package com.huawei.bigdata.om.web.security;

import com.huawei.bigdata.om.acs.api.model.security.acs.Result;
import com.huawei.bigdata.om.acs.api.model.security.acs.auth.AuthenticationRequest;
import com.huawei.bigdata.om.common.utils.KerberosLoginModule;
import com.huawei.bigdata.om.web.constant.MonitorConstants;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.security.iam.IAMLoginUserDetailsService;
import com.huawei.bigdata.om.web.security.iam.UserDetailsService;
import com.huawei.bigdata.om.web.security.iam.constant.IAMException;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/huawei/bigdata/om/web/security/KerberosLoginUserDetailsService.class */
public class KerberosLoginUserDetailsService implements UserDetailsService {
    public static final int SUCCESS = 0;
    private static final int PASSWORD_MAX_LENGTH = 64;
    private static final Logger LOGGER = LoggerFactory.getLogger(KerberosLoginUserDetailsService.class);
    private static final String KEYTAB_LOGIN_TEMP_FOLDER = System.getenv("BIGDATA_MANAGER_DATA_HOME") + "/temp/keytabLogin";
    private static final String KEYTAB_PATH_FLAG = "\"keytabPath\"";
    private KerberosLoginModule kerberosLoginModule;
    private IAMLoginUserDetailsService iamLoginUserDetailsService;
    private AuthenticationRequest authUserRequest;
    private String methodUrl = null;
    private String acsurl = null;

    public boolean kerberosLogin(String str, String str2, String str3) {
        LOGGER.info("start to check authentication of username {}  with acs", str);
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_XML);
        this.acsurl = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url");
        LOGGER.info("Acs url is {}.", this.acsurl);
        this.methodUrl = "/authxml/doAuthentication";
        this.authUserRequest = new AuthenticationRequest();
        this.authUserRequest.setUserName(str);
        this.authUserRequest.setPassword(str2);
        this.authUserRequest.setKeytab(str3);
        try {
            if (((Result) restTemplate.exchange(this.acsurl + this.methodUrl, HttpMethod.POST, new HttpEntity(this.authUserRequest, httpHeaders), Result.class, new Object[0]).getBody()).getResultCode() != 0) {
                LOGGER.info("check authority error.");
                return false;
            }
            LOGGER.info("check authority success.");
            return true;
        } catch (Exception e) {
            LOGGER.error("check authority error.");
            return false;
        }
    }

    @Override // com.huawei.bigdata.om.web.security.iam.UserDetailsService
    public UserDetails loadUserByUsernamePassword(String str, String str2) throws IAMException {
        LOGGER.info("Load user detail. username={}", str);
        if (null == str || null == str2 || str.isEmpty() || str2.isEmpty()) {
            LOGGER.error(Resource.USERNAME_PASSWORD_NULL);
            throw new IAMException(Resource.USERNAME_PASSWORD_NULL);
        }
        String str3 = null;
        String str4 = null;
        if (str2.startsWith(KEYTAB_PATH_FLAG)) {
            str3 = str2.replace(KEYTAB_PATH_FLAG, "");
        } else if (str2.length() > PASSWORD_MAX_LENGTH) {
            try {
                str3 = getKeytabPath(str, str2);
            } catch (IOException e) {
                LOGGER.error(Resource.KEYTAB_SAVE_ERROR_MSG);
                throw new IAMException(Resource.KEYTAB_SAVE_ERROR_MSG);
            }
        } else {
            str4 = str2;
        }
        boolean kerberosLogin = kerberosLogin(str, str4, str3);
        if (!str2.startsWith(KEYTAB_PATH_FLAG) && str2.length() > PASSWORD_MAX_LENGTH) {
            deleteTmpFile(str3);
        }
        if (kerberosLogin) {
            return this.iamLoginUserDetailsService.loadUserByUsername(str);
        }
        LOGGER.error("Login failed. An error code is returned, and the username is {},loginResponseIntResultCode={}", str, MonitorConstants.NULL);
        throw new IAMException(Resource.LOGIN_FAILED_ERRORCODE_RETURNED + str + ".", MonitorConstants.NULL);
    }

    private void deleteTmpFile(String str) {
        File file = new File(str);
        if (file.exists()) {
            LOGGER.info("Delete the exist file.");
            if (file.delete()) {
                return;
            }
            LOGGER.error("Failed to delete {}.", file.getName());
        }
    }

    private String getKeytabPath(String str, String str2) throws IOException {
        File file = new File(KEYTAB_LOGIN_TEMP_FOLDER);
        if (!file.exists() && !file.mkdirs()) {
            LOGGER.error("Failed to mkdir for {}.", file.getName());
        }
        String str3 = KEYTAB_LOGIN_TEMP_FOLDER + File.separator + str + (String.valueOf(System.currentTimeMillis()) + new SecureRandom().nextInt(1000)) + ".keytab";
        File file2 = new File(str3);
        if (file2.exists()) {
            LOGGER.info("Delete the exist file.");
            if (!file2.delete()) {
                LOGGER.error("Failed to delete {}.", file2.getName());
            }
        }
        byte[] decode = Base64.getDecoder().decode(str2);
        FileOutputStream fileOutputStream = new FileOutputStream(str3);
        Throwable th = null;
        try {
            try {
                fileOutputStream.write(decode);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                LOGGER.info("Finish saving the keytab file.");
                return str3;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public KerberosLoginModule getKerberosLoginModule() {
        return this.kerberosLoginModule;
    }

    public void setKerberosLoginModule(KerberosLoginModule kerberosLoginModule) {
        this.kerberosLoginModule = kerberosLoginModule;
    }

    public IAMLoginUserDetailsService getIamLoginUserDetailsService() {
        return this.iamLoginUserDetailsService;
    }

    public void setIamLoginUserDetailsService(IAMLoginUserDetailsService iAMLoginUserDetailsService) {
        this.iamLoginUserDetailsService = iAMLoginUserDetailsService;
    }
}
