package org.apache.zeppelin.notebook.repo.zeppelinhub.security;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.lang3.StringUtils;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.class */
public class Authentication implements Runnable {
    private String loginEndpoint;
    private static final String CIPHER_ALGORITHM = "AES";
    private static final String CIPHER_MODE = "AES/CBC/PKCS5PADDING";
    private static final int ivSize = 16;
    private static final String ZEPPELIN_CONF_ANONYMOUS_ALLOWED = "zeppelin.anonymous.allowed";
    private static final String ZEPPELINHUB_USER_KEY = "zeppelinhub.user.key";
    private String token;
    private boolean authEnabled;
    private boolean authenticated;
    String userKey;
    private static final Logger LOG = LoggerFactory.getLogger(Authentication.class);
    private static Authentication instance = null;
    private String principal = "anonymous";
    private String ticket = "anonymous";
    private String roles = "";
    private Gson gson = new Gson();
    private final HttpClient client = new HttpClient(new MultiThreadedHttpConnectionManager());

    public static Authentication initialize(String str, ZeppelinConfiguration zeppelinConfiguration) {
        if (instance == null && zeppelinConfiguration != null) {
            instance = new Authentication(str, zeppelinConfiguration);
        }
        return instance;
    }

    public static Authentication getInstance() {
        return instance;
    }

    private Authentication(String str, ZeppelinConfiguration zeppelinConfiguration) {
        this.token = str;
        this.authEnabled = !zeppelinConfiguration.getBoolean("ZEPPELIN_ALLOW_ANONYMOUS", ZEPPELIN_CONF_ANONYMOUS_ALLOWED, true);
        this.userKey = zeppelinConfiguration.getString("ZEPPELINHUB_USER_KEY", ZEPPELINHUB_USER_KEY, "");
        this.loginEndpoint = getLoginEndpoint(zeppelinConfiguration);
    }

    public String getPrincipal() {
        return this.principal;
    }

    public String getTicket() {
        return this.ticket;
    }

    public String getRoles() {
        return this.roles;
    }

    public boolean isAuthenticated() {
        return this.authenticated;
    }

    private String getLoginEndpoint(ZeppelinConfiguration zeppelinConfiguration) {
        int i = zeppelinConfiguration.getInt("ZEPPELIN_PORT", "zeppelin.server.port", 8080);
        if (i <= 0) {
            i = 8080;
        }
        return (zeppelinConfiguration.useSsl() ? "https" : "http") + "://localhost:" + i + "/api/login";
    }

    public boolean authenticate() {
        if (!this.authEnabled) {
            return false;
        }
        if (StringUtils.isEmpty(this.userKey)) {
            LOG.warn("ZEPPELINHUB_USER_KEY isn't provided. Please provide your credentialsfor your instance in ZeppelinHub website and generate your key.");
            return false;
        }
        Map<String, String> login = login(getAuthKey(this.userKey), this.loginEndpoint);
        if (isEmptyMap(login)) {
            return false;
        }
        this.principal = login.containsKey("principal") ? login.get("principal") : this.principal;
        this.ticket = login.containsKey("ticket") ? login.get("ticket") : this.ticket;
        this.roles = login.containsKey("roles") ? login.get("roles") : this.roles;
        LOG.info("Authenticated into Zeppelin as {} and roles {}", this.principal, this.roles);
        return true;
    }

    private String getAuthKey(String str) {
        if (!StringUtils.isBlank(str)) {
            return decrypt(str, Integer.toString(this.token.hashCode()));
        }
        LOG.warn("ZEPPELINHUB_USER_KEY is blank");
        return "";
    }

    private String decrypt(String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            LOG.error("String to decode or salt is not provided");
            return "";
        }
        try {
            IvParameterSpec generateIV = generateIV(str2);
            Key generateKey = generateKey();
            Cipher cipher = Cipher.getInstance(CIPHER_MODE);
            cipher.init(2, generateKey, generateIV);
            return new String(cipher.doFinal(Base64.decodeBase64(toBytes(str))));
        } catch (GeneralSecurityException e) {
            LOG.error("Error when decrypting", e);
            return "";
        }
    }

    /* JADX WARN: Type inference failed for: r2v6, types: [org.apache.zeppelin.notebook.repo.zeppelinhub.security.Authentication$1] */
    private Map<String, String> login(String str, String str2) {
        String[] split = str.split(":");
        if (split.length != 2) {
            return Collections.emptyMap();
        }
        PostMethod postMethod = new PostMethod(str2);
        postMethod.addRequestHeader("Origin", "http://localhost");
        postMethod.addParameter(new NameValuePair("userName", split[0]));
        postMethod.addParameter(new NameValuePair("password", split[1]));
        try {
            int executeMethod = this.client.executeMethod(postMethod);
            if (executeMethod != 200) {
                LOG.error("Failed Zeppelin login {}, status code {}", str2, Integer.valueOf(executeMethod));
                return Collections.emptyMap();
            }
            String responseBodyAsString = postMethod.getResponseBodyAsString();
            Map map = (Map) this.gson.fromJson(responseBodyAsString, new TypeToken<Map<String, Object>>() { // from class: org.apache.zeppelin.notebook.repo.zeppelinhub.security.Authentication.1
            }.getType());
            LOG.info("Received from Zeppelin LoginRestApi : " + responseBodyAsString);
            return (Map) map.get("body");
        } catch (IOException e) {
            LOG.error("Cannot login into Zeppelin", e);
            return Collections.emptyMap();
        }
    }

    private Key generateKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CIPHER_ALGORITHM);
            keyGenerator.init(128, new SecureRandom());
            return new SecretKeySpec(keyGenerator.generateKey().getEncoded(), CIPHER_ALGORITHM);
        } catch (Exception e) {
            LOG.warn("Cannot generate key for decryption", e);
            return null;
        }
    }

    private byte[] toBytes(String str) {
        byte[] bytes;
        try {
            bytes = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            LOG.warn("UTF-8 isn't supported ", e);
            bytes = str.getBytes();
        }
        return bytes;
    }

    private IvParameterSpec generateIV(String str) {
        byte[] bytes = toBytes(str);
        byte[] bArr = new byte[ivSize];
        System.arraycopy(bytes, 0, bArr, 0, Math.min(bytes.length, ivSize));
        return new IvParameterSpec(bArr);
    }

    private boolean isEmptyMap(Map<String, String> map) {
        return map == null || map.isEmpty();
    }

    @Override // java.lang.Runnable
    public void run() {
        this.authenticated = authenticate();
        LOG.info("Scheduled authentication status is {}", Boolean.valueOf(this.authenticated));
    }
}
