package org.apache.hadoop.security.authentication.server;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Properties;
import java.util.Random;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.util.Signer;
import org.apache.hadoop.security.authentication.util.SignerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/authentication/server/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    public static final String CONFIG_PREFIX = "config.prefix";
    public static final String AUTH_TYPE = "type";
    public static final String SIGNATURE_SECRET = "signature.secret";
    public static final String AUTH_TOKEN_VALIDITY = "token.validity";
    public static final String COOKIE_DOMAIN = "cookie.domain";
    public static final String COOKIE_PATH = "cookie.path";
    private Signer signer;
    private AuthenticationHandler authHandler;
    private boolean randomSecret;
    private long validity;
    private String cookieDomain;
    private String cookiePath;
    private static Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class);
    private static final Random RAN = new Random();

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(CONFIG_PREFIX);
        String str = initParameter != null ? initParameter + "." : "";
        Properties configuration = getConfiguration(str, filterConfig);
        String property = configuration.getProperty("type", null);
        if (property == null) {
            throw new ServletException("Authentication type must be specified: simple|kerberos|<class>");
        }
        try {
            this.authHandler = (AuthenticationHandler) Thread.currentThread().getContextClassLoader().loadClass(property.equals(PseudoAuthenticationHandler.TYPE) ? PseudoAuthenticationHandler.class.getName() : property.equals(KerberosAuthenticationHandler.TYPE) ? KerberosAuthenticationHandler.class.getName() : property).newInstance();
            this.authHandler.init(configuration);
            String property2 = configuration.getProperty(str + SIGNATURE_SECRET);
            if (property2 == null) {
                property2 = Long.toString(RAN.nextLong());
                this.randomSecret = true;
                LOG.warn("'signature.secret' configuration not set, using a random value as secret");
            }
            this.signer = new Signer(property2.getBytes());
            this.validity = Long.parseLong(configuration.getProperty(AUTH_TOKEN_VALIDITY, "36000")) * 1000;
            this.cookieDomain = configuration.getProperty(COOKIE_DOMAIN, null);
            this.cookiePath = configuration.getProperty(COOKIE_PATH, null);
        } catch (ClassNotFoundException e) {
            throw new ServletException(e);
        } catch (IllegalAccessException e2) {
            throw new ServletException(e2);
        } catch (InstantiationException e3) {
            throw new ServletException(e3);
        }
    }

    protected AuthenticationHandler getAuthenticationHandler() {
        return this.authHandler;
    }

    protected boolean isRandomSecret() {
        return this.randomSecret;
    }

    protected long getValidity() {
        return this.validity / 1000;
    }

    protected String getCookieDomain() {
        return this.cookieDomain;
    }

    protected String getCookiePath() {
        return this.cookiePath;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        if (this.authHandler != null) {
            this.authHandler.destroy();
            this.authHandler = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
        Properties properties = new Properties();
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str2 = (String) initParameterNames.nextElement();
            if (str2.startsWith(str)) {
                properties.put(str2.substring(str.length()), filterConfig.getInitParameter(str2));
            }
        }
        return properties;
    }

    protected String getRequestURL(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        return requestURL.toString();
    }

    protected AuthenticationToken getToken(HttpServletRequest httpServletRequest) throws IOException, AuthenticationException {
        AuthenticationToken authenticationToken = null;
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
                    try {
                        str = this.signer.verifyAndExtract(cookie.getValue());
                        break;
                    } catch (SignerException e) {
                        throw new AuthenticationException(e);
                    }
                }
                i++;
            }
        }
        if (str != null) {
            authenticationToken = AuthenticationToken.parse(str);
            if (!authenticationToken.getType().equals(this.authHandler.getType())) {
                throw new AuthenticationException("Invalid AuthenticationToken type");
            }
            if (authenticationToken.isExpired()) {
                throw new AuthenticationException("AuthenticationToken expired");
            }
        }
        return authenticationToken;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        AuthenticationToken authenticationToken;
        boolean z = true;
        String str = "";
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        boolean z2 = false;
        try {
            try {
                authenticationToken = getToken(httpServletRequest);
            } catch (AuthenticationException e) {
                LOG.warn("AuthenticationToken ignored: " + e.getMessage());
                authenticationToken = null;
            }
            if (this.authHandler.managementOperation(authenticationToken, httpServletRequest, httpServletResponse)) {
                if (authenticationToken == null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Request [{}] triggering authentication", getRequestURL(httpServletRequest));
                    }
                    authenticationToken = this.authHandler.authenticate(httpServletRequest, httpServletResponse);
                    if (authenticationToken != null && authenticationToken.getExpires() != 0 && authenticationToken != AuthenticationToken.ANONYMOUS) {
                        authenticationToken.setExpires(System.currentTimeMillis() + (getValidity() * 1000));
                    }
                    z2 = true;
                }
                if (authenticationToken != null) {
                    z = false;
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Request [{}] user [{}] authenticated", getRequestURL(httpServletRequest), authenticationToken.getUserName());
                    }
                    final AuthenticationToken authenticationToken2 = authenticationToken;
                    ServletRequest servletRequest2 = new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.hadoop.security.authentication.server.AuthenticationFilter.1
                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public String getAuthType() {
                            return authenticationToken2.getType();
                        }

                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public String getRemoteUser() {
                            return authenticationToken2.getUserName();
                        }

                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public Principal getUserPrincipal() {
                            if (authenticationToken2 != AuthenticationToken.ANONYMOUS) {
                                return authenticationToken2;
                            }
                            return null;
                        }
                    };
                    if (z2 && !authenticationToken.isExpired() && authenticationToken != AuthenticationToken.ANONYMOUS) {
                        httpServletResponse.addCookie(createCookie(this.signer.sign(authenticationToken.toString())));
                    }
                    filterChain.doFilter(servletRequest2, httpServletResponse);
                }
            } else {
                z = false;
            }
        } catch (AuthenticationException e2) {
            str = e2.toString();
            LOG.warn("Authentication exception: " + e2.getMessage(), e2);
        }
        if (!z || httpServletResponse.isCommitted()) {
            return;
        }
        Cookie createCookie = createCookie("");
        createCookie.setMaxAge(0);
        httpServletResponse.addCookie(createCookie);
        httpServletResponse.sendError(401, str);
    }

    protected Cookie createCookie(String str) {
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, str);
        if (getCookieDomain() != null) {
            cookie.setDomain(getCookieDomain());
        }
        if (getCookiePath() != null) {
            cookie.setPath(getCookiePath());
        }
        return cookie;
    }
}
