package _ss_com.streamsets.lib.security.http;

import _ss_com.com.google.common.collect.ImmutableSet;
import _ss_com.streamsets.datacollector.util.Configuration;
import _ss_com.streamsets.lib.security.http.DisconnectedSecurityInfo;
import java.io.File;
import java.io.IOException;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:_ss_com/streamsets/lib/security/http/DisconnectedAuthentication.class */
public class DisconnectedAuthentication implements Authentication {
    private static final Logger LOG = LoggerFactory.getLogger(DisconnectedAuthentication.class);
    public static final String DISCONNECTED_MODE_ROLE = "disconnected-sso";
    private final File file;
    private DisconnectedSessionHandler sessionHandler;
    private PasswordHasher passwordHasher;
    private DisconnectedSecurityInfo info;

    public DisconnectedAuthentication(File file) {
        this.file = file;
        reset();
    }

    public void reset() {
        this.sessionHandler = new DisconnectedSessionHandler();
        this.passwordHasher = new PasswordHasher(new Configuration());
        try {
            if (this.file.exists()) {
                LOG.info("Loaded credentials file '{}'", this.file.getAbsolutePath());
                this.info = DisconnectedSecurityInfo.fromJsonFile(this.file);
            } else {
                LOG.warn("Credentials file '{}' does not exist", this.file.getAbsolutePath());
                this.info = null;
            }
        } catch (IOException e) {
            LOG.error("Could not read disconnected security info file '{}': {}", new Object[]{this.file.getAbsoluteFile(), e.toString(), e});
            this.info = null;
        }
    }

    @Override // _ss_com.streamsets.lib.security.http.Authentication
    public SSOPrincipal validateUserCredentials(String str, String str2, String str3) {
        SSOPrincipalJson sSOPrincipalJson = null;
        if (this.info != null) {
            DisconnectedSecurityInfo.Entry entry = this.info.getEntry(str);
            if (entry != null && this.passwordHasher.verify(entry.getPasswordHash(), str, str2)) {
                sSOPrincipalJson = new SSOPrincipalJson();
                sSOPrincipalJson.setPrincipalId(str);
                sSOPrincipalJson.setPrincipalName("-");
                sSOPrincipalJson.setEmail("-");
                sSOPrincipalJson.setOrganizationId(str.substring(str.indexOf("@") + 1));
                sSOPrincipalJson.setOrganizationName("-");
                sSOPrincipalJson.getRoles().addAll(new ImmutableSet.Builder().addAll((Iterable) entry.getRoles()).add((ImmutableSet.Builder) DISCONNECTED_MODE_ROLE).build());
                sSOPrincipalJson.setTokenStr(UUID.randomUUID().toString());
                sSOPrincipalJson.setExpires(-1L);
                sSOPrincipalJson.setRequestIpAddress(str3);
                sSOPrincipalJson.lock();
            }
            if (sSOPrincipalJson != null) {
                LOG.info("Successful disconnected authentication for '{}' from '{}'", str, str3);
            } else {
                LOG.info("Failed disconnected authentication for '{}' from '{}'", str, str3);
            }
        } else {
            LOG.warn("No credentials available, check earlier WARN or ERROR messages");
        }
        return sSOPrincipalJson;
    }

    @Override // _ss_com.streamsets.lib.security.http.Authentication
    public void registerSession(SSOPrincipal sSOPrincipal) {
        this.sessionHandler.add(sSOPrincipal);
    }

    public DisconnectedSessionHandler getSessionHandler() {
        return this.sessionHandler;
    }
}
