stability.Internal
        Builder setPlatformHasSaslPlain(Supplier<Boolean> supplier) {
            this.platformHasSaslPlain = (Supplier) Objects.requireNonNull(supplier);
            return this;
        }

        public PasswordAuthenticator build() {
            return new PasswordAuthenticator(this);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    public static PasswordAuthenticator create(String str, String str2) {
        return builder().username(str).password(str2).build();
    }

    public static PasswordAuthenticator ldapCompatible(String str, String str2) {
        return builder().username(str).password(str2).onlyEnablePlainSaslMechanism().build();
    }

    private PasswordAuthenticator(Builder builder) {
        this.username = (Supplier) Validators.notNull(builder.username, "username");
        this.password = (Supplier) Validators.notNull(builder.password, "password");
        this.allowedSaslMechanisms = (Set) Validators.notNull(builder.allowedSaslMechanisms, "allowedSaslMechanisms");
        if ((this.username instanceof OwnedSupplier) && (this.password instanceof OwnedSupplier)) {
            this.cachedHttpAuthHeader = encodeAuthHttpHeader();
        } else {
            this.cachedHttpAuthHeader = null;
        }
    }

    private String encodeAuthHttpHeader() {
        String str = this.password.get();
        return "Basic " + Base64.getEncoder().encodeToString((this.username.get() + ":" + (str == null ? "" : str)).getBytes(StandardCharsets.UTF_8));
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public void authKeyValueConnection(EndpointContext endpointContext, ChannelPipeline channelPipeline) {
        boolean z = endpointContext.environment().securityConfig().tlsEnabled() && SaslHelper.platformHasSaslPlain();
        channelPipeline.addLast(new SaslListMechanismsHandler(endpointContext));
        ChannelHandler[] channelHandlerArr = new ChannelHandler[1];
        channelHandlerArr[0] = new SaslAuthenticationHandler(endpointContext, this.username.get(), this.password.get(), z ? EnumSet.of(SaslMechanism.PLAIN) : this.allowedSaslMechanisms);
        channelPipeline.addLast(channelHandlerArr);
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public void authHttpRequest(ServiceType serviceType, HttpRequest httpRequest) {
        httpRequest.headers().add(HttpHeaderNames.AUTHORIZATION, this.cachedHttpAuthHeader != null ? this.cachedHttpAuthHeader : encodeAuthHttpHeader());
    }

    @Override // com.couchbase.client.core.env.Authenticator
    public void authProtostellarRequest(Metadata metadata) {
        metadata.put(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER), encodeAuthHttpHeader());
    }
}
