package com.mapr.web.security;

import com.mapr.fs.proto.Security;
import com.mapr.security.MutableInt;
import java.util.ArrayList;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/mapr-security-web-6.1.0-mapr.jar:com/mapr/web/security/MapRTicketAuthenticationProvider.class */
public class MapRTicketAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(MapRTicketAuthenticationProvider.class);

    public Authentication authenticate(Authentication authentication) {
        try {
            MapRTicketToken mapRTicketToken = (MapRTicketToken) authentication;
            byte[] decodeBase64 = Base64.decodeBase64(mapRTicketToken.getToken());
            log.debug("MapRTicket authentication started");
            Security.AuthenticationReqFull parseFrom = Security.AuthenticationReqFull.parseFrom(decodeBase64);
            if (parseFrom == null || parseFrom.getEncryptedTicket() == null) {
                log.error("Malformed client request");
                throw new AuthenticationServiceException("Malformed client request");
            }
            byte[] byteArray = parseFrom.getEncryptedTicket().toByteArray();
            MutableInt mutableInt = new MutableInt();
            Security.Ticket DecryptTicket = com.mapr.security.Security.DecryptTicket(byteArray, mutableInt);
            if (DecryptTicket == null || mutableInt.GetValue() != 0) {
                String str = "Error while decrypting ticket and key " + mutableInt.GetValue();
                log.error(str);
                throw new AuthenticationServiceException(str);
            }
            Security.CredentialsMsg userCreds = DecryptTicket.getUserCreds();
            boolean canUserImpersonate = DecryptTicket.getCanUserImpersonate();
            Security.Key userKey = DecryptTicket.getUserKey();
            String userName = userCreds.getUserName();
            if (!canUserImpersonate && mapRTicketToken.isImpersonateUser()) {
                String str2 = "User " + userName + " doesn't have permissions to impersonate other users";
                log.error(str2);
                throw new AuthenticationServiceException(str2);
            }
            if (com.mapr.security.Security.Decrypt(userKey, parseFrom.getEncryptedRandomSecret().toByteArray(), mutableInt).length != 8) {
                log.error("Bad random secret");
                throw new AuthenticationServiceException("Bad random secret");
            }
            long j = (r0[0] << 56) + ((r0[1] & 255) << 48) + ((r0[2] & 255) << 40) + ((r0[3] & 255) << 32) + ((r0[4] & 255) << 24) + ((r0[5] & 255) << 16) + ((r0[6] & 255) << 8) + ((r0[7] & 255) << 0);
            log.debug("Received secret number: {}", Long.valueOf(j));
            long j2 = j + 1;
            Security.AuthenticationResp.Builder newBuilder = Security.AuthenticationResp.newBuilder();
            newBuilder.setChallengeResponse(j2);
            newBuilder.setStatus(0);
            String encodeToString = new Base64(0).encodeToString(com.mapr.security.Security.Encrypt(userKey, newBuilder.build().toByteArray(), mutableInt));
            ArrayList arrayList = new ArrayList();
            log.debug("MaprRTicket Authentication is completed on server side");
            arrayList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            MapRTicketToken mapRTicketToken2 = new MapRTicketToken(userName, arrayList, null, encodeToString, canUserImpersonate);
            SecurityContextHolder.getContext().setAuthentication(mapRTicketToken2);
            return mapRTicketToken2;
        } catch (AuthenticationException e) {
            log.error("Bad server key", e);
            throw new AuthenticationServiceException("Bad server key");
        }
    }

    public boolean supports(Class<?> cls) {
        return MapRTicketToken.class.isAssignableFrom(cls);
    }
}
