package org.apache.drill.exec.server.rest.auth;

import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.apache.drill.exec.ExecConstants;
import org.apache.drill.exec.rpc.security.plain.PlainFactory;
import org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
import org.apache.drill.exec.server.DrillbitContext;
import org.apache.drill.exec.server.options.SystemOptionManager;
import org.apache.drill.exec.util.ImpersonationUtil;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/server/rest/auth/DrillRestLoginService.class */
public class DrillRestLoginService implements LoginService {
    private static final Logger logger = LoggerFactory.getLogger(DrillRestLoginService.class);
    private final DrillbitContext drillbitContext;
    private IdentityService identityService = new DefaultIdentityService();

    public DrillRestLoginService(DrillbitContext drillbitContext) {
        this.drillbitContext = drillbitContext;
    }

    public boolean validate(UserIdentity userIdentity) {
        return true;
    }

    public String getName() {
        return "DrillRestLoginService";
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        if (!(obj instanceof String)) {
            return null;
        }
        try {
            ((PlainFactory) this.drillbitContext.getAuthProvider().getAuthenticatorFactory("PLAIN")).getAuthenticator().authenticate(str, obj.toString());
            logger.debug("WebUser {} is successfully authenticated", str);
            SystemOptionManager optionManager = this.drillbitContext.getOptionManager();
            boolean hasAdminPrivileges = ImpersonationUtil.hasAdminPrivileges(str, ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(optionManager), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(optionManager));
            DrillUserPrincipal drillUserPrincipal = new DrillUserPrincipal(str, hasAdminPrivileges);
            Subject subject = new Subject();
            subject.getPrincipals().add(drillUserPrincipal);
            subject.getPrivateCredentials().add(obj);
            if (hasAdminPrivileges) {
                subject.getPrincipals().addAll(DrillUserPrincipal.ADMIN_PRINCIPALS);
                return this.identityService.newUserIdentity(subject, drillUserPrincipal, DrillUserPrincipal.ADMIN_USER_ROLES);
            }
            subject.getPrincipals().addAll(DrillUserPrincipal.NON_ADMIN_PRINCIPALS);
            return this.identityService.newUserIdentity(subject, drillUserPrincipal, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
        } catch (Exception e) {
            if (e instanceof UserAuthenticationException) {
                logger.debug("Authentication failed for WebUser '{}'", str, e);
                return null;
            }
            logger.error("UnExpected failure occurred for WebUser {} during login.", str, e);
            return null;
        }
    }

    public IdentityService getIdentityService() {
        return this.identityService;
    }

    public void setIdentityService(IdentityService identityService) {
        this.identityService = identityService;
    }

    public void logout(UserIdentity userIdentity) {
        if (logger.isTraceEnabled()) {
            logger.trace("Web user {} logged out.", userIdentity.getUserPrincipal().getName());
        }
    }
}
