package org.finos.tracdap.common.auth.standard;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.DefaultHttpResponse;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Properties;
import org.finos.tracdap.common.auth.IAuthProvider;
import org.finos.tracdap.common.auth.UserInfo;
import org.finos.tracdap.common.config.CryptoHelpers;
import org.finos.tracdap.common.config.ISecretLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/finos/tracdap/common/auth/standard/BasicAuthProvider.class */
public class BasicAuthProvider implements IAuthProvider {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthProvider.class);
    private static final String BASIC_AUTH_PREFIX = "basic ";
    private static final String DISPLAY_NAME_ATTR = "displayName";
    private ISecretLoader userDb;

    public BasicAuthProvider(Properties properties) {
    }

    @Override // org.finos.tracdap.common.auth.IAuthProvider
    public boolean wantTracUsers() {
        return true;
    }

    @Override // org.finos.tracdap.common.auth.IAuthProvider
    public void setTracUsers(ISecretLoader iSecretLoader) {
        this.userDb = iSecretLoader;
    }

    @Override // org.finos.tracdap.common.auth.IAuthProvider
    public UserInfo newAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        log.info("AUTHENTICATION: Using basic authentication");
        DefaultHttpHeaders defaultHttpHeaders = new DefaultHttpHeaders();
        defaultHttpHeaders.add(HttpHeaderNames.WWW_AUTHENTICATE, "Basic realm=\"trac_auth_realm\", charset=\"UTF-8\"");
        channelHandlerContext.writeAndFlush(new DefaultHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.UNAUTHORIZED, defaultHttpHeaders));
        channelHandlerContext.close();
        return null;
    }

    @Override // org.finos.tracdap.common.auth.IAuthProvider
    public UserInfo translateAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, String str) {
        if (!str.substring(0, Math.min(BASIC_AUTH_PREFIX.length(), str.length())).equalsIgnoreCase(BASIC_AUTH_PREFIX)) {
            log.warn("Invalid authorization header, re-authorization required");
            return newAuth(channelHandlerContext, httpRequest);
        }
        String str2 = new String(Base64.getDecoder().decode(str.substring(BASIC_AUTH_PREFIX.length())), StandardCharsets.UTF_8);
        int indexOf = str2.indexOf(58);
        if (indexOf < 1) {
            log.warn("Invalid authorization header, re-authorization required");
            return newAuth(channelHandlerContext, httpRequest);
        }
        String substring = str2.substring(0, indexOf);
        return !checkPassword(substring, str2.substring(indexOf + 1)) ? newAuth(channelHandlerContext, httpRequest) : getUserInfo(substring);
    }

    private boolean checkPassword(String str, String str2) {
        if (!this.userDb.hasSecret(str)) {
            log.warn("AUTHENTICATION: Failed [{}] user not found", str);
            return false;
        }
        boolean validateSSHA512 = CryptoHelpers.validateSSHA512(this.userDb.loadPassword(str), str2);
        if (validateSSHA512) {
            log.info("AUTHENTICATION: Succeeded [{}]", str);
        } else {
            log.warn("AUTHENTICATION: Failed [{}] wrong password", str);
        }
        return validateSSHA512;
    }

    private UserInfo getUserInfo(String str) {
        String loadAttr = this.userDb.hasAttr(str, DISPLAY_NAME_ATTR) ? this.userDb.loadAttr(str, DISPLAY_NAME_ATTR) : str;
        UserInfo userInfo = new UserInfo();
        userInfo.setUserId(str);
        userInfo.setDisplayName(loadAttr);
        return userInfo;
    }
}
