package com.cloudera.server.web.cmf;

import com.cloudera.cmf.CommandRunner;
import com.cloudera.cmf.cdhclient.util.ThrottlingLogger;
import com.cloudera.cmf.model.DbExternalMapping;
import com.cloudera.cmf.model.ExternalMappingType;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.web.common.I18n;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableList;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManagerFactory;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/cloudera/server/web/cmf/CmfExternalScriptAuthenticationProvider.class */
public class CmfExternalScriptAuthenticationProvider implements CmfAuthenticationProvider {
    private static final boolean LINUX_OS_TYPE = System.getProperty("os.name", "UNDEFINED").toLowerCase().equals("linux");
    private static final Logger LOG = LoggerFactory.getLogger(CmfExternalScriptAuthenticationProvider.class);
    private static ThrottlingLogger THROTTLED_LOG = new ThrottlingLogger(LOG, Duration.standardMinutes(5));

    @VisibleForTesting
    static final Function<ExternalMappingType, Boolean> MAPPING_MATCHER = new Function<ExternalMappingType, Boolean>() { // from class: com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProvider.1
        public Boolean apply(ExternalMappingType externalMappingType) {
            return Boolean.valueOf(externalMappingType == ExternalMappingType.EXTERNAL_PROGRAM);
        }
    };
    private final String scriptPath;
    private EntityManagerFactory emf;
    private ExternalScriptProvider provider = new ExternalScriptProvider();
    private UserMapper userMapper;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/cloudera/server/web/cmf/CmfExternalScriptAuthenticationProvider$AuthScript.class */
    public static class AuthScript {
        private final String script;

        public AuthScript(String str) {
            this.script = str;
        }

        public Map<AuthScope, Set<UserRole>> authenticate(EntityManagerFactory entityManagerFactory, String str, String str2) throws AuthenticationException {
            CmfExternalScriptAuthenticationProvider.LOG.info("Attempting external authentication with program '{}' for user '{}'", this.script, str);
            CommandRunner.CommandResult run = CommandRunner.run(ImmutableList.of(this.script, str), new ByteArrayInputStream(str2.getBytes()));
            if (null != run.exception) {
                throw new RuntimeException(run.stderr, run.exception);
            }
            final int doProperConversion = doProperConversion(run);
            if (doProperConversion < 0) {
                CmfExternalScriptAuthenticationProvider.LOG.warn("External authentication failed: {}", run.stderr);
                throw new AuthenticationServiceException(run.stderr);
            }
            HashMultimap<AuthScope, UserRole> fetchMapping = new ExternalMapperStrategy(CmfExternalScriptAuthenticationProvider.MAPPING_MATCHER, new Function<DbExternalMapping, Boolean>() { // from class: com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProvider.AuthScript.1
                public Boolean apply(DbExternalMapping dbExternalMapping) {
                    try {
                        return Boolean.valueOf(doProperConversion == Integer.parseInt(dbExternalMapping.getCode().toLowerCase()));
                    } catch (NumberFormatException e) {
                        return false;
                    }
                }
            }).fetchMapping(entityManagerFactory);
            if (fetchMapping.isEmpty()) {
                CmfExternalScriptAuthenticationProvider.THROTTLED_LOG.info(String.format("External script user mapping %d logged in without any roles.", Integer.valueOf(doProperConversion)));
            }
            return fetchMapping.asMap();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static int doProperConversion(CommandRunner.CommandResult commandResult) {
            int i = commandResult.retcode;
            if (CmfExternalScriptAuthenticationProvider.LINUX_OS_TYPE && i >= 0) {
                return (byte) (i & 255);
            }
            return i;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/cloudera/server/web/cmf/CmfExternalScriptAuthenticationProvider$ExternalScriptProvider.class */
    public static class ExternalScriptProvider {
        public AuthScript authScript(String str) {
            File file = new File(str);
            Preconditions.checkNotNull(file);
            return new AuthScript(file.getAbsolutePath());
        }
    }

    public CmfExternalScriptAuthenticationProvider(String str) {
        Preconditions.checkNotNull(str);
        this.scriptPath = str;
    }

    @Override // com.cloudera.server.web.cmf.CmfAuthenticationProvider
    /* renamed from: authenticate */
    public CmfUsernamePasswordAuthenticationToken mo1814authenticate(Authentication authentication) throws AuthenticationException {
        Preconditions.checkNotNull(this.userMapper);
        Preconditions.checkNotNull(this.provider);
        String obj = authentication.getPrincipal().toString();
        String obj2 = authentication.getCredentials().toString();
        if (obj.startsWith("__cloudera_internal_user__")) {
            throw new AuthenticationServiceException("Internal Management Users cannot be externally authenticated.");
        }
        try {
            CmfUsernamePasswordAuthenticationToken cmfUsernamePasswordAuthenticationToken = new CmfUsernamePasswordAuthenticationToken(this.userMapper.mapUser(obj, this.provider.authScript(this.scriptPath).authenticate(this.emf, obj, obj2)));
            cmfUsernamePasswordAuthenticationToken.setDetails(authentication.getDetails());
            return cmfUsernamePasswordAuthenticationToken;
        } catch (Exception e) {
            LOG.error("Unexpected exception when attempting external authentication.", e);
            throw new AuthenticationServiceException(I18n.t("error.authentication.externalScript.serverError"), e);
        } catch (AuthenticationException e2) {
            throw e2;
        }
    }

    @Override // com.cloudera.server.web.cmf.CmfAuthenticationProvider
    public void initialize(EntityManagerFactory entityManagerFactory, UserMapper userMapper, ScmParamTrackerStore scmParamTrackerStore) {
        this.emf = entityManagerFactory;
        this.userMapper = userMapper;
    }

    @VisibleForTesting
    protected void setAuthScriptProvider(ExternalScriptProvider externalScriptProvider) {
        this.provider = externalScriptProvider;
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
