package io.pravega.authplugin.basic;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.pravega.auth.AuthException;
import io.pravega.auth.AuthHandler;
import io.pravega.auth.AuthenticationException;
import io.pravega.auth.ServerConfig;
import io.pravega.shared.security.auth.UserPrincipal;
import io.pravega.shared.security.crypto.StrongPasswordProcessor;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.CompletionException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/authplugin/basic/PasswordAuthHandler.class */
public class PasswordAuthHandler implements AuthHandler {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger log = LoggerFactory.getLogger(PasswordAuthHandler.class);

    @VisibleForTesting
    private final ConcurrentHashMap<String, AccessControlList> aclsByUser;
    private final StrongPasswordProcessor encryptor;

    public PasswordAuthHandler() {
        this(new ConcurrentHashMap());
    }

    @VisibleForTesting
    PasswordAuthHandler(ConcurrentHashMap<String, AccessControlList> concurrentHashMap) {
        this.aclsByUser = concurrentHashMap;
        this.encryptor = StrongPasswordProcessor.builder().build();
    }

    private void loadPasswordFile(String str) {
        log.info("Loading {}", str);
        try {
            FileReader fileReader = new FileReader(str);
            try {
                BufferedReader bufferedReader = new BufferedReader(fileReader);
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (Strings.isNullOrEmpty(readLine)) {
                            bufferedReader.close();
                            fileReader.close();
                            return;
                        } else if (!readLine.startsWith("#")) {
                            processUserEntry(readLine, this.aclsByUser);
                        }
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw new CompletionException(e);
        }
    }

    @VisibleForTesting
    void processUserEntry(String str, ConcurrentHashMap<String, AccessControlList> concurrentHashMap) {
        String[] split = str.split(":", 3);
        if (split.length >= 2) {
            concurrentHashMap.put(split[0], new AccessControlList(split[1], parseAcl(split.length == 2 ? "" : split[2])));
        }
    }

    public String getHandlerName() {
        return "Basic";
    }

    public Principal authenticate(String str) throws AuthException {
        String[] parseToken = parseToken(str);
        String str2 = parseToken[0];
        char[] charArray = parseToken[1].toCharArray();
        try {
            try {
                if (!this.aclsByUser.containsKey(str2) || !this.encryptor.checkPassword(charArray, this.aclsByUser.get(str2).getEncryptedPassword())) {
                    throw new AuthenticationException("User authentication exception");
                }
                UserPrincipal userPrincipal = new UserPrincipal(str2);
                Arrays.fill(charArray, '0');
                return userPrincipal;
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                log.warn("Exception during password authentication", e);
                throw new AuthenticationException(e);
            }
        } catch (Throwable th) {
            Arrays.fill(charArray, '0');
            throw th;
        }
    }

    public AuthHandler.Permissions authorize(String str, Principal principal) {
        String name = principal.getName();
        if (Strings.isNullOrEmpty(name) || !this.aclsByUser.containsKey(name)) {
            throw new CompletionException((Throwable) new AuthenticationException(name));
        }
        return authorizeForUser(this.aclsByUser.get(name), str);
    }

    public void initialize(@NonNull ServerConfig serverConfig) {
        if (serverConfig == null) {
            throw new NullPointerException("config is marked non-null but is null");
        }
        initialize(serverConfig.toAuthHandlerProperties());
    }

    @VisibleForTesting
    void initialize(@NonNull Properties properties) {
        if (properties == null) {
            throw new NullPointerException("properties is marked non-null but is null");
        }
        String property = properties.getProperty("basic.authplugin.dbfile");
        if (property == null) {
            throw new RuntimeException("User account database config was absent");
        }
        initialize(property);
    }

    @VisibleForTesting
    public void initialize(String str) {
        loadPasswordFile(str);
    }

    private static String[] parseToken(String str) {
        String[] split = new String(Base64.getDecoder().decode(str), Charsets.UTF_8).split(":", 2);
        Preconditions.checkArgument(split.length == 2, "Invalid authorization token");
        return split;
    }

    private AuthHandler.Permissions authorizeForUser(AccessControlList accessControlList, String str) {
        return AclAuthorizer.instance().authorize(accessControlList, str);
    }

    @VisibleForTesting
    List<AccessControlEntry> parseAcl(String str) {
        return (str == null || str.trim().equals("")) ? new ArrayList() : (List) Arrays.stream(str.trim().split(";")).map(str2 -> {
            return AccessControlEntry.fromString(str2);
        }).collect(Collectors.toList());
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    ConcurrentHashMap<String, AccessControlList> getAclsByUser() {
        return this.aclsByUser;
    }
}
