package com.centurylink.mdw.util;

import com.centurylink.mdw.app.ApplicationContext;
import com.centurylink.mdw.auth.LdapAuthenticator;
import com.centurylink.mdw.auth.MdwSecurityException;
import com.centurylink.mdw.auth.OAuthAuthenticator;
import com.centurylink.mdw.config.PropertyManager;
import com.centurylink.mdw.constant.AuthConstants;
import com.centurylink.mdw.constant.PropertyNames;
import com.centurylink.mdw.model.listener.Listener;
import com.centurylink.mdw.util.log.LoggerUtil;
import com.centurylink.mdw.util.log.StandardLogger;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/centurylink/mdw/util/AuthUtils.class */
public class AuthUtils {
    private static StandardLogger logger = LoggerUtil.getStandardLogger();
    public static final String HTTP_BASIC_AUTHENTICATION = "Basic";
    public static final String GIT_HUB_SECRET_KEY = "GitHub";
    public static final String OAUTH_AUTHENTICATION = "OAuth";

    public static boolean authenticate(String str, Map<String, String> map) {
        return authenticate(str, map, null);
    }

    public static boolean authenticate(String str, Map<String, String> map, String str2) {
        map.remove(Listener.AUTHENTICATED_USER_HEADER);
        if (str.equals(HTTP_BASIC_AUTHENTICATION)) {
            return authenticateHttpBasic(map);
        }
        if (str.equals(GIT_HUB_SECRET_KEY)) {
            return authenticateGitHubSecretKey(map, str2);
        }
        throw new IllegalArgumentException("Unsupported authentication method: " + str);
    }

    private static boolean authenticateHttpBasic(Map<String, String> map) {
        String str = map.get("Authorization");
        if (str == null) {
            str = map.get("Authorization".toLowerCase());
        }
        if (PropertyManager.getBooleanProperty(PropertyNames.HTTP_BASIC_AUTH_MODE, false)) {
            if (str != null) {
                return checkBasicAuthenticationHeader(map);
            }
            if (!ApplicationContext.isDevelopment() || ApplicationContext.getDevUser() == null) {
                return false;
            }
            map.put(Listener.AUTHENTICATED_USER_HEADER, ApplicationContext.getDevUser());
            return true;
        }
        if (str != null) {
            return checkBasicAuthenticationHeader(map);
        }
        if (!ApplicationContext.isDevelopment() || ApplicationContext.getDevUser() == null) {
            return true;
        }
        map.put(Listener.AUTHENTICATED_USER_HEADER, ApplicationContext.getDevUser());
        return true;
    }

    private static boolean authenticateGitHubSecretKey(Map<String, String> map, String str) {
        try {
            if (!("sha1=" + HmacSha1Signature.getHMACHexdigestSignature(str.trim().getBytes("UTF-8"), System.getenv(PropertyNames.MDW_GITHUB_SECRET_TOKEN))).equals(map.get(Listener.X_HUB_SIGNATURE))) {
                return false;
            }
            map.put(Listener.AUTHENTICATED_USER_HEADER, "mdwapp");
            return true;
        } catch (Exception e) {
            logger.severeException("Secret key authentication failure", e);
            return false;
        }
    }

    private static boolean checkBasicAuthenticationHeader(Map<String, String> map) {
        String str = map.get("Authorization");
        if (str == null) {
            str = map.get("Authorization".toLowerCase());
        }
        if (str == null) {
            return true;
        }
        String[] split = new String(Base64.decodeBase64(str.replaceFirst("Basic ", "").getBytes())).split(":");
        String str2 = split[0];
        String str3 = split[1];
        try {
            if (AuthConstants.getOAuthTokenLocation() != null) {
                oauthAuthenticate(str2, str3);
            } else {
                ldapAuthenticate(str2, str3);
            }
            map.remove("Authorization");
            map.remove("Authorization".toLowerCase());
            map.put(Listener.AUTHENTICATED_USER_HEADER, str2);
            if (logger.isDebugEnabled()) {
                logger.debug("authentication successful for user '" + str2 + "'");
            }
            return true;
        } catch (Exception e) {
            map.remove("Authorization");
            map.remove("Authorization".toLowerCase());
            map.put(Listener.AUTHENTICATION_FAILED, "Authentication failed for '" + str2 + "' " + e.getMessage());
            logger.severeException("Authentication failed for user '" + str2 + "'" + e.getMessage(), e);
            return false;
        }
    }

    public static void ldapAuthenticate(String str, String str2) throws MdwSecurityException {
        String property = PropertyManager.getProperty(PropertyNames.LDAP_PROTOCOL);
        if (property == null) {
            property = LdapAuthenticator.DEFAULT_PROTOCOL;
        }
        new LdapAuthenticator(property + "://" + PropertyManager.getProperty(PropertyNames.LDAP_HOST) + ":" + PropertyManager.getProperty(PropertyNames.LDAP_PORT), PropertyManager.getProperty(PropertyNames.BASE_DN)).authenticate(str, str2);
    }

    public static void oauthAuthenticate(String str, String str2) throws MdwSecurityException {
        new OAuthAuthenticator().authenticate(str, str2);
    }
}
