package org.apache.pulsar.broker.authentication;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.AuthenticationException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.metrics.AuthenticationMetrics;
import org.apache.pulsar.client.api.url.URL;
import org.apache.pulsar.functions.runtime.shaded.org.apache.commons.codec.digest.Crypt;
import org.apache.pulsar.functions.runtime.shaded.org.apache.commons.codec.digest.Md5Crypt;
import org.apache.pulsar.functions.runtime.shaded.org.apache.commons.io.IOUtils;
import org.apache.pulsar.functions.runtime.shaded.org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderBasic.class */
public class AuthenticationProviderBasic implements AuthenticationProvider {
    private static final String HTTP_HEADER_NAME = "Authorization";
    private static final String CONF_SYSTEM_PROPERTY_KEY = "pulsar.auth.basic.conf";
    private static final String CONF_PULSAR_PROPERTY_KEY = "basicAuthConf";
    private Map<String, String> users;

    /* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderBasic$AuthParams.class */
    private class AuthParams {
        private String userId;
        private String password;

        public AuthParams(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            String str;
            if (authenticationDataSource.hasDataFromCommand()) {
                str = authenticationDataSource.getCommandData();
            } else {
                if (!authenticationDataSource.hasDataFromHttp()) {
                    throw new AuthenticationException("Authentication data source does not have data");
                }
                String httpHeader = authenticationDataSource.getHttpHeader("Authorization");
                if (StringUtils.isBlank(httpHeader) || !httpHeader.toUpperCase().startsWith("BASIC ")) {
                    throw new AuthenticationException("Authentication token has to be started with \"Basic \"");
                }
                String[] split = httpHeader.split(" ");
                if (split.length != 2) {
                    throw new AuthenticationException("Base64 encoded token is not found");
                }
                try {
                    str = new String(Base64.getDecoder().decode(split[1]));
                } catch (Exception e) {
                    throw new AuthenticationException("Base64 decoding is failure: " + e.getMessage());
                }
            }
            String[] split2 = str.split(":");
            if (split2.length != 2) {
                throw new AuthenticationException("Base64 decoded params are invalid");
            }
            this.userId = split2[0];
            this.password = split2[1];
        }

        public String getUserId() {
            return this.userId;
        }

        public String getPassword() {
            return this.password;
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    public static byte[] readData(String str) throws IOException, URISyntaxException, InstantiationException, IllegalAccessException {
        if (str.startsWith("data:") || str.startsWith("file:")) {
            return IOUtils.toByteArray(URL.createURL(str));
        }
        if (Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
            return Files.readAllBytes(Paths.get(str, new String[0]));
        }
        if (org.apache.pulsar.functions.runtime.shaded.org.apache.commons.codec.binary.Base64.isBase64(str)) {
            return Base64.getDecoder().decode(str);
        }
        throw new IllegalArgumentException("Not supported config");
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        String property = serviceConfiguration.getProperties().getProperty(CONF_PULSAR_PROPERTY_KEY);
        if (StringUtils.isEmpty(property)) {
            property = System.getProperty(CONF_SYSTEM_PROPERTY_KEY);
        }
        if (StringUtils.isEmpty(property)) {
            throw new IOException("No basic authentication config provided");
        }
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(readData(property))));
                this.users = new HashMap();
                for (String str : (String[]) bufferedReader.lines().toArray(i -> {
                    return new String[i];
                })) {
                    List asList = Arrays.asList(str.split(":"));
                    if (asList.size() != 2) {
                        throw new IOException("The format of the password auth conf file is invalid");
                    }
                    this.users.put((String) asList.get(0), (String) asList.get(1));
                }
                if (Collections.singletonList(bufferedReader).get(0) != null) {
                    bufferedReader.close();
                }
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        } catch (Throwable th) {
            if (Collections.singletonList(bufferedReader).get(0) != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String getAuthMethodName() {
        return "basic";
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        AuthParams authParams = new AuthParams(authenticationDataSource);
        String userId = authParams.getUserId();
        String password = authParams.getPassword();
        try {
            if (this.users.get(userId) == null) {
                throw new AuthenticationException("Unknown user or invalid password");
            }
            String str = this.users.get(userId);
            if (this.users.get(userId).startsWith("$apr1")) {
                List asList = Arrays.asList(str.split("\\$"));
                if (asList.size() != 4 || !str.equals(Md5Crypt.apr1Crypt(password.getBytes(), (String) asList.get(2)))) {
                    throw new AuthenticationException("Unknown user or invalid password");
                }
            } else if (!str.equals(Crypt.crypt(password.getBytes(), str.substring(0, 2)))) {
                throw new AuthenticationException("Unknown user or invalid password");
            }
            AuthenticationMetrics.authenticateSuccess(getClass().getSimpleName(), getAuthMethodName());
            return userId;
        } catch (AuthenticationException e) {
            AuthenticationMetrics.authenticateFailure(getClass().getSimpleName(), getAuthMethodName(), e.getMessage());
            throw e;
        }
    }
}
