package org.apache.kylin.rest.security;

import java.nio.charset.Charset;
import java.util.Arrays;
import javax.annotation.PostConstruct;
import org.apache.kylin.cache.cachemanager.CacheConstants;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.shaded.com.google.common.base.Preconditions;
import org.apache.kylin.shaded.com.google.common.hash.HashFunction;
import org.apache.kylin.shaded.com.google.common.hash.Hashing;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/kylin-server-base-4.0.0.jar:org/apache/kylin/rest/security/KylinAuthenticationProvider.class */
public class KylinAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) KylinAuthenticationProvider.class);

    @Autowired
    @Qualifier("userService")
    UserService userService;

    @Autowired
    private CacheManager cacheManager;
    private AuthenticationProvider authenticationProvider;
    private HashFunction hf;

    public KylinAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.hf = null;
        Assert.notNull(authenticationProvider, "The embedded authenticationProvider should not be null.");
        this.authenticationProvider = authenticationProvider;
        this.hf = Hashing.murmur3_128();
    }

    @PostConstruct
    public void init() {
        Preconditions.checkNotNull(this.cacheManager, "cacheManager is not injected yet");
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication authenticate;
        ManagedUser managedUser;
        String arrays = Arrays.toString(this.hf.hashString(authentication.getName() + authentication.getCredentials(), Charset.defaultCharset()).asBytes());
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(CacheConstants.USER_CACHE).get(arrays);
        if (valueWrapper != null) {
            authenticate = (Authentication) valueWrapper.get();
            SecurityContextHolder.getContext().setAuthentication(authenticate);
        } else {
            try {
                authenticate = this.authenticationProvider.authenticate(authentication);
                if (authenticate.getDetails() == null) {
                    throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
                }
                if (authenticate.getDetails() instanceof UserDetails) {
                    UserDetails userDetails = (UserDetails) authenticate.getDetails();
                    managedUser = new ManagedUser(userDetails.getUsername(), userDetails.getPassword(), (Boolean) false, userDetails.getAuthorities());
                } else {
                    managedUser = new ManagedUser(authentication.getName(), "skippped-ldap", (Boolean) false, authenticate.getAuthorities());
                }
                Assert.notNull(managedUser, "The UserDetail is null.");
                String username = managedUser.getUsername();
                logger.debug("User {} authorities : {}", username, managedUser.getAuthorities());
                if (!this.userService.userExists(username)) {
                    this.userService.createUser(managedUser);
                } else if (needUpdateUser(managedUser, username)) {
                    this.userService.updateUser(managedUser);
                }
                this.cacheManager.getCache(CacheConstants.USER_CACHE).put(arrays, authenticate);
                logger.debug("Authenticated user " + authenticate.toString());
            } catch (AuthenticationException e) {
                logger.error("Failed to auth user: " + authentication.getName(), (Throwable) e);
                throw e;
            }
        }
        return authenticate;
    }

    private boolean needUpdateUser(ManagedUser managedUser, String str) {
        return KylinConfig.getInstanceFromEnv().getSecurityProfile().equals("ldap") && !this.userService.loadUserByUsername(str).equals(managedUser);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return this.authenticationProvider.supports(cls);
    }

    public AuthenticationProvider getAuthenticationProvider() {
        return this.authenticationProvider;
    }

    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authenticationProvider = authenticationProvider;
    }
}
