package org.apache.druid.security.basic.authentication;

import com.fasterxml.jackson.annotation.JacksonInject;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.EnumSet;
import java.util.Map;
import javax.annotation.Nullable;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.metadata.PasswordProvider;
import org.apache.druid.security.basic.BasicAuthDBConfig;
import org.apache.druid.security.basic.BasicAuthUtils;
import org.apache.druid.security.basic.BasicSecurityAuthenticationException;
import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
import org.apache.druid.security.basic.authentication.validator.CredentialsValidator;
import org.apache.druid.security.basic.authentication.validator.MetadataStoreCredentialsValidator;
import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Authenticator;

@JsonTypeName("basic")
/* loaded from: input_file:org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator.class */
public class BasicHTTPAuthenticator implements Authenticator {
    private static final Logger LOG = new Logger(BasicHTTPAuthenticator.class);
    private final String name;
    private final String authorizerName;
    private final BasicAuthDBConfig dbConfig;
    private final CredentialsValidator credentialsValidator;
    private final boolean skipOnFailure;

    /* loaded from: input_file:org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator$BasicHTTPAuthenticationFilter.class */
    public class BasicHTTPAuthenticationFilter implements Filter {
        public BasicHTTPAuthenticationFilter() {
        }

        public void init(FilterConfig filterConfig) {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String encodedUserSecretFromHttpReq = BasicAuthUtils.getEncodedUserSecretFromHttpReq((HttpServletRequest) servletRequest);
            if (encodedUserSecretFromHttpReq == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String decodeUserSecret = BasicAuthUtils.decodeUserSecret(encodedUserSecretFromHttpReq);
            if (decodeUserSecret == null) {
                httpServletResponse.sendError(401);
                return;
            }
            int indexOf = decodeUserSecret.indexOf(58);
            if (indexOf < 0) {
                httpServletResponse.sendError(401);
                return;
            }
            String substring = decodeUserSecret.substring(0, indexOf);
            try {
                AuthenticationResult validateCredentials = BasicHTTPAuthenticator.this.credentialsValidator.validateCredentials(BasicHTTPAuthenticator.this.name, BasicHTTPAuthenticator.this.authorizerName, substring, decodeUserSecret.substring(indexOf + 1).toCharArray());
                if (validateCredentials != null) {
                    servletRequest.setAttribute("Druid-Authentication-Result", validateCredentials);
                    filterChain.doFilter(servletRequest, servletResponse);
                } else if (BasicHTTPAuthenticator.this.skipOnFailure) {
                    BasicHTTPAuthenticator.LOG.info("Skipping failed authenticator %s ", new Object[]{BasicHTTPAuthenticator.this.name});
                    filterChain.doFilter(servletRequest, servletResponse);
                } else {
                    httpServletResponse.sendError(401);
                }
            } catch (BasicSecurityAuthenticationException e) {
                BasicHTTPAuthenticator.LOG.info("Exception authenticating user %s - %s", new Object[]{substring, e.getMessage()});
                httpServletResponse.sendError(401, "User authentication failed.");
            }
        }

        public void destroy() {
        }
    }

    @JsonCreator
    public BasicHTTPAuthenticator(@JacksonInject Provider<BasicAuthenticatorCacheManager> provider, @JsonProperty("name") String str, @JsonProperty("authorizerName") String str2, @JsonProperty("initialAdminPassword") PasswordProvider passwordProvider, @JsonProperty("initialInternalClientPassword") PasswordProvider passwordProvider2, @JsonProperty("enableCacheNotifications") Boolean bool, @JsonProperty("cacheNotificationTimeout") Long l, @JsonProperty("credentialIterations") Integer num, @JsonProperty("skipOnFailure") Boolean bool2, @JsonProperty("credentialsValidator") CredentialsValidator credentialsValidator) {
        this.name = str;
        this.authorizerName = str2;
        this.dbConfig = new BasicAuthDBConfig(passwordProvider, passwordProvider2, null, null, null, bool == null ? true : bool.booleanValue(), l == null ? BasicAuthDBConfig.DEFAULT_CACHE_NOTIFY_TIMEOUT_MS : l.longValue(), num == null ? BasicAuthUtils.DEFAULT_KEY_ITERATIONS : num.intValue());
        if (credentialsValidator == null) {
            this.credentialsValidator = new MetadataStoreCredentialsValidator(provider);
        } else {
            this.credentialsValidator = credentialsValidator;
        }
        this.skipOnFailure = bool2 == null ? false : bool2.booleanValue();
    }

    public Filter getFilter() {
        return new BasicHTTPAuthenticationFilter();
    }

    public String getAuthChallengeHeader() {
        return "Basic";
    }

    @Nullable
    public AuthenticationResult authenticateJDBCContext(Map<String, Object> map) {
        String str = (String) map.get("user");
        String str2 = (String) map.get("password");
        if (str == null || str2 == null) {
            return null;
        }
        return this.credentialsValidator.validateCredentials(this.name, this.authorizerName, str, str2.toCharArray());
    }

    public Class<? extends Filter> getFilterClass() {
        return BasicHTTPAuthenticationFilter.class;
    }

    public Map<String, String> getInitParameters() {
        return null;
    }

    public String getPath() {
        return "/*";
    }

    public EnumSet<DispatcherType> getDispatcherType() {
        return null;
    }

    public BasicAuthDBConfig getDbConfig() {
        return this.dbConfig;
    }
}
