package fathom.realm.htpasswd;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.typesafe.config.Config;
import fathom.authc.AuthenticationToken;
import fathom.authc.StandardCredentials;
import fathom.realm.Account;
import fathom.realm.MemoryRealm;
import fathom.utils.ClassUtil;
import fathom.utils.Util;
import java.io.File;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Scanner;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.Crypt;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fathom/realm/htpasswd/HtpasswdRealm.class */
public class HtpasswdRealm extends MemoryRealm {
    private static final Logger log = LoggerFactory.getLogger(HtpasswdRealm.class);
    private final Map<String, String> credentialsMap = new ConcurrentHashMap();
    private String file;
    private volatile File realmFile;
    private volatile long lastModified;
    private boolean isAllowClearTextPasswords;

    public boolean canAuthenticate(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof StandardCredentials;
    }

    public void setup(Config config) {
        super.setup(config);
        String lowerCase = System.getProperty("os.name").toLowerCase();
        if (lowerCase.startsWith("windows") || lowerCase.startsWith("netware")) {
            this.isAllowClearTextPasswords = true;
        } else {
            this.isAllowClearTextPasswords = false;
        }
        if (config.hasPath("allowClearPasswords")) {
            this.isAllowClearTextPasswords = config.getBoolean("allowClearPasswords");
        }
        this.file = config.getString("file");
        Preconditions.checkNotNull(this.file, "You must specify an htpasswd 'file'!");
        if (!this.file.startsWith("classpath:")) {
            setFile(new File(this.file));
            log.debug("Read {} standard credentials from '{}'", Integer.valueOf(this.credentialsMap.size()), this.file);
        } else {
            URL resource = ClassUtil.getResource(this.file.substring("classpath:".length()));
            this.credentialsMap.putAll(readCredentialsURL(resource));
            log.debug("Read {} standard credentials from '{}'", Integer.valueOf(this.credentialsMap.size()), resource);
        }
    }

    public void start() {
        log.debug("Realm '{}' configuration:", getRealmName());
        Util.logSetting(log, "file", this.file);
        Util.logSetting(log, "allowClearPasswords", Boolean.valueOf(this.isAllowClearTextPasswords));
    }

    public void stop() {
    }

    public boolean isAllowClearTextPasswords() {
        return this.isAllowClearTextPasswords;
    }

    public void setAllowClearTextPasswords(boolean z) {
        this.isAllowClearTextPasswords = z;
    }

    public synchronized void setFile(File file) {
        Preconditions.checkNotNull(file, "File is null!");
        Preconditions.checkArgument(file.exists(), "{} does not exist!", new Object[]{file});
        this.realmFile = file;
        readCredentialsFile();
    }

    public boolean hasAccount(String str) {
        return this.credentialsMap.containsKey(str);
    }

    public Account getAccount(String str) {
        Account account = super.getAccount(str);
        if (account == null) {
            account = addAccount(str, this.credentialsMap.get(str));
        }
        return account;
    }

    public Account authenticate(AuthenticationToken authenticationToken) {
        readCredentialsFile();
        return super.authenticate(authenticationToken);
    }

    protected boolean validatePassword(StandardCredentials standardCredentials, StandardCredentials standardCredentials2) {
        String password = standardCredentials2.getPassword();
        String username = standardCredentials.getUsername();
        String password2 = standardCredentials.getPassword();
        boolean z = false;
        if (password.startsWith("$apr1$")) {
            if (password.equals(Md5Crypt.apr1Crypt(password2, password))) {
                log.trace("Apache MD5 encoded password matched for user '{}'", username);
                z = true;
            }
        } else if (password.startsWith("{SHA}")) {
            if (password.substring("{SHA}".length()).equals(Base64.encodeBase64String(DigestUtils.sha1(password2)))) {
                log.trace("Unsalted SHA-1 encoded password matched for user '{}'", username);
                z = true;
            }
        } else if (!isAllowClearTextPasswords() && password.equals(Crypt.crypt(password2, password))) {
            log.trace("Libc crypt encoded password matched for user '{}'", username);
            z = true;
        } else if (isAllowClearTextPasswords() && password.equals(password2)) {
            log.trace("Clear text password matched for user '{}'", username);
            z = true;
        }
        return z;
    }

    protected synchronized void readCredentialsFile() {
        if (this.realmFile == null || !this.realmFile.exists() || this.realmFile.lastModified() == this.lastModified) {
            return;
        }
        this.lastModified = this.realmFile.lastModified();
        try {
            Map<String, String> readCredentialsURL = readCredentialsURL(this.realmFile.toURI().toURL());
            this.credentialsMap.clear();
            this.credentialsMap.putAll(readCredentialsURL);
        } catch (Exception e) {
            log.error("Failed to read {}", this.realmFile, e);
        }
    }

    protected Map<String, String> readCredentialsURL(URL url) {
        HashMap hashMap = new HashMap();
        Pattern compile = Pattern.compile("^([^:]+):(.+)");
        try {
            Scanner scanner = new Scanner(url.openStream(), StandardCharsets.UTF_8.name());
            Throwable th = null;
            while (scanner.hasNextLine()) {
                try {
                    try {
                        String trim = scanner.nextLine().trim();
                        if (!trim.isEmpty() && !trim.startsWith("#")) {
                            Matcher matcher = compile.matcher(trim);
                            if (matcher.matches()) {
                                String group = matcher.group(1);
                                String group2 = matcher.group(2);
                                if (Strings.isNullOrEmpty(group)) {
                                    log.warn("Skipping line because the username is blank!");
                                } else if (Strings.isNullOrEmpty(group2)) {
                                    log.warn("Skipping '{}' account because the password is blank!", group);
                                } else {
                                    hashMap.put(group.trim(), group2.trim());
                                }
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            }
            if (scanner != null) {
                if (0 != 0) {
                    try {
                        scanner.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    scanner.close();
                }
            }
        } catch (Exception e) {
            log.error("Failed to read {}", url, e);
        }
        return hashMap;
    }
}
