package io.pravega.controller.server.rpc.auth;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.sun.security.auth.UnixPrincipal;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.pravega.auth.AuthException;
import io.pravega.auth.AuthHandler;
import io.pravega.auth.AuthenticationException;
import io.pravega.auth.ServerConfig;
import io.pravega.controller.server.rpc.grpc.GRPCServerConfig;
import java.beans.ConstructorProperties;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.concurrent.CompletionException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/PasswordAuthHandler.class */
public class PasswordAuthHandler implements AuthHandler {

    @SuppressFBWarnings(justification = "generated code")
    private static final Logger log = LoggerFactory.getLogger(PasswordAuthHandler.class);
    private final ConcurrentHashMap<String, PravegaACls> userMap = new ConcurrentHashMap<>();
    private final StrongPasswordProcessor encryptor = StrongPasswordProcessor.builder().build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/pravega/controller/server/rpc/auth/PasswordAuthHandler$PravegaACls.class */
    public class PravegaACls {
        private final String encryptedPassword;
        private final List<PravegaAcl> acls;

        @SuppressFBWarnings(justification = "generated code")
        @ConstructorProperties({"encryptedPassword", "acls"})
        public PravegaACls(String str, List<PravegaAcl> list) {
            this.encryptedPassword = str;
            this.acls = list;
        }

        @SuppressFBWarnings(justification = "generated code")
        public String getEncryptedPassword() {
            return this.encryptedPassword;
        }

        @SuppressFBWarnings(justification = "generated code")
        public List<PravegaAcl> getAcls() {
            return this.acls;
        }

        @SuppressFBWarnings(justification = "generated code")
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof PravegaACls)) {
                return false;
            }
            PravegaACls pravegaACls = (PravegaACls) obj;
            if (!pravegaACls.canEqual(this)) {
                return false;
            }
            String encryptedPassword = getEncryptedPassword();
            String encryptedPassword2 = pravegaACls.getEncryptedPassword();
            if (encryptedPassword == null) {
                if (encryptedPassword2 != null) {
                    return false;
                }
            } else if (!encryptedPassword.equals(encryptedPassword2)) {
                return false;
            }
            List<PravegaAcl> acls = getAcls();
            List<PravegaAcl> acls2 = pravegaACls.getAcls();
            return acls == null ? acls2 == null : acls.equals(acls2);
        }

        @SuppressFBWarnings(justification = "generated code")
        protected boolean canEqual(Object obj) {
            return obj instanceof PravegaACls;
        }

        @SuppressFBWarnings(justification = "generated code")
        public int hashCode() {
            String encryptedPassword = getEncryptedPassword();
            int hashCode = (1 * 59) + (encryptedPassword == null ? 43 : encryptedPassword.hashCode());
            List<PravegaAcl> acls = getAcls();
            return (hashCode * 59) + (acls == null ? 43 : acls.hashCode());
        }

        @SuppressFBWarnings(justification = "generated code")
        public String toString() {
            return "PasswordAuthHandler.PravegaACls(encryptedPassword=" + getEncryptedPassword() + ", acls=" + getAcls() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/pravega/controller/server/rpc/auth/PasswordAuthHandler$PravegaAcl.class */
    public class PravegaAcl {
        private final String resource;
        private final AuthHandler.Permissions acl;

        @SuppressFBWarnings(justification = "generated code")
        @ConstructorProperties({"resource", "acl"})
        public PravegaAcl(String str, AuthHandler.Permissions permissions) {
            this.resource = str;
            this.acl = permissions;
        }

        @SuppressFBWarnings(justification = "generated code")
        public String getResource() {
            return this.resource;
        }

        @SuppressFBWarnings(justification = "generated code")
        public AuthHandler.Permissions getAcl() {
            return this.acl;
        }

        @SuppressFBWarnings(justification = "generated code")
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof PravegaAcl)) {
                return false;
            }
            PravegaAcl pravegaAcl = (PravegaAcl) obj;
            if (!pravegaAcl.canEqual(this)) {
                return false;
            }
            String resource = getResource();
            String resource2 = pravegaAcl.getResource();
            if (resource == null) {
                if (resource2 != null) {
                    return false;
                }
            } else if (!resource.equals(resource2)) {
                return false;
            }
            AuthHandler.Permissions acl = getAcl();
            AuthHandler.Permissions acl2 = pravegaAcl.getAcl();
            return acl == null ? acl2 == null : acl.equals(acl2);
        }

