package org.apache.kylin.rest.security;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.RemovalListener;
import com.google.common.cache.RemovalNotification;
import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import java.util.Arrays;
import java.util.Collection;
import java.util.concurrent.TimeUnit;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.rest.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apache/kylin/rest/security/KylinAuthenticationProvider.class */
public class KylinAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(KylinAuthenticationProvider.class);
    private static final Cache<String, Authentication> userCache = CacheBuilder.newBuilder().maximumSize(KylinConfig.getInstanceFromEnv().getServerUserCacheMaxEntries()).expireAfterWrite(KylinConfig.getInstanceFromEnv().getServerUserCacheExpireSeconds(), TimeUnit.SECONDS).removalListener(new RemovalListener<String, Authentication>() { // from class: org.apache.kylin.rest.security.KylinAuthenticationProvider.1
        public void onRemoval(RemovalNotification<String, Authentication> removalNotification) {
            KylinAuthenticationProvider.logger.debug("User cache {} is removed due to {}", removalNotification.getKey(), removalNotification.getCause());
        }
    }).build();

    @Autowired
    @Qualifier("userService")
    UserService userService;
    private AuthenticationProvider authenticationProvider;
    private HashFunction hf;

    public KylinAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.hf = null;
        Assert.notNull(authenticationProvider, "The embedded authenticationProvider should not be null.");
        this.authenticationProvider = authenticationProvider;
        this.hf = Hashing.murmur3_128();
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        ManagedUser managedUser;
        String arrays = Arrays.toString(this.hf.hashString(authentication.getName() + authentication.getCredentials()).asBytes());
        if (this.userService.isEvictCacheFlag()) {
            userCache.invalidateAll();
            this.userService.setEvictCacheFlag(false);
        }
        Authentication authentication2 = (Authentication) userCache.getIfPresent(arrays);
        if (null != authentication2) {
            SecurityContextHolder.getContext().setAuthentication(authentication2);
        } else {
            try {
                authentication2 = this.authenticationProvider.authenticate(authentication);
                if (authentication2.getDetails() == null) {
                    throw new UsernameNotFoundException("User not found in LDAP, check whether he/she has been added to the groups.");
                }
                if (authentication2.getDetails() instanceof UserDetails) {
                    UserDetails userDetails = (UserDetails) authentication2.getDetails();
                    managedUser = new ManagedUser(userDetails.getUsername(), userDetails.getPassword(), (Boolean) false, (Collection<? extends GrantedAuthority>) userDetails.getAuthorities());
                } else {
                    managedUser = new ManagedUser(authentication.getName(), "skippped-ldap", (Boolean) false, (Collection<? extends GrantedAuthority>) authentication2.getAuthorities());
                }
                Assert.notNull(managedUser, "The UserDetail is null.");
                String username = managedUser.getUsername();
                logger.debug("User {} authorities : {}", username, managedUser.m33getAuthorities());
                if (!this.userService.userExists(username)) {
                    this.userService.createUser(managedUser);
                } else if (!this.userService.loadUserByUsername(username).equals(managedUser)) {
                    this.userService.updateUser(managedUser);
                }
                userCache.put(arrays, authentication2);
                logger.debug("Authenticated user " + authentication2.toString());
            } catch (AuthenticationException e) {
                logger.error("Failed to auth user: " + authentication.getName(), e);
                throw e;
            }
        }
        return authentication2;
    }

    public boolean supports(Class<?> cls) {
        return this.authenticationProvider.supports(cls);
    }

    public AuthenticationProvider getAuthenticationProvider() {
        return this.authenticationProvider;
    }

    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authenticationProvider = authenticationProvider;
    }
}
