package org.pentaho.platform.plugin.services.security.userrole.ldap;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.ICacheManager;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.authentication.LdapAuthenticator;

/* loaded from: input_file:org/pentaho/platform/plugin/services/security/userrole/ldap/PentahoCachingLdapAuthenticator.class */
public class PentahoCachingLdapAuthenticator implements LdapAuthenticator {
    private static final String REGION_DEFAULT_NAME = "ldapAuthenticatorCache";
    private static final String PASSWORD_HASH_METHOD = "SHA-256";
    private MessageDigest messageDigest;
    private final LdapAuthenticator delegate;
    private static final String ROLES_BY_USER = "AuthenticatorCache_";
    private static final Log logger = LogFactory.getLog(PentahoCachingLdapAuthenticator.class);
    private static final int HASH_SALT = new Random().nextInt();
    private String cacheRegionName = REGION_DEFAULT_NAME;
    private String passwordHashMethod = PASSWORD_HASH_METHOD;
    private final ICacheManager cacheManager = PentahoSystem.getCacheManager((IPentahoSession) null);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/pentaho/platform/plugin/services/security/userrole/ldap/PentahoCachingLdapAuthenticator$DelegateOperation.class */
    public interface DelegateOperation {
        DirContextOperations perform();
    }

    public PentahoCachingLdapAuthenticator(LdapAuthenticator ldapAuthenticator) {
        if (ldapAuthenticator == null) {
            throw new IllegalArgumentException("delegate LdapAuthenticator cannot be null");
        }
        this.delegate = ldapAuthenticator;
        if (!this.cacheManager.cacheEnabled(this.cacheRegionName)) {
            this.cacheManager.addCacheRegion(this.cacheRegionName);
        }
        try {
            this.messageDigest = MessageDigest.getInstance(PASSWORD_HASH_METHOD);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Issue trying to create a messageDigest for MD5");
        }
    }

    private DirContextOperations performOperation(Authentication authentication, DelegateOperation delegateOperation) {
        DirContextOperations perform;
        String str = ROLES_BY_USER + hashUserAndPassword(authentication);
        if (logger.isTraceEnabled()) {
            logger.trace("cacheEntry:" + str);
        }
        Object fromRegionCache = this.cacheManager.getFromRegionCache(this.cacheRegionName, str);
        if (fromRegionCache instanceof DirContextOperations) {
            if (logger.isDebugEnabled()) {
                logger.debug("Cache Hit for " + authentication.getPrincipal());
            }
            perform = (DirContextOperations) fromRegionCache;
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Cache miss for " + authentication.getPrincipal());
            }
            perform = delegateOperation.perform();
            this.cacheManager.putInRegionCache(this.cacheRegionName, str, perform);
        }
        return perform;
    }

    public DirContextOperations authenticate(Authentication authentication) {
        return performOperation(authentication, () -> {
            return this.delegate.authenticate(authentication);
        });
    }

    protected String hashUserAndPassword(Authentication authentication) {
        return new String(Base64.getEncoder().encode(new String(this.messageDigest.digest((HASH_SALT + ":" + authentication.getPrincipal() + ":" + authentication.getCredentials()).getBytes())).getBytes()));
    }

    public String getCacheRegionName() {
        return this.cacheRegionName;
    }

    public void setCacheRegionName(String str) {
        this.cacheRegionName = str;
    }

    public String getPasswordHashMethod() {
        return this.passwordHashMethod;
    }

    public void setPasswordHashMethod(String str) {
        this.passwordHashMethod = str;
        try {
            this.messageDigest = MessageDigest.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("hashMethod NoSuchAlgorithmException, default is SHA-256");
        }
    }
}
