package org.apache.zeppelin.utils;

import com.google.common.collect.Sets;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.realm.ActiveDirectoryGroupRealm;
import org.apache.zeppelin.realm.LdapRealm;
import org.apache.zeppelin.server.ZeppelinServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zeppelin/utils/SecurityUtils.class */
public class SecurityUtils {
    private static final String ANONYMOUS = "anonymous";
    private static final HashSet<String> EMPTY_HASHSET = Sets.newHashSet();
    private static boolean isEnabled = false;
    private static final Logger log = LoggerFactory.getLogger(SecurityUtils.class);

    public static void setIsEnabled(boolean z) {
        isEnabled = z;
    }

    public static Boolean isValidOrigin(String str, ZeppelinConfiguration zeppelinConfiguration) throws UnknownHostException, URISyntaxException {
        String str2 = "";
        if (str != null && !str.isEmpty()) {
            String host = new URI(str).getHost();
            str2 = host == null ? "" : host.toLowerCase();
        }
        String lowerCase = str2.toLowerCase();
        return Boolean.valueOf(zeppelinConfiguration.getAllowedOrigins().contains("*") || InetAddress.getLocalHost().getHostName().toLowerCase().equals(lowerCase) || "localhost".equals(lowerCase) || zeppelinConfiguration.getAllowedOrigins().contains(str));
    }

    public static String getPrincipal() {
        String str;
        if (!isEnabled) {
            return ANONYMOUS;
        }
        Subject subject = org.apache.shiro.SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            str = extractPrincipal(subject);
            if (ZeppelinServer.notebook.getConf().isUsernameForceLowerCase()) {
                log.debug("Converting principal name " + str + " to lower case:" + str.toLowerCase());
                str = str.toLowerCase();
            }
        } else {
            str = ANONYMOUS;
        }
        return str;
    }

    private static String extractPrincipal(Subject subject) {
        Object principal = subject.getPrincipal();
        return principal instanceof Principal ? ((Principal) principal).getName() : String.valueOf(principal);
    }

    public static Collection getRealmsList() {
        return !isEnabled ? Collections.emptyList() : ((DefaultWebSecurityManager) ThreadContext.get(ThreadContext.SECURITY_MANAGER_KEY)).getRealms();
    }

    public static HashSet<String> getRoles() {
        if (!isEnabled) {
            return EMPTY_HASHSET;
        }
        Subject subject = org.apache.shiro.SecurityUtils.getSubject();
        HashSet<String> hashSet = new HashSet<>();
        Map<String, String> map = null;
        if (subject.isAuthenticated()) {
            Iterator it = getRealmsList().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                IniRealm iniRealm = (Realm) it.next();
                String name = iniRealm.getClass().getName();
                if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
                    map = iniRealm.getIni().get("roles");
                    break;
                }
                if (!name.equals("org.apache.zeppelin.realm.LdapRealm")) {
                    if (name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
                        map = ((ActiveDirectoryGroupRealm) iniRealm).getListRoles();
                        break;
                    }
                } else {
                    try {
                        AuthorizationInfo queryForAuthorizationInfo = ((LdapRealm) iniRealm).queryForAuthorizationInfo(new SimplePrincipalCollection(subject.getPrincipal(), iniRealm.getName()), ((LdapRealm) iniRealm).getContextFactory());
                        if (queryForAuthorizationInfo != null) {
                            hashSet = new HashSet<>((Collection<? extends String>) queryForAuthorizationInfo.getRoles());
                        }
                    } catch (NamingException e) {
                        log.error("Can't fetch roles", e);
                    }
                }
            }
            if (map != null) {
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    if (subject.hasRole(entry.getKey())) {
                        hashSet.add(entry.getKey());
                    }
                }
            }
        }
        return hashSet;
    }

    public static boolean isAuthenticated() {
        if (isEnabled) {
            return org.apache.shiro.SecurityUtils.getSubject().isAuthenticated();
        }
        return false;
    }
}
