package org.apache.ranger.rms.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Objects;
import java.util.Properties;
import javax.annotation.PostConstruct;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.collections.iterators.IteratorEnumeration;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticationHandler;
import org.apache.ranger.rms.server.RMSConfig;
import org.apache.ranger.rms.util.AppConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/apache/ranger/rms/security/RMSDelegationTokenFilter.class */
public class RMSDelegationTokenFilter extends DelegationTokenAuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(RMSDelegationTokenFilter.class);
    protected RMSConfig rmsConfig;
    private final ServletContext nullContext = new NullServletContext();
    private String tokenKindStr = null;

    @PostConstruct
    public void initialize() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>>> RMSDelegationTokenFilter.initialize()");
        }
        this.rmsConfig = RMSConfig.getInstance();
        try {
            this.tokenKindStr = AppConstants.RMS_DELEGATION_TOKEN_KIND_DEFAULT;
            final HashMap hashMap = new HashMap();
            hashMap.put("config.prefix", this.rmsConfig.get("config.prefix"));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Config Prefix used for RMSDelegationTokenFilter is [{}].", hashMap.get("config.prefix"));
            }
            super.init(new FilterConfig() { // from class: org.apache.ranger.rms.security.RMSDelegationTokenFilter.1
                public ServletContext getServletContext() {
                    return RMSDelegationTokenFilter.this.nullContext;
                }

                public Enumeration<String> getInitParameterNames() {
                    return new IteratorEnumeration(hashMap.keySet().iterator());
                }

                public String getInitParameter(String str) {
                    return (String) hashMap.get(str);
                }

                public String getFilterName() {
                    return "RMSDelegationTokenFilter";
                }
            });
        } catch (ServletException e) {
            LOG.error("RMSDelegationTokenFilter(): initialization failure", e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<<<=== RMSDelegationTokenFilter.initialize()");
        }
    }

    protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
        Properties properties = new Properties();
        properties.putAll(this.rmsConfig.getPropsWithPrefix(str));
        String property = properties.getProperty("type", "simple");
        if (property.equals("simple")) {
            properties.setProperty("type", PseudoDelegationTokenAuthenticationHandler.class.getName());
        } else if (property.equals("kerberos")) {
            properties.setProperty("type", KerberosDelegationTokenAuthenticationHandler.class.getName());
        }
        properties.setProperty("delegation-token.token-kind", this.tokenKindStr);
        String str2 = this.rmsConfig.get(AppConstants.PROP_RMS_SERVER_BIND_ADDRESS);
        if (Objects.isNull(str2)) {
            LOG.warn("No host name configured.  Defaulting to local host name.");
            try {
                str2 = InetAddress.getLocalHost().getHostName();
            } catch (UnknownHostException e) {
                throw new ServletException("Unable to obtain host name", e);
            }
        }
        String property2 = properties.getProperty("kerberos.principal");
        if (Objects.nonNull(property2)) {
            try {
                properties.put("kerberos.principal", SecurityUtil.getServerPrincipal(property2, str2));
            } catch (IOException e2) {
                throw new RuntimeException("Could not resolve Kerberos principal name: " + e2.toString(), e2);
            }
        }
        return properties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            FilterChainWrapper filterChainWrapper = new FilterChainWrapper(filterChain);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Trying to authenticate user via RMSDelegationTokenFilter.");
            }
            super.doFilter(servletRequest, servletResponse, filterChainWrapper);
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("User [{}] is already authenticated, proceeding with filter chain.", authentication.getPrincipal());
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
        Authentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Leaving RMSDelegationTokenFilter, isUserAuthenticated? [{}]", Boolean.valueOf(authentication2 != null && authentication2.isAuthenticated()));
        }
    }
}
