package org.apache.hadoop.fs.http.server;

import java.io.IOException;
import java.io.PrintWriter;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.fs.http.client.HttpFSKerberosAuthenticator;
import org.apache.hadoop.lib.service.DelegationTokenIdentifier;
import org.apache.hadoop.lib.service.DelegationTokenManager;
import org.apache.hadoop.lib.service.DelegationTokenManagerException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.token.Token;
import org.json.simple.JSONObject;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.class
  input_file:webhdfs.war:WEB-INF/classes/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.class
  input_file:webhdfs/WEB-INF/classes/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.class
 */
@InterfaceAudience.Private
/* loaded from: input_file:hadoop-hdfs-httpfs-2.5.1-mapr-1410-SNAPSHOT/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/classes/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.class */
public class HttpFSKerberosAuthenticationHandler extends KerberosAuthenticationHandler {
    static final Set<String> DELEGATION_TOKEN_OPS = new HashSet();
    public static final String TYPE = "kerberos-dt";
    private static final String ENTER;

    @Override // org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public String getType() {
        return TYPE;
    }

    @Override // org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public boolean managementOperation(AuthenticationToken authenticationToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        boolean z = true;
        String parameter = httpServletRequest.getParameter("op");
        String upperCase = parameter != null ? parameter.toUpperCase() : null;
        if (DELEGATION_TOKEN_OPS.contains(upperCase) && !httpServletRequest.getMethod().equals("OPTIONS")) {
            HttpFSKerberosAuthenticator.DelegationTokenOperation valueOf = HttpFSKerberosAuthenticator.DelegationTokenOperation.valueOf(upperCase);
            if (!valueOf.getHttpMethod().equals(httpServletRequest.getMethod())) {
                httpServletResponse.sendError(400, MessageFormat.format("Wrong HTTP method [{0}] for operation [{1}], it should be [{2}]", httpServletRequest.getMethod(), valueOf, valueOf.getHttpMethod()));
                z = false;
            } else if (valueOf.requiresKerberosCredentials() && authenticationToken == null) {
                httpServletResponse.sendError(401, MessageFormat.format("Operation [{0}] requires SPNEGO authentication established", valueOf));
                z = false;
            } else {
                DelegationTokenManager delegationTokenManager = (DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class);
                try {
                    Map map = null;
                    switch (valueOf) {
                        case GETDELEGATIONTOKEN:
                            String parameter2 = httpServletRequest.getParameter("renewer");
                            if (parameter2 == null) {
                                parameter2 = authenticationToken.getUserName();
                            }
                            map = delegationTokenToJSON(delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), parameter2));
                            break;
                        case RENEWDELEGATIONTOKEN:
                        case CANCELDELEGATIONTOKEN:
                            String parameter3 = httpServletRequest.getParameter("token");
                            if (parameter3 != null) {
                                if (valueOf != HttpFSKerberosAuthenticator.DelegationTokenOperation.CANCELDELEGATIONTOKEN) {
                                    Token<DelegationTokenIdentifier> token = new Token<>();
                                    token.decodeFromUrlString(parameter3);
                                    long renewToken = delegationTokenManager.renewToken(token, authenticationToken.getUserName());
                                    map = new HashMap();
                                    map.put(HttpFSKerberosAuthenticator.RENEW_DELEGATION_TOKEN_JSON, Long.valueOf(renewToken));
                                    break;
                                } else {
                                    Token<DelegationTokenIdentifier> token2 = new Token<>();
                                    token2.decodeFromUrlString(parameter3);
                                    delegationTokenManager.cancelToken(token2, UserGroupInformation.getCurrentUser().getUserName());
                                    break;
                                }
                            } else {
                                httpServletResponse.sendError(400, MessageFormat.format("Operation [{0}] requires the parameter [{1}]", valueOf, "token"));
                                z = false;
                                break;
                            }
                    }
                    if (z) {
                        httpServletResponse.setStatus(200);
                        if (map != null) {
                            httpServletResponse.setContentType("application/json");
                            PrintWriter writer = httpServletResponse.getWriter();
                            JSONObject.writeJSONString(map, writer);
                            writer.write(ENTER);
                            writer.flush();
                        }
                        z = false;
                    }
                } catch (DelegationTokenManagerException e) {
                    throw new AuthenticationException(e.toString(), e);
                }
            }
        }
        return z;
    }

    private static Map delegationTokenToJSON(Token token) throws IOException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON, token.encodeToUrlString());
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON, linkedHashMap);
        return linkedHashMap2;
    }

    @Override // org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        AuthenticationToken authenticationToken;
        String parameter = httpServletRequest.getParameter("delegation");
        if (parameter != null) {
            try {
                Token<DelegationTokenIdentifier> token = new Token<>();
                token.decodeFromUrlString(parameter);
                UserGroupInformation verifyToken = ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).verifyToken(token);
                authenticationToken = new AuthenticationToken(verifyToken.getShortUserName(), verifyToken.getUserName(), getType());
                authenticationToken.setExpires(0L);
            } catch (Throwable th) {
                throw new AuthenticationException("Could not verify DelegationToken, " + th.toString(), th);
            }
        } else {
            authenticationToken = super.authenticate(httpServletRequest, httpServletResponse);
        }
        return authenticationToken;
    }

    static {
        DELEGATION_TOKEN_OPS.add(HttpFSKerberosAuthenticator.DelegationTokenOperation.GETDELEGATIONTOKEN.toString());
        DELEGATION_TOKEN_OPS.add(HttpFSKerberosAuthenticator.DelegationTokenOperation.RENEWDELEGATIONTOKEN.toString());
        DELEGATION_TOKEN_OPS.add(HttpFSKerberosAuthenticator.DelegationTokenOperation.CANCELDELEGATIONTOKEN.toString());
        ENTER = System.getProperty("line.separator");
    }
}
