package org.apache.hadoop.fs.http.server;

import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Properties;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.web.WebHdfsConstants;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.security.authentication.util.MapRSignerSecretProvider;
import org.apache.hadoop.security.authentication.util.RandomSignerSecretProvider;
import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/fs/http/server/HttpFSAuthenticationFilter.class */
public class HttpFSAuthenticationFilter extends DelegationTokenAuthenticationFilter {
    public static final String CONF_PREFIX = "httpfs.authentication.";
    public static final String HADOOP_HTTP_CONF_PREFIX = "hadoop.http.authentication.";
    static final String[] CONF_PREFIXES = {CONF_PREFIX, HADOOP_HTTP_CONF_PREFIX};
    private static final String SIGNATURE_SECRET_FILE = "signature.secret.file";

    protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
        Configuration config = HttpFSServerWebApp.get().getConfig();
        Properties filterProperties = HttpServer2.getFilterProperties(config, new ArrayList(Arrays.asList(CONF_PREFIXES)));
        String property = filterProperties.getProperty(SIGNATURE_SECRET_FILE, null);
        if (property == null) {
            throw new RuntimeException("Undefined property: signature.secret.file");
        }
        if (!isRandomSecret(filterConfig)) {
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(Files.newInputStream(Paths.get(property, new String[0]), new OpenOption[0]), StandardCharsets.UTF_8);
                try {
                    StringBuilder sb = new StringBuilder();
                    for (int read = inputStreamReader.read(); read > -1; read = inputStreamReader.read()) {
                        sb.append((char) read);
                    }
                    String sb2 = sb.toString();
                    if (sb2.isEmpty()) {
                        throw new RuntimeException("No secret in HttpFs signature secret file: " + property);
                    }
                    filterProperties.setProperty("signature.secret", sb2);
                    inputStreamReader.close();
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException("Could not read HttpFS signature secret file: " + property);
            }
        }
        setAuthHandlerClass(filterProperties);
        String text = WebHdfsConstants.WEBHDFS_TOKEN_KIND.toString();
        if (config.getBoolean("httpfs.ssl.enabled", false)) {
            text = WebHdfsConstants.SWEBHDFS_TOKEN_KIND.toString();
        }
        filterProperties.setProperty("delegation-token.token-kind", text);
        return filterProperties;
    }

    protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) {
        Map valByRegex = HttpFSServerWebApp.get().getConfig().getValByRegex("httpfs\\.proxyuser\\.");
        Configuration configuration = new Configuration(false);
        for (Map.Entry entry : valByRegex.entrySet()) {
            configuration.set(((String) entry.getKey()).substring("httpfs.".length()), (String) entry.getValue());
        }
        return configuration;
    }

    private boolean isRandomSecret(FilterConfig filterConfig) {
        SignerSecretProvider signerSecretProvider = (SignerSecretProvider) filterConfig.getServletContext().getAttribute("signer.secret.provider.object");
        if (signerSecretProvider == null) {
            return false;
        }
        return signerSecretProvider.getClass() == RandomSignerSecretProvider.class || signerSecretProvider.getClass() == MapRSignerSecretProvider.class;
    }
}
