package org.apache.ranger.rms.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

/* loaded from: input_file:org/apache/ranger/rms/security/FilterChainWrapper.class */
public class FilterChainWrapper implements FilterChain {
    private static final Logger LOG = LoggerFactory.getLogger(FilterChainWrapper.class);
    private static final String DEFAULT_RMS_ROLE = "ROLE_USER";
    private static final String COOKIE_PARAM = "Set-Cookie";
    private FilterChain filterChain;

    public FilterChainWrapper(FilterChain filterChain) {
        this.filterChain = filterChain;
    }

    private static String readUserFromCookie(HttpServletResponse httpServletResponse) {
        Collection<String> headers;
        int indexOf;
        int indexOf2;
        String str = null;
        if (httpServletResponse.containsHeader(COOKIE_PARAM) && (headers = httpServletResponse.getHeaders(COOKIE_PARAM)) != null) {
            for (String str2 : headers) {
                if (StringUtils.startsWithIgnoreCase(str2, "hadoop.auth") && str2.contains("u=")) {
                    for (String str3 : str2.split(";")) {
                        if (StringUtils.startsWithIgnoreCase(str3, "hadoop.auth") && (indexOf = str3.indexOf("u=")) != -1 && (indexOf2 = str3.indexOf("&", indexOf)) != -1) {
                            try {
                                str = str3.substring(indexOf + 2, indexOf2);
                                break;
                            } catch (Exception e) {
                                str = null;
                            }
                        }
                    }
                }
            }
        }
        return str;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String readUserFromCookie = readUserFromCookie(httpServletResponse);
        if (StringUtils.isEmpty(readUserFromCookie) && StringUtils.isNotEmpty(httpServletRequest.getRemoteUser())) {
            readUserFromCookie = httpServletRequest.getRemoteUser();
        }
        if ((authentication == null || !authentication.isAuthenticated()) && StringUtils.isNotEmpty(readUserFromCookie)) {
            String parameter = httpServletRequest.getParameter("doAs");
            if (StringUtils.isNotEmpty(parameter)) {
                readUserFromCookie = parameter;
            }
            List asList = Arrays.asList(new SimpleGrantedAuthority(DEFAULT_RMS_ROLE));
            AbstractAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(new User(readUserFromCookie, "", asList), "", asList);
            usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(httpServletRequest));
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            if (LOG.isDebugEnabled()) {
                LOG.debug("User [{}] is authenticated via RMSDelegationTokenFilter.", usernamePasswordAuthenticationToken.getPrincipal());
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("As user [{}] is authenticated, proceeding with filter chain.", readUserFromCookie);
        }
        this.filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
