package org.apache.ambari.server.security.authentication.kerberos;

import javax.inject.Inject;
import org.apache.ambari.server.security.authentication.AmbariProxiedUserDetailsImpl;
import org.apache.ambari.server.security.authentication.tproxy.TrustedProxyAuthenticationDetails;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.kerberos.authentication.KerberosTicketValidation;
import org.springframework.security.kerberos.authentication.KerberosTicketValidator;

/* loaded from: input_file:org/apache/ambari/server/security/authentication/kerberos/AmbariKerberosAuthenticationProvider.class */
public class AmbariKerberosAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariKerberosAuthenticationProvider.class);
    private AmbariAuthToLocalUserDetailsService authToLocalUserDetailsService;
    private AmbariProxiedUserDetailsService proxiedUserDetailsService;
    private KerberosTicketValidator ticketValidator;

    @Inject
    public AmbariKerberosAuthenticationProvider(AmbariAuthToLocalUserDetailsService ambariAuthToLocalUserDetailsService, AmbariProxiedUserDetailsService ambariProxiedUserDetailsService, KerberosTicketValidator kerberosTicketValidator) {
        this.authToLocalUserDetailsService = ambariAuthToLocalUserDetailsService;
        this.proxiedUserDetailsService = ambariProxiedUserDetailsService;
        this.ticketValidator = kerberosTicketValidator;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UserDetails loadUserByUsername;
        if (authentication == null) {
            throw new BadCredentialsException("Missing credentials");
        }
        if (!(authentication instanceof KerberosServiceRequestToken)) {
            throw new BadCredentialsException(String.format("Unexpected Authentication class: %s", authentication.getClass().getName()));
        }
        byte[] token = ((KerberosServiceRequestToken) authentication).getToken();
        LOG.debug("Validating Kerberos token");
        KerberosTicketValidation validateTicket = this.ticketValidator.validateTicket(token);
        LOG.debug("Kerberos token validated: {}", validateTicket.username());
        Object details = authentication.getDetails();
        if (details instanceof TrustedProxyAuthenticationDetails) {
            TrustedProxyAuthenticationDetails trustedProxyAuthenticationDetails = (TrustedProxyAuthenticationDetails) details;
            String doAs = trustedProxyAuthenticationDetails.getDoAs();
            if (StringUtils.isNotEmpty(doAs)) {
                String translatePrincipalName = this.authToLocalUserDetailsService.translatePrincipalName(validateTicket.username());
                loadUserByUsername = new AmbariProxiedUserDetailsImpl(this.proxiedUserDetailsService.loadProxiedUser(doAs, translatePrincipalName, trustedProxyAuthenticationDetails), new AmbariProxyUserKerberosDetailsImpl(validateTicket.username(), translatePrincipalName));
            } else {
                loadUserByUsername = this.authToLocalUserDetailsService.loadUserByUsername(validateTicket.username());
            }
        } else {
            loadUserByUsername = this.authToLocalUserDetailsService.loadUserByUsername(validateTicket.username());
        }
        KerberosServiceRequestToken kerberosServiceRequestToken = new KerberosServiceRequestToken(loadUserByUsername, validateTicket, loadUserByUsername.getAuthorities(), token);
        kerberosServiceRequestToken.setDetails(details);
        return kerberosServiceRequestToken;
    }

    public boolean supports(Class<? extends Object> cls) {
        return KerberosServiceRequestToken.class.isAssignableFrom(cls);
    }

    public void afterPropertiesSet() throws Exception {
    }

    public void setAuthToLocalUserDetailsService(AmbariAuthToLocalUserDetailsService ambariAuthToLocalUserDetailsService) {
        this.authToLocalUserDetailsService = ambariAuthToLocalUserDetailsService;
    }

    public void setProxiedUserDetailsService(AmbariProxiedUserDetailsService ambariProxiedUserDetailsService) {
        this.proxiedUserDetailsService = ambariProxiedUserDetailsService;
    }

    public void setTicketValidator(KerberosTicketValidator kerberosTicketValidator) {
        this.ticketValidator = kerberosTicketValidator;
    }
}
