package org.apache.atlas.web.dao;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Properties;
import javax.annotation.PostConstruct;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
import org.apache.atlas.web.model.User;
import org.apache.atlas.web.security.AtlasAuthenticationException;
import org.apache.commons.configuration.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.stereotype.Repository;
import org.springframework.util.StringUtils;

@Repository
/* loaded from: input_file:org/apache/atlas/web/dao/UserDao.class */
public class UserDao {
    private static final String DEFAULT_USER_CREDENTIALS_PROPERTIES = "users-credentials.properties";
    private Properties userLogins = new Properties();
    private static final Logger LOG = LoggerFactory.getLogger(UserDao.class);
    private static boolean v1ValidationEnabled = true;
    private static boolean v2ValidationEnabled = true;

    @PostConstruct
    public void init() {
        loadFileLoginsDetails();
    }

    void loadFileLoginsDetails() {
        this.userLogins.clear();
        InputStream inputStream = null;
        try {
            try {
                Configuration configuration = ApplicationProperties.get();
                v1ValidationEnabled = configuration.getBoolean("atlas.authentication.method.file.v1-validation.enabled", true);
                v2ValidationEnabled = configuration.getBoolean("atlas.authentication.method.file.v2-validation.enabled", true);
                inputStream = ApplicationProperties.getFileAsInputStream(configuration, "atlas.authentication.method.file.filename", DEFAULT_USER_CREDENTIALS_PROPERTIES);
                this.userLogins.load(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (IOException | AtlasException e2) {
                LOG.error("Error while reading user.properties file", e2);
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    public User loadUserByUsername(String str) throws AuthenticationException {
        String property = this.userLogins.getProperty(str);
        if (property == null || property.isEmpty()) {
            throw new UsernameNotFoundException("Username not found." + str);
        }
        String[] split = property.split("::");
        if (split == null || split.length != 2) {
            LOG.error("User role credentials is not set properly for {}", str);
            throw new AtlasAuthenticationException("User role credentials is not set properly for " + str);
        }
        String str2 = split[0];
        String str3 = split[1];
        ArrayList arrayList = new ArrayList();
        if (StringUtils.hasText(str2)) {
            arrayList.add(new SimpleGrantedAuthority(str2));
            return new User(str, str3, arrayList);
        }
        LOG.error("User role credentials is not set properly for {}", str);
        throw new AtlasAuthenticationException("User role credentials is not set properly for " + str);
    }

    @VisibleForTesting
    public void setUserLogins(Properties properties) {
        this.userLogins = properties;
    }

    public static String encrypt(String str) {
        String str2 = null;
        try {
            str2 = BCrypt.hashpw(str, BCrypt.gensalt());
        } catch (Throwable th) {
            LOG.warn("UserDao.encrypt(): failed", th);
        }
        return str2;
    }

    public static boolean checkEncrypted(String str, String str2, String str3) {
        boolean checkPasswordBCrypt = checkPasswordBCrypt(str, str2);
        if (!checkPasswordBCrypt && v2ValidationEnabled) {
            checkPasswordBCrypt = checkPasswordSHA256WithSalt(str, str2, str3);
        }
        if (!checkPasswordBCrypt && v1ValidationEnabled) {
            checkPasswordBCrypt = checkPasswordSHA256(str, str2);
        }
        return checkPasswordBCrypt;
    }

    private static boolean checkPasswordBCrypt(String str, String str2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("checkPasswordBCrypt()");
        }
        boolean z = false;
        try {
            z = BCrypt.checkpw(str, str2);
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("checkPasswordBCrypt(): failed", th);
            }
        }
        return z;
    }

    private static boolean checkPasswordSHA256WithSalt(String str, String str2, String str3) {
        String encodePassword;
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("checkPasswordSHA256WithSalt()");
        }
        boolean z2 = false;
        try {
            encodePassword = encodePassword(str, str3);
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("checkPasswordSHA256WithSalt(): failed", th);
            }
        }
        if (encodePassword != null) {
            if (encodePassword.equals(str2)) {
                z = true;
                z2 = z;
                return z2;
            }
        }
        z = false;
        z2 = z;
        return z2;
    }

    private static boolean checkPasswordSHA256(String str, String str2) {
        String sha256Hash;
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("checkPasswordSHA256()");
        }
        boolean z2 = false;
        try {
            sha256Hash = getSha256Hash(str);
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("checkPasswordSHA256(): failed", th);
            }
        }
        if (sha256Hash != null) {
            if (sha256Hash.equals(str2)) {
                z = true;
                z2 = z;
                return z2;
            }
        }
        z = false;
        z2 = z;
        return z2;
    }

    private static String getSha256Hash(String str) throws AtlasAuthenticationException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8"));
            StringBuffer stringBuffer = new StringBuffer();
            for (byte b : digest) {
                String hexString = Integer.toHexString(255 & b);
                if (hexString.length() == 1) {
                    stringBuffer.append('0');
                }
                stringBuffer.append(hexString);
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            throw new AtlasAuthenticationException("Exception while encoding password.", e);
        }
    }

    public static String encodePassword(String str, Object obj) {
        return new String(Hex.encode(getMessageDigest().digest(Utf8.encode(mergePasswordAndSalt(str, obj, false)))));
    }

    protected static final MessageDigest getMessageDigest() throws IllegalArgumentException {
        try {
            return MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("No such algorithm [SHA-256 ]");
        }
    }

    protected static String mergePasswordAndSalt(String str, Object obj, boolean z) {
        if (!StringUtils.hasText(str)) {
            str = "";
        }
        if (!z || obj == null || (obj.toString().lastIndexOf("{") == -1 && obj.toString().lastIndexOf("}") == -1)) {
            return StringUtils.hasText(obj.toString()) ? str + "{" + obj.toString() + "}" : str;
        }
        throw new IllegalArgumentException("Cannot use { or } in salt.toString()");
    }
}
