package com.mapr.security.maprauth;

import com.mapr.fs.proto.Security;
import com.mapr.security.ClusterServerTicketGeneration;
import com.mapr.security.MutableInt;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/maprfs-5.0.9-mapr.jar:com/mapr/security/maprauth/MaprAuthenticationHandler.class */
public class MaprAuthenticationHandler extends MultiMechsAuthenticationHandler {
    private static Logger LOG = LoggerFactory.getLogger((Class<?>) MaprAuthenticationHandler.class);
    public static final String TYPE = "maprauth";

    @Override // org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
        try {
            ClusterServerTicketGeneration.getInstance().generateTicketAndSetServerKey();
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void destroy() {
    }

    @Override // org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler
    public AuthenticationToken postauthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        if (httpServletRequest.getHeader("Authorization") != null) {
            return maprAuthenticate(httpServletRequest, httpServletResponse);
        }
        return null;
    }

    public AuthenticationToken maprAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        String header = httpServletRequest.getHeader("Authorization");
        if (!header.startsWith(MaprAuthenticator.NEGOTIATE)) {
            return null;
        }
        try {
            byte[] decodeBase64 = Base64.decodeBase64(header.substring(MaprAuthenticator.NEGOTIATE.length()).trim());
            LOG.trace("MaprAuthentication is started");
            Security.AuthenticationReqFull parseFrom = Security.AuthenticationReqFull.parseFrom(decodeBase64);
            if (parseFrom == null || parseFrom.getEncryptedTicket() == null) {
                LOG.error("Malformed client request");
                httpServletResponse.setHeader(MaprAuthenticator.WWW_ERR_AUTHENTICATE, "Malformed client request");
                httpServletResponse.setStatus(401);
                return null;
            }
            byte[] byteArray = parseFrom.getEncryptedTicket().toByteArray();
            MutableInt mutableInt = new MutableInt();
            Security.Ticket DecryptTicket = com.mapr.security.Security.DecryptTicket(byteArray, mutableInt);
            if (mutableInt.GetValue() != 0 || DecryptTicket == null) {
                httpServletResponse.setHeader(MaprAuthenticator.WWW_ERR_AUTHENTICATE, "Error while decrypting ticket and key " + mutableInt.GetValue());
                httpServletResponse.setStatus(401);
                return null;
            }
            Security.CredentialsMsg userCreds = DecryptTicket.getUserCreds();
            Security.Key userKey = DecryptTicket.getUserKey();
            String userName = userCreds.getUserName();
            if (com.mapr.security.Security.Decrypt(userKey, parseFrom.getEncryptedRandomSecret().toByteArray(), mutableInt).length != 8) {
                LOG.error("Bad random secret");
                httpServletResponse.setHeader(MaprAuthenticator.WWW_ERR_AUTHENTICATE, "Bad random secret");
                httpServletResponse.setStatus(401);
                return null;
            }
            long j = (r0[0] << 56) + ((r0[1] & 255) << 48) + ((r0[2] & 255) << 40) + ((r0[3] & 255) << 32) + ((r0[4] & 255) << 24) + ((r0[5] & 255) << 16) + ((r0[6] & 255) << 8) + ((r0[7] & 255) << 0);
            LOG.trace("Received secret number: " + j);
            long j2 = j + 1;
            Security.AuthenticationResp.Builder newBuilder = Security.AuthenticationResp.newBuilder();
            newBuilder.setChallengeResponse(j2);
            newBuilder.setStatus(0);
            httpServletResponse.setHeader("Authorization", "MAPR-Negotiate " + new Base64(0).encodeToString(com.mapr.security.Security.Encrypt(userKey, newBuilder.build().toByteArray(), mutableInt)));
            LOG.trace("MaprAuthentication is completed on server side");
            return new AuthenticationToken(userName, userName, getType());
        } catch (Throwable th) {
            LOG.error("Bad server key", th);
            httpServletResponse.setHeader(MaprAuthenticator.WWW_ERR_AUTHENTICATE, "Bad server key");
            httpServletResponse.setStatus(401);
            return null;
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler
    public void addHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("WWW-Authenticate", MaprAuthenticator.NEGOTIATE);
    }

    @Override // org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler
    public MultiMechsAuthenticationHandler getAuthBasedEntity(String str) {
        if (str == null || !str.startsWith(MaprAuthenticator.NEGOTIATE)) {
            return null;
        }
        return this;
    }
}
