package org.apache.pulsar.broker.authentication;

import java.io.Closeable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.stream.Collectors;
import javax.naming.AuthenticationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.PulsarServerException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.web.AuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationService.class */
public class AuthenticationService implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationService.class);
    private final String anonymousUserRole;
    private final Map<String, AuthenticationProvider> providers = new HashMap();

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v38, types: [org.apache.pulsar.broker.authentication.AuthenticationProvider] */
    public AuthenticationService(ServiceConfiguration serviceConfiguration) throws PulsarServerException {
        this.anonymousUserRole = serviceConfiguration.getAnonymousUserRole();
        if (!serviceConfiguration.isAuthenticationEnabled()) {
            LOG.info("Authentication is disabled");
            return;
        }
        try {
            HashMap hashMap = new HashMap();
            for (String str : serviceConfiguration.getAuthenticationProviders()) {
                if (!str.isEmpty()) {
                    AuthenticationProvider authenticationProvider = (AuthenticationProvider) Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                    List list = (List) hashMap.get(authenticationProvider.getAuthMethodName());
                    if (null == list) {
                        list = new ArrayList(1);
                        hashMap.put(authenticationProvider.getAuthMethodName(), list);
                    }
                    list.add(authenticationProvider);
                }
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                AuthenticationProviderList authenticationProviderList = ((List) entry.getValue()).size() == 1 ? (AuthenticationProvider) ((List) entry.getValue()).get(0) : new AuthenticationProviderList((List) entry.getValue());
                authenticationProviderList.initialize(serviceConfiguration);
                this.providers.put(authenticationProviderList.getAuthMethodName(), authenticationProviderList);
                LOG.info("[{}] has been loaded.", ((List) entry.getValue()).stream().map(authenticationProvider2 -> {
                    return authenticationProvider2.getClass().getName();
                }).collect(Collectors.joining(",")));
            }
            if (this.providers.isEmpty()) {
                LOG.warn("No authentication providers are loaded.");
            }
        } catch (Throwable th) {
            throw new PulsarServerException("Failed to load an authentication provider.", th);
        }
    }

    private String getAuthMethodName(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(AuthenticationFilter.PULSAR_AUTH_METHOD_NAME);
    }

    private AuthenticationProvider getAuthProvider(String str) throws AuthenticationException {
        AuthenticationProvider authenticationProvider = this.providers.get(str);
        if (authenticationProvider == null) {
            throw new AuthenticationException(String.format("Unsupported authentication method: [%s].", str));
        }
        return authenticationProvider;
    }

    public boolean authenticateHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String authMethodName = getAuthMethodName(httpServletRequest);
        if (authMethodName == null && "Kerberos".equalsIgnoreCase(httpServletRequest.getHeader("SASL-Type"))) {
            authMethodName = "sasl";
        }
        if (authMethodName != null) {
            AuthenticationProvider authProvider = getAuthProvider(authMethodName);
            try {
                return authProvider.authenticateHttpRequest(httpServletRequest, httpServletResponse);
            } catch (AuthenticationException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authentication failed for provider " + authProvider.getAuthMethodName() + " : " + e.getMessage(), e);
                }
                throw e;
            }
        }
        for (AuthenticationProvider authenticationProvider : this.providers.values()) {
            try {
                return authenticationProvider.authenticateHttpRequest(httpServletRequest, httpServletResponse);
            } catch (AuthenticationException e2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authentication failed for provider " + authenticationProvider.getAuthMethodName() + ": " + e2.getMessage(), e2);
                }
            }
        }
        if (this.providers.isEmpty()) {
            return true;
        }
        if (!StringUtils.isNotBlank(this.anonymousUserRole)) {
            throw new AuthenticationException("Authentication required");
        }
        httpServletRequest.setAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName, this.anonymousUserRole);
        httpServletRequest.setAttribute(AuthenticationFilter.AuthenticatedDataAttributeName, new AuthenticationDataHttps(httpServletRequest));
        return true;
    }

    @Deprecated
    public String authenticateHttpRequest(HttpServletRequest httpServletRequest, AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        String authMethodName = getAuthMethodName(httpServletRequest);
        if (authMethodName != null) {
            AuthenticationProvider authProvider = getAuthProvider(authMethodName);
            if (authenticationDataSource == null) {
                try {
                    authenticationDataSource = authProvider.newHttpAuthState(httpServletRequest).getAuthDataSource();
                } catch (InterruptedException | ExecutionException e) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Authentication failed for provider " + authProvider.getAuthMethodName() + " : " + e.getMessage(), e);
                    }
                    throw new RuntimeException(e);
                } catch (AuthenticationException e2) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Authentication failed for provider " + authProvider.getAuthMethodName() + " : " + e2.getMessage(), e2);
                    }
                    throw e2;
                }
            }
            return authProvider.authenticateAsync(authenticationDataSource).get();
        }
        for (AuthenticationProvider authenticationProvider : this.providers.values()) {
            try {
                return authenticationProvider.authenticateAsync(authenticationProvider.newHttpAuthState(httpServletRequest).getAuthDataSource()).get();
            } catch (InterruptedException | ExecutionException | AuthenticationException e3) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authentication failed for provider " + authenticationProvider.getAuthMethodName() + ": " + e3.getMessage(), e3);
                }
            }
        }
        if (this.providers.isEmpty()) {
            return "<none>";
        }
        if (StringUtils.isNotBlank(this.anonymousUserRole)) {
            return this.anonymousUserRole;
        }
        throw new AuthenticationException("Authentication required");
    }

    @Deprecated
    public String authenticateHttpRequest(HttpServletRequest httpServletRequest) throws AuthenticationException {
        return authenticateHttpRequest(httpServletRequest, (AuthenticationDataSource) null);
    }

    public AuthenticationProvider getAuthenticationProvider(String str) {
        return this.providers.get(str);
    }

    public Optional<String> getAnonymousUserRole() {
        return StringUtils.isNotBlank(this.anonymousUserRole) ? Optional.of(this.anonymousUserRole) : Optional.empty();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        Iterator<AuthenticationProvider> it = this.providers.values().iterator();
        while (it.hasNext()) {
            it.next().close();
        }
    }
}
