package org.apache.solr.security;

import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.atlas.ApplicationProperties;
import org.apache.commons.codec.binary.Base64;
import org.apache.p001sparkproject.com.google.common.collect.ImmutableSet;
import org.apache.solr.common.util.CommandOperation;
import org.apache.solr.common.util.Utils;
import org.apache.solr.common.util.ValidatingJsonMap;
import org.apache.solr.handler.admin.SecurityConfHandler;
import org.apache.solr.security.BasicAuthPlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/Sha256AuthenticationProvider.class */
public class Sha256AuthenticationProvider implements ConfigEditablePlugin, BasicAuthPlugin.AuthenticationProvider {
    private Map<String, String> credentials;
    private String realm;
    private Map<String, String> promptHeader;
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    static final Set<String> supported_ops = ImmutableSet.of("set-user", "delete-user");

    static void putUser(String str, String str2, Map map) {
        if (str == null || str2 == null) {
            return;
        }
        map.put(str, getSaltedHashedValue(str2));
    }

    public static String getSaltedHashedValue(String str) {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        String encodeBase64String = Base64.encodeBase64String(bArr);
        return sha256(str, encodeBase64String) + " " + encodeBase64String;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.solr.security.BasicAuthPlugin.AuthenticationProvider
    public void init(Map<String, Object> map) {
        if (map.get("realm") != null) {
            this.realm = (String) map.get("realm");
        } else {
            this.realm = ApplicationProperties.INDEX_BACKEND_SOLR;
        }
        this.promptHeader = Collections.unmodifiableMap(Collections.singletonMap("WWW-Authenticate", "Basic realm=\"" + this.realm + "\""));
        this.credentials = new LinkedHashMap();
        Map map2 = (Map) map.get("credentials");
        if (map2 == null) {
            log.debug("No users configured yet");
            return;
        }
        for (Map.Entry entry : map2.entrySet()) {
            String str = (String) entry.getValue();
            if (str == null) {
                log.warn("user has no password " + ((String) entry.getKey()));
            } else {
                this.credentials.put(entry.getKey(), str);
            }
        }
    }

    @Override // org.apache.solr.security.BasicAuthPlugin.AuthenticationProvider
    public boolean authenticate(String str, String str2) {
        String str3 = this.credentials.get(str);
        if (str3 == null || str3.isEmpty()) {
            return false;
        }
        String trim = str3.trim();
        String str4 = null;
        if (trim.contains(" ")) {
            String[] split = trim.split(" ");
            if (split.length > 1 && !split[1].isEmpty()) {
                str4 = split[1];
                trim = split[0];
            }
        }
        return trim.equals(sha256(str2, str4));
    }

    @Override // org.apache.solr.security.BasicAuthPlugin.AuthenticationProvider
    public Map<String, String> getPromptHeaders() {
        return this.promptHeader;
    }

    public static String sha256(String str, String str2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            if (str2 != null) {
                messageDigest.reset();
                messageDigest.update(Base64.decodeBase64(str2));
            }
            byte[] digest = messageDigest.digest(str.getBytes(StandardCharsets.UTF_8));
            messageDigest.reset();
            return Base64.encodeBase64String(messageDigest.digest(digest));
        } catch (NoSuchAlgorithmException e) {
            log.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.solr.security.ConfigEditablePlugin
    public Map<String, Object> edit(Map<String, Object> map, List<CommandOperation> list) {
        for (CommandOperation commandOperation : list) {
            if (!supported_ops.contains(commandOperation.name)) {
                commandOperation.unknownOperation();
                return null;
            }
            if (commandOperation.hasError()) {
                return null;
            }
            if ("delete-user".equals(commandOperation.name)) {
                List<String> strs = commandOperation.getStrs("");
                Map map2 = (Map) map.get("credentials");
                if (map2 == null || !map2.keySet().containsAll(strs)) {
                    commandOperation.addError("No such user(s) " + strs);
                    return null;
                }
                Iterator<String> it = strs.iterator();
                while (it.hasNext()) {
                    map2.remove(it.next());
                }
                return map;
            }
            if ("set-user".equals(commandOperation.name)) {
                Map<String, Object> mapValue = SecurityConfHandler.getMapValue(map, "credentials");
                for (Map.Entry<String, Object> entry : commandOperation.getDataMap().entrySet()) {
                    if (entry.getKey() == null || entry.getValue() == null) {
                        commandOperation.addError("name and password must be non-null");
                        return null;
                    }
                    putUser(String.valueOf(entry.getKey()), String.valueOf(entry.getValue()), mapValue);
                }
            }
        }
        return map;
    }

    @Override // org.apache.solr.common.SpecProvider
    public ValidatingJsonMap getSpec() {
        return Utils.getSpec("cluster.security.BasicAuth.Commands").getSpec();
    }
}
