package org.apache.nifi.authentication.single.user;

import java.io.File;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.annotation.LoginIdentityProviderContext;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.authentication.single.user.encoder.BCryptPasswordEncoder;
import org.apache.nifi.authentication.single.user.encoder.PasswordEncoder;
import org.apache.nifi.authentication.single.user.writer.LoginCredentialsWriter;
import org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/authentication/single/user/SingleUserLoginIdentityProvider.class */
public class SingleUserLoginIdentityProvider implements LoginIdentityProvider {
    protected static final String USERNAME_PROPERTY = "Username";
    protected static final String PASSWORD_PROPERTY = "Password";
    private static final int RANDOM_BYTE_LENGTH = 24;
    protected PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    private File loginIdentityProviderConfigurationFile;
    private SingleUserCredentials configuredCredentials;
    private static final Logger LOGGER = LoggerFactory.getLogger(SingleUserLoginIdentityProvider.class);
    private static final Base64.Encoder RANDOM_BYTE_ENCODER = Base64.getEncoder().withoutPadding();
    private static final long EXPIRATION = TimeUnit.HOURS.toMillis(8);

    @LoginIdentityProviderContext
    public void setProperties(NiFiProperties niFiProperties) {
        this.loginIdentityProviderConfigurationFile = niFiProperties.getLoginIdentityProviderConfigurationFile();
    }

    public AuthenticationResponse authenticate(LoginCredentials loginCredentials) throws InvalidLoginCredentialsException {
        if (!isPasswordVerified(loginCredentials.getPassword())) {
            throw new InvalidLoginCredentialsException("Password verification failed");
        }
        String username = loginCredentials.getUsername();
        if (isUsernameVerified(username)) {
            return new AuthenticationResponse(username, username, EXPIRATION, getClass().getSimpleName());
        }
        throw new InvalidLoginCredentialsException("Username verification failed");
    }

    public void initialize(LoginIdentityProviderInitializationContext loginIdentityProviderInitializationContext) {
        LOGGER.debug("Initializing Provider");
    }

    public void onConfigured(LoginIdentityProviderConfigurationContext loginIdentityProviderConfigurationContext) throws ProviderCreationException {
        LOGGER.debug("Configuring Provider");
        String property = loginIdentityProviderConfigurationContext.getProperty(PASSWORD_PROPERTY);
        if (property != null && property.length() != 0) {
            this.configuredCredentials = new SingleUserCredentials(loginIdentityProviderConfigurationContext.getProperty(USERNAME_PROPERTY), property, getClass().getName());
            return;
        }
        try {
            this.configuredCredentials = generateLoginCredentials();
            LOGGER.info("Updating Login Identity Providers Configuration [{}]", this.loginIdentityProviderConfigurationFile);
            getLoginCredentialsWriter().writeLoginCredentials(this.configuredCredentials);
        } catch (IOException e) {
            throw new ProviderCreationException("Generating Login Credentials Failed", e);
        }
    }

    public void preDestruction() {
        LOGGER.debug("Destroying Provider");
    }

    protected String generatePassword() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[RANDOM_BYTE_LENGTH];
        secureRandom.nextBytes(bArr);
        return RANDOM_BYTE_ENCODER.encodeToString(bArr);
    }

    private LoginCredentialsWriter getLoginCredentialsWriter() {
        return new StandardLoginCredentialsWriter(this.loginIdentityProviderConfigurationFile);
    }

    private SingleUserCredentials generateLoginCredentials() throws IOException {
        String uuid = UUID.randomUUID().toString();
        String generatePassword = generatePassword();
        String lineSeparator = System.lineSeparator();
        LOGGER.info("{}{}Generated Username [{}]{}Generated Password [{}]{}", new Object[]{lineSeparator, lineSeparator, uuid, lineSeparator, generatePassword, lineSeparator});
        LOGGER.info("Run the following command to change credentials: nifi.sh set-single-user-credentials USERNAME PASSWORD");
        return new SingleUserCredentials(uuid, this.passwordEncoder.encode(generatePassword.toCharArray()), getClass().getName());
    }

    private boolean isPasswordVerified(String str) {
        return this.passwordEncoder.matches(str.toCharArray(), this.configuredCredentials.getPassword());
    }

    private boolean isUsernameVerified(String str) {
        return this.configuredCredentials.getUsername().equals(str);
    }
}
