package com.huawei.cdc.service.security.provider;

import com.huawei.cdc.service.security.exception.BasicAuthenticationException;
import com.huawei.cdc.service.util.KerberosLoginUtil;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:com/huawei/cdc/service/security/provider/FIKerberosAuthenticationProvider.class */
public class FIKerberosAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(FIKerberosAuthenticationProvider.class);
    private static final String KEYTAB_LOGIN_TEMP_FOLDER = System.getenv("BIGDATA_TMP") + "/temp/login";
    private static final String TMP_KEYTAB_FILE = "cdl-tmp.keytab";
    private static final String LOGIN_TYPE_KEYTAB = "keytab";
    private static final String LOGIN_TYPE_PWD = "password";
    private static final int PASSWORD_MAX_LENGTH = 64;
    private static final String USERNAME_AUTH_NULL = "The parameter username or authentication cannot be null.";
    private static final String KEYTAB_SAVE_ERROR_MSG = "Can not parse the keytab file from credential.";
    private static final String LOGIN_ERROR_MSG = "Login failed using {0}.";

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        LOG.info("New login user enter, username={}", str);
        if (null == str || null == usernamePasswordAuthenticationToken) {
            LOG.error(USERNAME_AUTH_NULL);
            throw new BasicAuthenticationException(USERNAME_AUTH_NULL);
        }
        String str2 = (String) usernamePasswordAuthenticationToken.getCredentials();
        if (str2.length() > PASSWORD_MAX_LENGTH) {
            try {
                if (!KerberosLoginUtil.loginFromKeytab(str, new File(str2).exists() ? str2 : getKeytabPath(str2))) {
                    String format = MessageFormat.format(LOGIN_ERROR_MSG, LOGIN_TYPE_KEYTAB);
                    this.logger.error(format);
                    throw new BasicAuthenticationException(format);
                }
            } catch (IOException e) {
                LOG.error(KEYTAB_SAVE_ERROR_MSG);
                throw new BasicAuthenticationException(KEYTAB_SAVE_ERROR_MSG);
            }
        } else if (!KerberosLoginUtil.loginFromPwd(str, str2)) {
            String format2 = MessageFormat.format(LOGIN_ERROR_MSG, "password");
            this.logger.error(format2);
            throw new BasicAuthenticationException(format2);
        }
        return new User(str, str2, new ArrayList());
    }

    private String getKeytabPath(String str) throws IOException {
        File file = new File(KEYTAB_LOGIN_TEMP_FOLDER);
        if (!file.exists() && !file.mkdirs()) {
            LOG.error("Create login path dir failed.");
        }
        String str2 = KEYTAB_LOGIN_TEMP_FOLDER + File.separator + TMP_KEYTAB_FILE;
        File file2 = new File(str2);
        if (file2.exists()) {
            LOG.info("Delete the exist file.");
            if (!file2.delete()) {
                LOG.error("Delete keytab file failed.");
            }
        }
        byte[] decode = Base64.getDecoder().decode(str);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str2);
            Throwable th = null;
            try {
                try {
                    fileOutputStream.write(decode);
                    LOG.info("Finish saving the keytab file for CDL UI.");
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            this.logger.error(e);
        }
        return str2;
    }
}
