package org.apache.ambari.logsearch.web.security;

import java.util.ArrayList;
import java.util.List;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.ambari.logsearch.common.ExternalServerClient;
import org.apache.ambari.logsearch.conf.AuthPropsConfig;
import org.apache.ambari.logsearch.util.JSONUtil;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

@Named
/* loaded from: input_file:org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.class */
public class LogsearchExternalServerAuthenticationProvider extends LogsearchAbstractAuthenticationProvider {
    private static Logger LOG = Logger.getLogger(LogsearchExternalServerAuthenticationProvider.class);

    @Inject
    private ExternalServerClient externalServerClient;

    @Inject
    private AuthPropsConfig authPropsConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider$PrivilegeInfo.class */
    public enum PrivilegeInfo {
        PERMISSION_LABEL("permission_label"),
        PERMISSION_NAME("permission_name"),
        PRINCIPAL_NAME("principal_name"),
        PRINCIPAL_TYPE("principal_type"),
        PRIVILEGE_ID("privilege_id"),
        TYPE("type"),
        USER_NAME("user_name");

        private String propertyKey;

        PrivilegeInfo(String str) {
            this.propertyKey = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.propertyKey;
        }
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!this.authPropsConfig.isAuthExternalEnabled()) {
            LOG.debug("external server auth is disabled.");
            return authentication;
        }
        String name = authentication.getName();
        String str = (String) authentication.getCredentials();
        if (StringUtils.isBlank(name)) {
            throw new BadCredentialsException("Username can't be null or empty.");
        }
        if (StringUtils.isBlank(str)) {
            throw new BadCredentialsException("Password can't be null or empty.");
        }
        String unescapeHtml = StringEscapeUtils.unescapeHtml(str);
        String unescapeHtml2 = StringEscapeUtils.unescapeHtml(name);
        try {
            if (isAllowedRole((String) this.externalServerClient.sendGETRequest(this.authPropsConfig.getExternalAuthLoginUrl().replace("$USERNAME", unescapeHtml2), String.class, unescapeHtml2, unescapeHtml))) {
                return new UsernamePasswordAuthenticationToken(unescapeHtml2, unescapeHtml, getAuthorities());
            }
            LOG.error(unescapeHtml2 + " doesn't have permission");
            throw new BadCredentialsException("Invalid User");
        } catch (Exception e) {
            LOG.error("Login failed for username :" + unescapeHtml2 + " Error :" + e.getLocalizedMessage());
            throw new BadCredentialsException("Bad credentials");
        }
    }

    private boolean isAllowedRole(String str) {
        ArrayList arrayList = new ArrayList();
        JSONUtil.getValuesOfKey(str, PrivilegeInfo.PERMISSION_NAME.toString(), arrayList);
        List<String> allowedRoles = this.authPropsConfig.getAllowedRoles();
        if (arrayList.isEmpty() || allowedRoles.size() < 1 || str == null) {
            return false;
        }
        Stream stream = arrayList.stream();
        allowedRoles.getClass();
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    @Override // org.apache.ambari.logsearch.web.security.LogsearchAbstractAuthenticationProvider
    public /* bridge */ /* synthetic */ boolean supports(Class cls) {
        return super.supports(cls);
    }
}
