package eu.unicore.services.rest.security;

import eu.unicore.security.HTTPAuthNTokens;
import eu.unicore.security.SecurityTokens;
import eu.unicore.security.wsutil.CXFUtils;
import eu.unicore.util.Log;
import java.io.BufferedReader;
import java.io.Console;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.message.Message;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/unicore/services/rest/security/FilebasedAuthenticator.class */
public class FilebasedAuthenticator implements IAuthenticator {
    private final Map<String, AttributesHolder> db = new HashMap();
    private File dbFile;
    private long lastUpdated;
    private String file;
    private static final Logger logger = Log.getLogger("unicore.security", FilebasedAuthenticator.class);
    private static final Collection<String> s = Collections.singletonList("Basic");

    /* loaded from: input_file:eu/unicore/services/rest/security/FilebasedAuthenticator$AttributesHolder.class */
    public static class AttributesHolder {
        public final String user;
        public final String hash;
        public final String salt;
        public final String dn;

        public AttributesHolder(String str) throws IllegalArgumentException {
            String[] split = str.split(":", 4);
            if (split.length != 4) {
                FilebasedAuthenticator.logger.error("Invalid line:" + str);
                throw new IllegalArgumentException();
            }
            this.user = split[0];
            this.hash = split[1];
            this.salt = split[2];
            this.dn = split[3];
        }
    }

    public void setFile(String str) {
        this.file = str;
        this.dbFile = new File(this.file);
    }

    public String getFile() {
        return this.file;
    }

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public final Collection<String> getAuthSchemes() {
        return s;
    }

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public boolean authenticate(Message message, SecurityTokens securityTokens) {
        HTTPAuthNTokens hTTPAuthNTokens = (HTTPAuthNTokens) securityTokens.getContext().get(SecurityTokens.CTX_LOGIN_HTTP);
        if (hTTPAuthNTokens == null) {
            hTTPAuthNTokens = CXFUtils.getHTTPCredentials(message);
            securityTokens.getContext().put(SecurityTokens.CTX_LOGIN_HTTP, hTTPAuthNTokens);
        }
        if (hTTPAuthNTokens == null) {
            return false;
        }
        try {
            updateDB();
            String usernamePassword = usernamePassword(hTTPAuthNTokens.getUserName(), hTTPAuthNTokens.getPasswd());
            if (usernamePassword == null) {
                return true;
            }
            securityTokens.setUserName(usernamePassword);
            securityTokens.setConsignorTrusted(true);
            if (!logger.isDebugEnabled()) {
                return true;
            }
            logger.debug("Authenticated via local username/password: <" + usernamePassword + ">");
            return true;
        } catch (IOException e) {
            throw new RuntimeException("Server error: could not update user database.", e);
        }
    }

    public String toString() {
        return "Username/password [" + this.dbFile + "]";
    }

    private synchronized void updateDB() throws IOException {
        if (this.lastUpdated != 0 && this.dbFile.lastModified() <= this.lastUpdated) {
            return;
        }
        logger.info("(Re)reading username/password authentication info from <" + this.dbFile.getAbsolutePath() + ">");
        this.lastUpdated = this.dbFile.lastModified();
        BufferedReader bufferedReader = new BufferedReader(new FileReader(this.dbFile));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return;
                } else if (!readLine.trim().startsWith("#") && !readLine.trim().isEmpty()) {
                    try {
                        AttributesHolder attributesHolder = new AttributesHolder(readLine);
                        this.db.put(attributesHolder.user, attributesHolder);
                    } catch (IllegalArgumentException e) {
                        logger.error("Invalid line in user db " + this.dbFile.getAbsolutePath());
                    }
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private String usernamePassword(String str, String str2) {
        String str3 = null;
        AttributesHolder attributesHolder = this.db.get(str);
        if (attributesHolder == null) {
            return null;
        }
        if (verifyPass(str2, attributesHolder.hash, attributesHolder.salt)) {
            str3 = attributesHolder.dn;
        }
        return str3;
    }

    public static void main(String[] strArr) throws Exception {
        Console console = System.console();
        console.printf("Generate line for the username/password file\n", new Object[0]);
        String readLine = console.readLine("Username:", new Object[0]);
        String str = new String(console.readPassword("Password:", new Object[0]));
        String str2 = new String(console.readPassword("DN:", new Object[0]));
        System.out.println("Add following line to password file");
        System.out.printf(generateLine(readLine, str, str2), new Object[0]);
    }

    public static String generateLine(String str, String str2, String str3) throws Exception {
        boolean z = !str2.isEmpty();
        String salt = getSalt();
        return String.format("%s:%s:%s:%s\n", str, z ? generatePassHash(str2, salt) : "", salt, str3);
    }

    private boolean verifyPass(String str, String str2, String str3) {
        try {
            return str2.equals(generatePassHash(str, str3));
        } catch (NoSuchAlgorithmException e) {
            logger.error("Unable to generate hash", e);
            return false;
        }
    }

    private static String getSalt() throws NoSuchAlgorithmException, NoSuchProviderException {
        byte[] bArr = new byte[16];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return convertBytesToString(bArr).replaceAll(":", "|");
    }

    private static String convertBytesToString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
        }
        return sb.toString();
    }

    private static String generatePassHash(String str, String str2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(str2.getBytes());
        return convertBytesToString(messageDigest.digest(str.getBytes()));
    }
}
