package org.apache.druid.security.basic;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Predicate;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.apache.druid.java.util.common.ISE;
import org.apache.druid.java.util.common.RetryUtils;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser;
import org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping;
import org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole;
import org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser;
import org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap;
import org.apache.druid.security.basic.authorization.entity.UserAndRoleMap;

/* loaded from: input_file:org/apache/druid/security/basic/BasicAuthUtils.class */
public class BasicAuthUtils {
    public static final String ADMIN_NAME = "admin";
    public static final String ADMIN_GROUP_MAPPING_NAME = "adminGroupMapping";
    public static final String INTERNAL_USER_NAME = "druid_system";
    public static final String SEARCH_RESULT_CONTEXT_KEY = "searchResult";
    public static final int SALT_LENGTH = 32;
    public static final int DEFAULT_KEY_ITERATIONS = 10000;
    public static final int DEFAULT_CREDENTIAL_VERIFY_DURATION_SECONDS = 600;
    public static final int DEFAULT_CREDENTIAL_MAX_DURATION_SECONDS = 3600;
    public static final int DEFAULT_CREDENTIAL_CACHE_SIZE = 100;
    public static final int MAX_INIT_RETRIES = 2;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    public static final Predicate<Throwable> SHOULD_RETRY_INIT = th -> {
        return th instanceof BasicSecurityDBResourceException;
    };
    public static final TypeReference<Map<String, BasicAuthenticatorUser>> AUTHENTICATOR_USER_MAP_TYPE_REFERENCE = new TypeReference<Map<String, BasicAuthenticatorUser>>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.1
    };
    public static final TypeReference<Map<String, BasicAuthorizerUser>> AUTHORIZER_USER_MAP_TYPE_REFERENCE = new TypeReference<Map<String, BasicAuthorizerUser>>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.2
    };
    public static final TypeReference<Map<String, BasicAuthorizerGroupMapping>> AUTHORIZER_GROUP_MAPPING_MAP_TYPE_REFERENCE = new TypeReference<Map<String, BasicAuthorizerGroupMapping>>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.3
    };
    public static final TypeReference<Map<String, BasicAuthorizerRole>> AUTHORIZER_ROLE_MAP_TYPE_REFERENCE = new TypeReference<Map<String, BasicAuthorizerRole>>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.4
    };
    public static final TypeReference<UserAndRoleMap> AUTHORIZER_USER_AND_ROLE_MAP_TYPE_REFERENCE = new TypeReference<UserAndRoleMap>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.5
    };
    public static final TypeReference<GroupMappingAndRoleMap> AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE = new TypeReference<GroupMappingAndRoleMap>() { // from class: org.apache.druid.security.basic.BasicAuthUtils.6
    };

    public static byte[] generateSalt() {
        byte[] bArr = new byte[32];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    @Nullable
    public static String getEncodedUserSecretFromHttpReq(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.length() >= 7 && "Basic ".equals(header.substring(0, 6))) {
            return header.substring(6);
        }
        return null;
    }

    @Nullable
    public static String decodeUserSecret(String str) {
        try {
            return StringUtils.fromUtf8(StringUtils.decodeBase64String(str));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    public static Map<String, BasicAuthenticatorUser> deserializeAuthenticatorUserMap(ObjectMapper objectMapper, byte[] bArr) {
        Map<String, BasicAuthenticatorUser> map;
        if (bArr == null) {
            map = new HashMap();
        } else {
            try {
                map = (Map) objectMapper.readValue(bArr, AUTHENTICATOR_USER_MAP_TYPE_REFERENCE);
            } catch (IOException e) {
                throw new RuntimeException("Couldn't deserialize authenticator userMap!", e);
            }
        }
        return map;
    }

    public static byte[] serializeAuthenticatorUserMap(ObjectMapper objectMapper, Map<String, BasicAuthenticatorUser> map) {
        try {
            return objectMapper.writeValueAsBytes(map);
        } catch (IOException e) {
            throw new ISE(e, "Couldn't serialize authenticator userMap!", new Object[0]);
        }
    }

    public static Map<String, BasicAuthorizerUser> deserializeAuthorizerUserMap(ObjectMapper objectMapper, byte[] bArr) {
        Map<String, BasicAuthorizerUser> map;
        if (bArr == null) {
            map = new HashMap();
        } else {
            try {
                map = (Map) objectMapper.readValue(bArr, AUTHORIZER_USER_MAP_TYPE_REFERENCE);
            } catch (IOException e) {
                throw new RuntimeException("Couldn't deserialize authorizer userMap!", e);
            }
        }
        return map;
    }

    public static byte[] serializeAuthorizerUserMap(ObjectMapper objectMapper, Map<String, BasicAuthorizerUser> map) {
        try {
            return objectMapper.writeValueAsBytes(map);
        } catch (IOException e) {
            throw new ISE(e, "Couldn't serialize authorizer userMap!", new Object[0]);
        }
    }

    public static Map<String, BasicAuthorizerGroupMapping> deserializeAuthorizerGroupMappingMap(ObjectMapper objectMapper, byte[] bArr) {
        Map<String, BasicAuthorizerGroupMapping> map;
        if (bArr == null) {
            map = new HashMap();
        } else {
            try {
                map = (Map) objectMapper.readValue(bArr, AUTHORIZER_GROUP_MAPPING_MAP_TYPE_REFERENCE);
            } catch (IOException e) {
                throw new RuntimeException("Couldn't deserialize authorizer groupMappingMap!", e);
            }
        }
        return map;
    }

    public static byte[] serializeAuthorizerGroupMappingMap(ObjectMapper objectMapper, Map<String, BasicAuthorizerGroupMapping> map) {
        try {
            return objectMapper.writeValueAsBytes(map);
        } catch (IOException e) {
            throw new ISE(e, "Couldn't serialize authorizer groupMappingMap!", new Object[0]);
        }
    }

    public static Map<String, BasicAuthorizerRole> deserializeAuthorizerRoleMap(ObjectMapper objectMapper, byte[] bArr) {
        Map<String, BasicAuthorizerRole> map;
        if (bArr == null) {
            map = new HashMap();
        } else {
            try {
                map = (Map) objectMapper.readValue(bArr, AUTHORIZER_ROLE_MAP_TYPE_REFERENCE);
            } catch (IOException e) {
                throw new RuntimeException("Couldn't deserialize authorizer roleMap!", e);
            }
        }
        return map;
    }

    public static byte[] serializeAuthorizerRoleMap(ObjectMapper objectMapper, Map<String, BasicAuthorizerRole> map) {
        try {
            return objectMapper.writeValueAsBytes(map);
        } catch (IOException e) {
            throw new ISE(e, "Couldn't serialize authorizer roleMap!", new Object[0]);
        }
    }

    public static void maybeInitialize(RetryUtils.Task<?> task) {
        try {
            RetryUtils.retry(task, SHOULD_RETRY_INIT, 2);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
