package org.apache.ranger.rms.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.ranger.authz.handler.RangerAuth;
import org.apache.ranger.authz.handler.jwt.RangerDefaultJwtAuthHandler;
import org.apache.ranger.rms.server.RMSConfig;
import org.apache.ranger.rms.util.AppConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

/* loaded from: input_file:org/apache/ranger/rms/security/RMSJwtAuthFilter.class */
public class RMSJwtAuthFilter extends RangerDefaultJwtAuthHandler implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(RMSJwtAuthFilter.class);
    private static final String DEFAULT_RMS_ROLE = "ROLE_USER";
    private static final String CONFIG_PREFIX = "config.prefix";

    @PostConstruct
    public void initialize() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>>> RMSJwtAuthFilter.initialize()");
        }
        RMSConfig rMSConfig = RMSConfig.getInstance();
        try {
            String concat = rMSConfig.get(CONFIG_PREFIX, "ranger-rms.jwt.auth").concat(AppConstants.DBNAME_TABLENAME_SEPARATOR);
            Properties properties = new Properties();
            properties.putAll(rMSConfig.getPropsWithPrefix(concat));
            if (LOG.isDebugEnabled()) {
                LOG.debug("JWT Auth configs : " + properties.toString());
            }
            super.initialize(properties);
        } catch (Exception e) {
            LOG.error("Failed to initialize Ranger RMS JWT Auth Filter.", e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<<<=== RMSJwtAuthFilter.initialize()");
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>>> RMSJwtAuthFilter.doFilter({}, {}, {})", new Object[]{servletRequest, servletResponse, filterChain});
        }
        if (servletRequest != null) {
            if (canAuthenticateRequest(servletRequest)) {
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null || !authentication.isAuthenticated()) {
                    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                    RangerAuth authenticate = authenticate(httpServletRequest);
                    if (authenticate != null) {
                        List asList = Arrays.asList(new SimpleGrantedAuthority(DEFAULT_RMS_ROLE));
                        AbstractAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(new User(authenticate.getUserName(), "", asList), "", asList);
                        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(httpServletRequest));
                        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                    }
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("User [{}] is already authenticated, proceeding with filter chain.", authentication.getPrincipal());
                }
                Authentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
                if (authentication2 == null) {
                    LOG.warn("RMSJwtAuthFilter.doFilter() - Failed to authenticate request using RMS JWT authentication framework.");
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("RMSJwtAuthFilter.doFilter() - user=[{}], isUserAuthenticated? [{}]", authentication2.getPrincipal(), Boolean.valueOf(authentication2.isAuthenticated()));
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Skipping JWT RMS auth for request.");
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<<<=== RMSJwtAuthFilter.doFilter()");
        }
    }

    public void destroy() {
    }
}
