package org.apache.solr.security;

import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.invoke.MethodHandles;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpStatus;
import org.apache.http.auth.BasicUserPrincipal;
import org.apache.http.message.BasicHeader;
import org.apache.solr.common.SolrException;
import org.apache.solr.handler.SolrConfigHandler;
import org.apache.solr.util.CommandOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/BasicAuthPlugin.class */
public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEditablePlugin {
    private AuthenticationProvider zkAuthentication;
    private boolean blockUnknown = false;
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final ThreadLocal<Header> authHeader = new ThreadLocal<>();
    public static final String BLOCK_UNKNOWN = "blockUnknown";
    private static final Set<String> PROPS = ImmutableSet.of(BLOCK_UNKNOWN);

    /* loaded from: input_file:org/apache/solr/security/BasicAuthPlugin$AuthenticationProvider.class */
    public interface AuthenticationProvider {
        void init(Map<String, Object> map);

        boolean authenticate(String str, String str2);

        Map<String, String> getPromptHeaders();
    }

    public boolean authenticate(String str, String str2) {
        return this.zkAuthentication.authenticate(str, str2);
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public void init(Map<String, Object> map) {
        Object obj = map.get(BLOCK_UNKNOWN);
        if (obj != null) {
            try {
                this.blockUnknown = Boolean.parseBoolean(obj.toString());
            } catch (Exception e) {
                log.error(e.getMessage());
            }
        }
        this.zkAuthentication = getAuthenticationProvider(map);
    }

    @Override // org.apache.solr.security.ConfigEditablePlugin
    public Map<String, Object> edit(Map<String, Object> map, List<CommandOperation> list) {
        for (CommandOperation commandOperation : list) {
            if (commandOperation.name.equals(SolrConfigHandler.SET_PROPERTY)) {
                for (Map.Entry<String, Object> entry : commandOperation.getDataMap().entrySet()) {
                    if (PROPS.contains(entry.getKey())) {
                        map.put(entry.getKey(), entry.getValue());
                        return map;
                    }
                    commandOperation.addError("Unknown property " + entry.getKey());
                }
            }
        }
        if (!CommandOperation.captureErrors(list).isEmpty()) {
            return null;
        }
        if (this.zkAuthentication instanceof ConfigEditablePlugin) {
            return ((ConfigEditablePlugin) this.zkAuthentication).edit(map, list);
        }
        throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "This cannot be edited");
    }

    protected AuthenticationProvider getAuthenticationProvider(Map<String, Object> map) {
        Sha256AuthenticationProvider sha256AuthenticationProvider = new Sha256AuthenticationProvider();
        sha256AuthenticationProvider.init(map);
        return sha256AuthenticationProvider;
    }

    private void authenticationFailure(HttpServletResponse httpServletResponse, String str) throws IOException {
        for (Map.Entry<String, String> entry : this.zkAuthentication.getPromptHeaders().entrySet()) {
            httpServletResponse.setHeader(entry.getKey(), entry.getValue());
        }
        httpServletResponse.sendError(HttpStatus.SC_UNAUTHORIZED, str);
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            if (this.blockUnknown) {
                authenticationFailure(httpServletResponse, "require authentication");
                return false;
            }
            httpServletRequest.setAttribute(AuthenticationPlugin.class.getName(), this.zkAuthentication.getPromptHeaders());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return true;
        }
        authHeader.set(new BasicHeader("Authorization", header));
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        if (!stringTokenizer.hasMoreTokens() || !stringTokenizer.nextToken().equalsIgnoreCase("Basic")) {
            return false;
        }
        try {
            String str = new String(Base64.decodeBase64(stringTokenizer.nextToken()), "UTF-8");
            int indexOf = str.indexOf(":");
            if (indexOf != -1) {
                final String trim = str.substring(0, indexOf).trim();
                if (authenticate(trim, str.substring(indexOf + 1).trim())) {
                    filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.solr.security.BasicAuthPlugin.1
                        public Principal getUserPrincipal() {
                            return new BasicUserPrincipal(trim);
                        }
                    }, httpServletResponse);
                    return true;
                }
                authenticationFailure(httpServletResponse, "Bad credentials");
            } else {
                authenticationFailure(httpServletResponse, "Invalid authentication token");
            }
            return false;
        } catch (UnsupportedEncodingException e) {
            throw new Error("Couldn't retrieve authentication", e);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public void closeRequest() {
        authHeader.remove();
    }

    public boolean getBlockUnknown() {
        return this.blockUnknown;
    }
}