        @SuppressFBWarnings(justification = "generated code")
        protected boolean canEqual(Object obj) {
            return obj instanceof PravegaAcl;
        }

        @SuppressFBWarnings(justification = "generated code")
        public int hashCode() {
            String resource = getResource();
            int hashCode = (1 * 59) + (resource == null ? 43 : resource.hashCode());
            AuthHandler.Permissions acl = getAcl();
            return (hashCode * 59) + (acl == null ? 43 : acl.hashCode());
        }

        @SuppressFBWarnings(justification = "generated code")
        public String toString() {
            return "PasswordAuthHandler.PravegaAcl(resource=" + getResource() + ", acl=" + getAcl() + ")";
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00fa: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:70:0x00fa */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00fe: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:72:0x00fe */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.io.FileReader] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    private void loadPasswordFile(String str) {
        try {
            try {
                FileReader fileReader = new FileReader(str);
                Throwable th = null;
                BufferedReader bufferedReader = new BufferedReader(fileReader);
                Throwable th2 = null;
                while (true) {
                    try {
                        try {
                            String readLine = bufferedReader.readLine();
                            if (Strings.isNullOrEmpty(readLine)) {
                                break;
                            }
                            if (!readLine.startsWith("#")) {
                                String[] split = readLine.split(":");
                                if (split.length >= 2) {
                                    this.userMap.put(split[0], new PravegaACls(split[1], getAcls(split.length == 2 ? "" : split[2])));
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (bufferedReader != null) {
                            if (th2 != null) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th4) {
                                    th2.addSuppressed(th4);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        throw th3;
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        fileReader.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw new CompletionException(e);
        }
    }

    public String getHandlerName() {
        return "Basic";
    }

    public Principal authenticate(String str) throws AuthException {
        String[] parseToken = parseToken(str);
        String str2 = parseToken[0];
        String str3 = parseToken[1];
        try {
            if (this.userMap.containsKey(str2) && this.encryptor.checkPassword(str3, this.userMap.get(str2).encryptedPassword)) {
                return new UnixPrincipal(str2);
            }
            throw new AuthenticationException("User authentication exception");
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            log.warn("Excpetion during password authentication", e);
            throw new AuthenticationException(e);
        }
    }

    public AuthHandler.Permissions authorize(String str, Principal principal) {
        String name = principal.getName();
        if (Strings.isNullOrEmpty(name) || !this.userMap.containsKey(name)) {
            throw new CompletionException((Throwable) new AuthenticationException(name));
        }
        return authorizeForUser(this.userMap.get(name), str);
    }

    public void initialize(ServerConfig serverConfig) {
        loadPasswordFile(((GRPCServerConfig) serverConfig).getUserPasswordFile());
    }

    private static String[] parseToken(String str) {
        String[] split = new String(Base64.getDecoder().decode(str), Charsets.UTF_8).split(":", 2);
        Preconditions.checkArgument(split.length == 2, "Invalid authorization token");
        return split;
    }

    private AuthHandler.Permissions authorizeForUser(PravegaACls pravegaACls, String str) {
        AuthHandler.Permissions permissions = AuthHandler.Permissions.NONE;
        for (PravegaAcl pravegaAcl : pravegaACls.acls) {
            if (pravegaAcl.resource.equals(str) || ((pravegaAcl.resource.endsWith("/") && str.startsWith(pravegaAcl.resource)) || str.startsWith(pravegaAcl.resource + "/") || (pravegaAcl.resource.equals("*") && pravegaAcl.acl.ordinal() > permissions.ordinal()))) {
                permissions = pravegaAcl.acl;
            }
        }
        return permissions;
    }

    private List<PravegaAcl> getAcls(String str) {
        return (List) Arrays.stream(str.split(";")).map(str2 -> {
            String[] split = str2.split(",");
            if (split.length == 0) {
                return null;
            }
            return new PravegaAcl(split[0], AuthHandler.Permissions.valueOf(split.length >= 2 ? split[1] : "READ"));
        }).collect(Collectors.toList());
    }
}
