package org.apache.hive.druid.org.apache.druid.server.security;

import java.io.IOException;
import java.util.EnumSet;
import java.util.Map;
import javax.annotation.Nullable;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.hive.druid.com.fasterxml.jackson.annotation.JsonCreator;
import org.apache.hive.druid.com.fasterxml.jackson.annotation.JsonProperty;
import org.apache.hive.druid.com.fasterxml.jackson.annotation.JsonTypeName;
import org.apache.hive.druid.com.google.common.base.Preconditions;
import org.apache.hive.druid.com.google.common.base.Strings;
import org.apache.hive.druid.org.apache.druid.java.util.common.logger.Logger;

@JsonTypeName(AuthConfig.TRUSTED_DOMAIN_NAME)
/* loaded from: input_file:org/apache/hive/druid/org/apache/druid/server/security/TrustedDomainAuthenticator.class */
public class TrustedDomainAuthenticator implements Authenticator {
    private static final Logger LOGGER = new Logger(TrustedDomainAuthenticator.class);
    private static final String DEFAULT_IDENTITY = "defaultUser";
    private static final String X_FORWARDED_FOR = "X-Forwarded-For";
    private static final boolean DEFAULT_USE_FORWARDED_HEADERS = false;
    private final AuthenticationResult authenticationResult;
    private final String domain;
    private final boolean useForwardedHeaders;

    @JsonCreator
    public TrustedDomainAuthenticator(@JsonProperty("name") String str, @JsonProperty("domain") String str2, @JsonProperty("useForwardedHeaders") Boolean bool, @JsonProperty("authorizerName") String str3, @JsonProperty("identity") String str4) {
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str2), "Invalid domain name %s", str2);
        this.domain = str2;
        this.useForwardedHeaders = bool == null ? false : bool.booleanValue();
        this.authenticationResult = new AuthenticationResult(str4 == null ? DEFAULT_IDENTITY : str4, str3, str, null);
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Class<? extends Filter> getFilterClass() {
        return null;
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Map<String, String> getInitParameters() {
        return null;
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public String getPath() {
        return "/*";
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public EnumSet<DispatcherType> getDispatcherType() {
        return null;
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.security.Authenticator, org.apache.hive.druid.org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Filter getFilter() {
        return new Filter() { // from class: org.apache.hive.druid.org.apache.druid.server.security.TrustedDomainAuthenticator.1
            public void init(FilterConfig filterConfig) {
            }

            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                String forwardedAddress;
                String remoteAddr = servletRequest.getRemoteAddr();
                TrustedDomainAuthenticator.LOGGER.debug("Client IP Address: %s", remoteAddr);
                if (TrustedDomainAuthenticator.this.useForwardedHeaders && (forwardedAddress = TrustedDomainAuthenticator.getForwardedAddress(servletRequest)) != null) {
                    TrustedDomainAuthenticator.LOGGER.debug("Forwarded IP Address: %s", remoteAddr);
                    remoteAddr = forwardedAddress;
                }
                if (remoteAddr.endsWith(TrustedDomainAuthenticator.this.domain)) {
                    servletRequest.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, TrustedDomainAuthenticator.this.authenticationResult);
                }
                filterChain.doFilter(servletRequest, servletResponse);
            }

            public void destroy() {
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public static String getForwardedAddress(ServletRequest servletRequest) {
        if (!(servletRequest instanceof HttpServletRequest)) {
            return null;
        }
        String header = ((HttpServletRequest) servletRequest).getHeader("X-Forwarded-For");
        if (Strings.isNullOrEmpty(header)) {
            return null;
        }
        return header.split(",")[0];
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.security.Authenticator
    @Nullable
    public String getAuthChallengeHeader() {
        return null;
    }

    @Override // org.apache.hive.druid.org.apache.druid.server.security.Authenticator
    @Nullable
    public AuthenticationResult authenticateJDBCContext(Map<String, Object> map) {
        return null;
    }
}
