package com.huawei.dap.blu.common.auth;

import com.huawei.dap.blu.common.exception.AuthException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/dap/blu/common/auth/Krb5AuthHandler.class */
public class Krb5AuthHandler {
    public static final String AUTH_USERNAME_KEY = "auth_username";
    public static final String AUTH_PASSWORD_KEY = "auth_password";
    public static final String EXKRB5_LOGINMODULE = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String KERBEROS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String PWD_CONFIG_NAME = "use_passwd";
    public static final String APP_CONFIG_NAME = "com.sun.security.auth.module.Krb5LoginModule";
    public static final String TYPE = "kerberos";
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String NEGOTIATE = "Negotiate";
    private static Logger logger = LoggerFactory.getLogger(Krb5AuthHandler.class);
    public static final String KRB5_CONF_PATH = System.getenv("KRB5_CONF_PATH");
    private static long validityMills = Long.MIN_VALUE;
    private static ConcurrentHashMap<String, AuthInfo> userPasswordMap = new ConcurrentHashMap<>();
    private static ConcurrentHashMap<String, Lock> userLockMap = new ConcurrentHashMap<>();
    private static final Map<String, String> basicJaasConfigMap = new HashMap();
    private static final int DEFAULT_ITERATE_TIMES = 1000;
    private static final Sha384Crypter CRYPTER = new Sha384Crypter(DEFAULT_ITERATE_TIMES);

    /* loaded from: input_file:com/huawei/dap/blu/common/auth/Krb5AuthHandler$AuthInfo.class */
    public static class AuthInfo {
        private String hashValue;
        private long lastUpdateTime;

        public AuthInfo(String str) {
            this.hashValue = null;
            this.lastUpdateTime = Long.MIN_VALUE;
            this.hashValue = calHashValue(str);
            this.lastUpdateTime = System.currentTimeMillis();
        }

        private boolean isExpired() {
            return System.currentTimeMillis() - this.lastUpdateTime > Krb5AuthHandler.validityMills;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean vertifyAuthInfo(String str, String str2) throws AuthException {
            AuthInfo authInfo = (AuthInfo) Krb5AuthHandler.userPasswordMap.get(str);
            if (authInfo == null || authInfo.isExpired() || authInfo.hashValue == null) {
                return false;
            }
            return Krb5AuthHandler.CRYPTER.validate(str2, authInfo.hashValue);
        }

        private static String calHashValue(String str) {
            try {
                return Krb5AuthHandler.CRYPTER.encrypt(str);
            } catch (Exception e) {
                Krb5AuthHandler.logger.error("Exception catched when calculating the hash: " + e.getMessage());
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/huawei/dap/blu/common/auth/Krb5AuthHandler$LoginConfigurationPwd.class */
    public static class LoginConfigurationPwd extends Configuration {
        private static final Map<String, String> PWD_KERBEROS_OPTIONS = new HashMap();
        private static final AppConfigurationEntry PWD_KERBEROS_LOGIN;
        private static final AppConfigurationEntry[] SIMPLE_CONF;

        private LoginConfigurationPwd() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return Krb5AuthHandler.PWD_CONFIG_NAME.equals(str) ? SIMPLE_CONF : new AppConfigurationEntry[0];
        }

        static {
            PWD_KERBEROS_OPTIONS.put("useKeyTab", "true");
            PWD_KERBEROS_OPTIONS.put("storeKey", "true");
            PWD_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
            PWD_KERBEROS_OPTIONS.putAll(Krb5AuthHandler.basicJaasConfigMap);
            PWD_KERBEROS_OPTIONS.put("useTicketCache", "false");
            PWD_KERBEROS_OPTIONS.put("krb5ConfFileName", Krb5AuthHandler.KRB5_CONF_PATH);
            PWD_KERBEROS_LOGIN = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, PWD_KERBEROS_OPTIONS);
            SIMPLE_CONF = new AppConfigurationEntry[]{PWD_KERBEROS_LOGIN};
        }
    }

    public void init(int i) {
        validityMills = i * 1000;
    }

    public void destroy() {
    }

    public String getType() {
        return TYPE;
    }

    public void authenticate(HttpServletRequest httpServletRequest) throws AuthException {
        if (httpServletRequest == null) {
            throw new AuthException("request can't be null!");
        }
        String header = httpServletRequest.getHeader(AUTH_USERNAME_KEY);
        String header2 = httpServletRequest.getHeader(AUTH_PASSWORD_KEY);
        if (StringUtils.isEmpty(header) || StringUtils.isEmpty(header2)) {
            throw new AuthException("userName and password can't be empty!");
        }
        if (AuthInfo.vertifyAuthInfo(header, header2)) {
            return;
        }
        userLockMap.putIfAbsent(header, new ReentrantLock());
        Lock lock = userLockMap.get(header);
        try {
            lock.lock();
            if (!AuthInfo.vertifyAuthInfo(header, header2)) {
                krb5Login(header, header2);
                updateAuthInfo(header, header2);
            }
        } finally {
            lock.unlock();
        }
    }

    private void updateAuthInfo(String str, String str2) {
        userPasswordMap.put(str, new AuthInfo(str2));
        logger.debug("update authInfo for user: " + str);
    }

    private LoginContext krb5Login(String str, String str2) throws AuthException {
        if (null == str || null == str2) {
            return null;
        }
        LoginConfigurationPwd loginConfigurationPwd = new LoginConfigurationPwd();
        try {
            logger.debug("User account login with password. User is " + str);
            return doLogin(PWD_CONFIG_NAME, getUsernamePasswordHandler(str, str2), loginConfigurationPwd);
        } catch (LoginException e) {
            logger.error("Login failed.", e);
            throw new AuthException("login failed, username used:" + str);
        }
    }

    private static CallbackHandler getUsernamePasswordHandler(final String str, final String str2) {
        return new CallbackHandler() { // from class: com.huawei.dap.blu.common.auth.Krb5AuthHandler.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str);
                    } else if (callbackArr[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
                    } else {
                        Krb5AuthHandler.logger.error("Unsupported Callback: " + callbackArr[i].getClass().getName());
                    }
                }
            }
        };
    }

    private static LoginContext doLogin(String str, CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        LoginContext loginContext = new LoginContext(str, new Subject(), callbackHandler, configuration);
        loginContext.login();
        return loginContext;
    }

    static {
        String str = System.getenv("HADOOP_JAAS_DEBUG");
        if (str == null || !"true".equalsIgnoreCase(str)) {
            return;
        }
        basicJaasConfigMap.put("debug", "true");
    }
}
