package com.cloudera.server.web.cmf;

import com.cloudera.cmf.model.DbConfigContainerConfigProvider;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.config.KerberosPrincEvaluator;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.parcel.ParcelIdentity;
import com.cloudera.server.web.cmf.CMFUserDetailsService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import java.util.List;
import javax.persistence.EntityManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/cloudera/server/web/cmf/CMFKerberosUserDetailsService.class */
public class CMFKerberosUserDetailsService implements UserDetailsService {
    private static Logger LOG = LoggerFactory.getLogger(CMFKerberosUserDetailsService.class);
    private CMFUserDetailsService delegateUds;
    private CmfUserLoader cmfUserLoader;
    private final EntityManagerFactory emf;

    @Autowired
    public CMFKerberosUserDetailsService(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    public CMFUserDetailsService getDelegateUds() {
        return this.delegateUds;
    }

    public void setDelegateUds(CMFUserDetailsService cMFUserDetailsService) {
        this.delegateUds = cMFUserDetailsService;
    }

    public void setCmfUserLoader(CmfUserLoader cmfUserLoader) {
        this.cmfUserLoader = cmfUserLoader;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        if (str != null && str.contains("@")) {
            try {
                String primary = new KerberosPrincEvaluator.KerberosName(str).getPrimary();
                CmfEntityManager cmfEntityManager = new CmfEntityManager(this.emf);
                try {
                    cmfEntityManager.beginForRollbackAndReadonly();
                    DbConfigContainerConfigProvider scmConfigProvider = cmfEntityManager.getScmConfigProvider();
                    List list = (List) ScmHandler.getScmConfigValue(ScmParams.KRB_AUTH_EXCLUDE_USERS, scmConfigProvider);
                    if (list != null && list.contains(primary)) {
                        throw new UsernameNotFoundException(String.format("User: %s is not allowed to authenticate using Kerberos", primary));
                    }
                    String str2 = (String) ScmHandler.getScmConfigValue(ScmParams.PROXYUSER_KNOX_PRINCIPAL, scmConfigProvider);
                    if (str2 != null && str2.equals(primary)) {
                        LOG.info("Loading proxy user: " + primary + " from principal: " + str);
                        CMFUserDetailsService.CMFUser build = CMFUserDetailsService.CMFUser.newBuilder().setUsername(primary).setPasswordHash(ParcelIdentity.SEP).setAuthorities(ImmutableMap.of()).setSalt(0L).setIsExternal(true).build();
                        cmfEntityManager.close();
                        return build;
                    }
                    cmfEntityManager.close();
                    if (this.cmfUserLoader != null) {
                        try {
                            UserDetailsAndGroups loadUserByUsername = this.cmfUserLoader.loadUserByUsername(str.split("@")[0]);
                            if (loadUserByUsername != null) {
                                return loadUserByUsername.getUserDetails();
                            }
                        } catch (UsernameNotFoundException e) {
                            LOG.debug("Failed to authenticate with LDAP/PAM providers, continue with primary");
                        }
                    }
                    LOG.info("Loading user: " + primary + " from principal: " + str);
                    return this.delegateUds.loadUserByUsername(primary);
                } catch (Throwable th) {
                    cmfEntityManager.close();
                    throw th;
                }
            } catch (IllegalArgumentException e2) {
                return this.delegateUds.loadUserByUsername(str);
            }
        }
        return this.delegateUds.loadUserByUsername(str);
    }

    @VisibleForTesting
    public void checkCreateFirstUser(String str) {
        this.delegateUds.checkCreateFirstUser(str);
    }
}
