package org.apache.hadoop.security.token.delegation.web;

import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationHandlerUtil;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.authentication.server.CompositeAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.apache.hadoop.thirdparty.com.google.common.base.Splitter;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.207-eep-921.jar:org/apache/hadoop/security/token/delegation/web/MultiSchemeDelegationTokenAuthenticationHandler.class */
public class MultiSchemeDelegationTokenAuthenticationHandler extends DelegationTokenAuthenticationHandler implements CompositeAuthenticationHandler {
    public static final String DELEGATION_TOKEN_SCHEMES_PROPERTY = "multi-scheme-auth-handler.delegation.schemes";
    private static final Splitter STR_SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings();
    private Set<String> delegationAuthSchemes;

    public MultiSchemeDelegationTokenAuthenticationHandler() {
        super(new MultiSchemeAuthenticationHandler("multi-scheme-dt"));
        this.delegationAuthSchemes = null;
    }

    @Override // org.apache.hadoop.security.authentication.server.CompositeAuthenticationHandler
    public Collection<String> getTokenTypes() {
        return ((CompositeAuthenticationHandler) getAuthHandler()).getTokenTypes();
    }

    @Override // org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
        super.init(properties);
        String str = (String) Preconditions.checkNotNull(properties.getProperty(MultiSchemeAuthenticationHandler.SCHEMES_PROPERTY));
        String str2 = (String) Preconditions.checkNotNull(properties.getProperty(DELEGATION_TOKEN_SCHEMES_PROPERTY));
        HashSet hashSet = new HashSet();
        Iterator<String> it = STR_SPLITTER.split(str).iterator();
        while (it.hasNext()) {
            hashSet.add(AuthenticationHandlerUtil.checkAuthScheme(it.next()));
        }
        this.delegationAuthSchemes = new HashSet();
        Iterator<String> it2 = STR_SPLITTER.split(str2).iterator();
        while (it2.hasNext()) {
            this.delegationAuthSchemes.add(AuthenticationHandlerUtil.checkAuthScheme(it2.next()));
        }
        Preconditions.checkArgument(hashSet.containsAll(this.delegationAuthSchemes));
    }

    @Override // org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler, org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        String header = httpServletRequest.getHeader("Authorization");
        if (isManagementOperation(httpServletRequest)) {
            boolean z = false;
            if (header != null) {
                Iterator<String> it = this.delegationAuthSchemes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (AuthenticationHandlerUtil.matchAuthScheme(it.next(), header)) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                httpServletResponse.setStatus(401);
                Iterator<String> it2 = this.delegationAuthSchemes.iterator();
                while (it2.hasNext()) {
                    httpServletResponse.addHeader("WWW-Authenticate", it2.next());
                }
                return null;
            }
        }
        return super.authenticate(httpServletRequest, httpServletResponse);
    }
}
