package org.hawkular.openshift.auth;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;
import org.hawkular.metrics.model.param.Tags;
import org.jboss.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/hawkular-metrics-openshift-integration-0.17.0-SNAPSHOT.jar:org/hawkular/openshift/auth/BasicAuthenticator.class */
class BasicAuthenticator implements Authenticator {
    private static final Logger log = Logger.getLogger(BasicAuthenticator.class);
    static final String BASIC_PREFIX = "Basic ";
    private static final String HTPASSWD_FILE_SYSPROP = "hawkular-metrics.openshift.htpasswd-file";
    private static final File HTPASSWD_FILE;
    private static final String MD5_PREFIX = "$apr1$";
    private static final String SHA_PREFIX = "{SHA}";
    private final HttpHandler containerHandler;
    private final Map<String, String> users;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicAuthenticator(HttpHandler httpHandler) {
        this.containerHandler = httpHandler;
        this.users = HTPASSWD_FILE.canRead() ? Collections.unmodifiableMap(readHtpasswdFile()) : Collections.emptyMap();
    }

    private Map<String, String> readHtpasswdFile() {
        HashMap hashMap = new HashMap();
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(HTPASSWD_FILE));
            Throwable th = null;
            try {
                try {
                    bufferedReader.lines().forEach(str -> {
                        String[] split = str.split(Tags.TAG_DELIMITER, 2);
                        if (split.length == 2) {
                            hashMap.put(split[0], split[1]);
                        }
                    });
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            log.error("Error trying to setup BasicAuthentication based on an htpasswd file.", e);
        }
        return hashMap;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (this.users.isEmpty()) {
            Utils.endExchange(httpServerExchange, 403);
            return;
        }
        String[] split = new String(Base64.getDecoder().decode(httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION).substring(BASIC_PREFIX.length()))).split(Tags.TAG_DELIMITER, 2);
        if (split.length != 2) {
            Utils.endExchange(httpServerExchange, 403);
            return;
        }
        String str = split[0];
        String str2 = split[1];
        if (this.users.containsKey(str) && isAuthorized(str, str2)) {
            this.containerHandler.handleRequest(httpServerExchange);
        } else {
            Utils.endExchange(httpServerExchange, 403);
        }
    }

    private boolean isAuthorized(String str, String str2) {
        String str3 = this.users.get(str);
        return (str3.startsWith(MD5_PREFIX) && verifyMD5Password(str3, str2)) || (str3.startsWith(SHA_PREFIX) && verifySHA1Password(str3, str2));
    }

    private boolean verifyMD5Password(String str, String str2) {
        return Md5Crypt.apr1Crypt(str2, str).equals(str);
    }

    private boolean verifySHA1Password(String str, String str2) {
        return Base64.getEncoder().encodeToString(DigestUtils.sha1(str2)).equals(str.substring(SHA_PREFIX.length()));
    }

    @Override // org.hawkular.openshift.auth.Authenticator
    public void stop() {
    }

    static {
        String property = System.getProperty(HTPASSWD_FILE_SYSPROP);
        if (property == null) {
            HTPASSWD_FILE = new File(System.getProperty("user.home"), ".htpasswd");
        } else {
            HTPASSWD_FILE = new File(property);
        }
    }
}
