package com.mapr.security.zookeeper.auth;

import com.mapr.fs.ShimLoader;
import com.mapr.fs.proto.Security;
import com.mapr.security.MutableInt;
import com.mapr.security.Security;
import org.apache.commons.codec.binary.Base64;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.ServerCnxn;
import org.apache.zookeeper.server.auth.AuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/security/zookeeper/auth/MaprZKAuthProvider.class */
public class MaprZKAuthProvider implements AuthenticationProvider {
    private static final Logger LOG;
    public static final String MAPR_ZK_AUTH_PROVIDER_SCHEME = "maprauth";
    private static final long MAX_EPOCH_DELAY = 600000;
    private static final String cldbKeyFile;
    private static final String configuredEpochDelay;
    private static long epochDelay;

    public MaprZKAuthProvider() throws InstantiationException {
        try {
            epochDelay = Long.valueOf(configuredEpochDelay).longValue();
        } catch (NumberFormatException e) {
            LOG.warn("Configured Epoch Delay is not a number: " + configuredEpochDelay + ". Will use default");
        }
        if (cldbKeyFile == null) {
            LOG.error("Location of ZK cldb key is not set");
            throw new InstantiationException("Location of ZK cldb key is not set");
        }
        MutableInt mutableInt = new MutableInt();
        if (Security.SetKeyFile(Security.ServerKeyType.CldbKey, cldbKeyFile) != 0) {
            LOG.error("Failed to set cldb key file " + cldbKeyFile + " err " + mutableInt);
            throw new InstantiationException("Failed to set cldb key file " + cldbKeyFile + " err " + mutableInt);
        }
        if (LOG.isInfoEnabled() && !com.mapr.security.Security.isHSMFeatureEnabled()) {
            LOG.info("Set the cldb key file to " + cldbKeyFile);
        }
        Security.Key GetKey = com.mapr.security.Security.GetKey(Security.ServerKeyType.CldbKey, mutableInt);
        if (GetKey == null) {
            LOG.error("Cldb key can not be obtained: " + mutableInt.GetValue());
            throw new InstantiationException("Cldb key can not be obtained: " + mutableInt.GetValue());
        }
        Security.Key GetServerKey = com.mapr.security.Security.GetServerKey(GetKey, 0L);
        if (GetServerKey == null) {
            LOG.error("Server key can not be obtained");
            throw new InstantiationException("Server key can not be obtained");
        }
        if (com.mapr.security.Security.SetKey(Security.ServerKeyType.ServerKey, GetServerKey) != 0) {
            LOG.error("Failed to set Server key with error: " + mutableInt);
            throw new InstantiationException("Failed to set Server key with error: " + mutableInt);
        }
    }

    public String getScheme() {
        return MAPR_ZK_AUTH_PROVIDER_SCHEME;
    }

    public KeeperException.Code handleAuthentication(ServerCnxn serverCnxn, byte[] bArr) {
        if (bArr == null || bArr.length < 1) {
            LOG.error("Received challenge is empty when secret expected");
            return KeeperException.Code.AUTHFAILED;
        }
        try {
            Security.AuthenticationReqFull parseFrom = Security.AuthenticationReqFull.parseFrom(Base64.decodeBase64(bArr));
            if (parseFrom == null || parseFrom.getEncryptedTicket() == null) {
                LOG.error("Malformed auth info");
                return KeeperException.Code.AUTHFAILED;
            }
            byte[] byteArray = parseFrom.getEncryptedTicket().toByteArray();
            MutableInt mutableInt = new MutableInt();
            Security.Ticket DecryptTicket = com.mapr.security.Security.DecryptTicket(byteArray, mutableInt);
            if (mutableInt.GetValue() != 0 || DecryptTicket == null) {
                LOG.error("Error while trying to decrypt ticket: " + mutableInt.GetValue());
                return KeeperException.Code.AUTHFAILED;
            }
            Security.CredentialsMsg userCreds = DecryptTicket.getUserCreds();
            Security.Key userKey = DecryptTicket.getUserKey();
            if (userCreds == null || userKey == null) {
                LOG.error("Incoming info is not valid");
                return KeeperException.Code.AUTHFAILED;
            }
            String num = Integer.toString(userCreds.getUid());
            if (com.mapr.security.Security.Decrypt(userKey, parseFrom.getEncryptedRandomSecret().toByteArray(), mutableInt).length != 16) {
                LOG.error("Bad random secret");
                return KeeperException.Code.AUTHFAILED;
            }
            long j = (r0[0] << 56) + ((r0[1] & 255) << 48) + ((r0[2] & 255) << 40) + ((r0[3] & 255) << 32) + ((r0[4] & 255) << 24) + ((r0[5] & 255) << 16) + ((r0[6] & 255) << 8) + ((r0[7] & 255) << 0);
            long currentTimeMillis = System.currentTimeMillis();
            if (Math.abs(currentTimeMillis - j) > epochDelay) {
                Logger logger = LOG;
                logger.warn("Epoch on client differs > " + epochDelay + "ms. then on server: " + logger + ", client: " + currentTimeMillis + ". Most likely it is related to ZK disconnect");
            } else if (LOG.isDebugEnabled()) {
                Logger logger2 = LOG;
                logger2.debug("on server: " + currentTimeMillis + ", client: " + logger2);
            }
            long j2 = (r0[8] << 56) + ((r0[9] & 255) << 48) + ((r0[10] & 255) << 40) + ((r0[11] & 255) << 32) + ((r0[12] & 255) << 24) + ((r0[13] & 255) << 16) + ((r0[14] & 255) << 8) + ((r0[15] & 255) << 0);
            serverCnxn.addAuthInfo(new Id(getScheme(), num));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Auth info size: " + serverCnxn.getAuthInfo().size());
            }
            return KeeperException.Code.OK;
        } catch (Throwable th) {
            LOG.error("Bad server key ", th);
            return KeeperException.Code.AUTHFAILED;
        }
    }

    public boolean isAuthenticated() {
        return true;
    }

    public boolean isValid(String str) {
        return true;
    }

    public boolean matches(String str, String str2) {
        if (str2.equals("anyone")) {
            return true;
        }
        return str.equals(str2);
    }

    static {
        ShimLoader.load();
        LOG = LoggerFactory.getLogger(MaprZKAuthProvider.class);
        cldbKeyFile = System.getProperty("zookeeper.mapr.cldbkeyfile.location");
        configuredEpochDelay = System.getProperty("zookeeper.mapr.epoch.delay", "600000");
        epochDelay = MAX_EPOCH_DELAY;
    }
}
