package io.confluent.rest.auth;

import com.google.protobuf.InvalidProtocolBufferException;
import com.mapr.fs.proto.Security;
import com.mapr.security.MutableInt;
import io.confluent.rest.impersonation.Errors;
import java.io.IOException;
import java.net.HttpCookie;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Cookie;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:io/confluent/rest/auth/MaprAuthenticationUtils.class */
public class MaprAuthenticationUtils {
    private static final String MAPR_NEGOTIATE = "MAPR-Negotiate";
    private static final String BASIC = "Basic";
    private static final String HADOOP_AUTH_COOKIE = "hadoop.auth";

    public static String getUserNameFromRequestContext(ContainerRequestContext containerRequestContext) {
        return findUserNameFromAuthentication(containerRequestContext.getHeaderString("Authorization")).orElseGet(() -> {
            return findUserNameFromRequestCookie(containerRequestContext).orElseThrow(MaprAuthenticationUtils::onMissingUsername);
        });
    }

    private static Optional<String> findUserNameFromRequestCookie(ContainerRequestContext containerRequestContext) {
        return Optional.ofNullable(containerRequestContext.getCookies()).map(map -> {
            return (Cookie) map.get(HADOOP_AUTH_COOKIE);
        }).map((v0) -> {
            return v0.getValue();
        }).flatMap(MaprAuthenticationUtils::findUserNameFromHadoopAuthCookieValue);
    }

    public static String getUserNameFromAuthenticationOrCookie(String str, String str2) {
        return findUserNameFromAuthentication(str).orElseGet(() -> {
            return findUserNameFromCookie(str2).orElseThrow(MaprAuthenticationUtils::onMissingUsername);
        });
    }

    private static RuntimeException onMissingUsername() {
        return Errors.serverLoginException(new IOException("Username is unavailable"));
    }

    public static Optional<String> findUserNameFromAuthentication(String str) {
        String substringBefore = StringUtils.substringBefore(str, " ");
        String substringAfter = StringUtils.substringAfter(str, " ");
        return BASIC.equals(substringBefore) ? Optional.ofNullable(getUserNameFromBasicAuthentication(substringAfter.trim())) : MAPR_NEGOTIATE.equals(substringBefore) ? Optional.ofNullable(getUserNameFromMaprTicketAuthentication(substringAfter.trim())) : Optional.empty();
    }

    private static String getUserNameFromBasicAuthentication(String str) {
        return StringUtils.substringBefore(new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8), ":");
    }

    private static String getUserNameFromMaprTicketAuthentication(String str) {
        try {
            Security.AuthenticationReqFull parseFrom = Security.AuthenticationReqFull.parseFrom(org.apache.commons.codec.binary.Base64.decodeBase64(str));
            if (parseFrom == null || !parseFrom.hasEncryptedTicket()) {
                throw Errors.maprTicketDecryptException("Malformed client request");
            }
            byte[] byteArray = parseFrom.getEncryptedTicket().toByteArray();
            MutableInt mutableInt = new MutableInt();
            Security.Ticket DecryptTicket = com.mapr.security.Security.DecryptTicket(byteArray, mutableInt);
            if (mutableInt.GetValue() != 0 || DecryptTicket == null) {
                throw Errors.maprTicketDecryptException("Error while decrypting ticket and key " + mutableInt.GetValue());
            }
            return DecryptTicket.getUserCreds().getUserName();
        } catch (InvalidProtocolBufferException e) {
            throw Errors.maprTicketDecryptException("Bad server key", e);
        }
    }

    public static Optional<String> findUserNameFromCookie(String str) {
        return ((List) Optional.ofNullable(str).map(HttpCookie::parse).orElse(Collections.emptyList())).stream().filter(httpCookie -> {
            return httpCookie.getName().equals(HADOOP_AUTH_COOKIE);
        }).findFirst().map((v0) -> {
            return v0.getValue();
        }).flatMap(MaprAuthenticationUtils::findUserNameFromHadoopAuthCookieValue);
    }

    private static Optional<String> findUserNameFromHadoopAuthCookieValue(String str) {
        for (String str2 : str.split("&")) {
            if (str2.startsWith("u=")) {
                return Optional.of(StringUtils.removeStart(str2, "u="));
            }
        }
        return Optional.empty();
    }
}
