package org.apache.hadoop.security.authentication.server;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.util.HttpExceptionUtils;
import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.0-eep-912.jar:org/apache/hadoop/security/authentication/server/ProxyUserAuthenticationFilter.class */
public class ProxyUserAuthenticationFilter extends AuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ProxyUserAuthenticationFilter.class);
    private static final String DO_AS = "doas";
    public static final String PROXYUSER_PREFIX = "proxyuser";

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter, javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        ProxyUsers.refreshSuperUserGroupsConfiguration(getProxyuserConfiguration(filterConfig), "proxyuser");
        super.init(filterConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    public void doFilter(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String parameter = toLowerCase(httpServletRequest).getParameter("doas");
        if (parameter != null && !parameter.equals(httpServletRequest.getRemoteUser())) {
            LOG.debug("doAsUser = {}, RemoteUser = {} , RemoteAddress = {} ", parameter, httpServletRequest.getRemoteUser(), httpServletRequest.getRemoteAddr());
            UserGroupInformation createRemoteUser = httpServletRequest.getUserPrincipal() != null ? UserGroupInformation.createRemoteUser(httpServletRequest.getRemoteUser()) : null;
            if (createRemoteUser != null) {
                final UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser(parameter, createRemoteUser);
                try {
                    ProxyUsers.authorize(createProxyUser, httpServletRequest.getRemoteAddr());
                    httpServletRequest = new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.1
                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public String getRemoteUser() {
                            return createProxyUser.getShortUserName();
                        }

                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public Principal getUserPrincipal() {
                            return new Principal() { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.1.1
                                @Override // java.security.Principal
                                public String getName() {
                                    return createProxyUser.getUserName();
                                }
                            };
                        }
                    };
                    LOG.debug("Proxy user Authentication successful");
                } catch (AuthorizationException e) {
                    HttpExceptionUtils.createServletExceptionResponse(httpServletResponse, 403, e);
                    LOG.warn("Proxy user Authentication exception", (Throwable) e);
                    return;
                }
            }
        }
        super.doFilter(filterChain, httpServletRequest, httpServletResponse);
    }

    protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) throws ServletException {
        Configuration configuration = new Configuration(false);
        Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String nextElement = initParameterNames.nextElement();
            if (nextElement.startsWith("proxyuser.")) {
                configuration.set(nextElement, filterConfig.getInitParameter(nextElement));
            }
        }
        return configuration;
    }

    static boolean containsUpperCase(Iterable<String> iterable) {
        for (String str : iterable) {
            for (int i = 0; i < str.length(); i++) {
                if (Character.isUpperCase(str.charAt(i))) {
                    return true;
                }
            }
        }
        return false;
    }

    public static HttpServletRequest toLowerCase(HttpServletRequest httpServletRequest) {
        Map<String, String[]> parameterMap = httpServletRequest.getParameterMap();
        if (!containsUpperCase(parameterMap.keySet())) {
            return httpServletRequest;
        }
        final HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
            String lowerCase = StringUtils.toLowerCase(entry.getKey());
            List list = (List) hashMap.get(lowerCase);
            if (list == null) {
                list = new ArrayList();
                hashMap.put(lowerCase, list);
            }
            for (String str : entry.getValue()) {
                list.add(str);
            }
        }
        return new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.2
            private Map<String, String[]> parameters = null;

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public Map<String, String[]> getParameterMap() {
                if (this.parameters == null) {
                    this.parameters = new HashMap();
                    for (Map.Entry entry2 : hashMap.entrySet()) {
                        List list2 = (List) entry2.getValue();
                        this.parameters.put((String) entry2.getKey(), (String[]) list2.toArray(new String[list2.size()]));
                    }
                }
                return this.parameters;
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public String getParameter(String str2) {
                List list2 = (List) hashMap.get(str2);
                if (list2 == null) {
                    return null;
                }
                return (String) list2.get(0);
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public String[] getParameterValues(String str2) {
                return getParameterMap().get(str2);
            }

            @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
            public Enumeration<String> getParameterNames() {
                final Iterator it = hashMap.keySet().iterator();
                return new Enumeration<String>() { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.2.1
                    @Override // java.util.Enumeration
                    public boolean hasMoreElements() {
                        return it.hasNext();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Enumeration
                    public String nextElement() {
                        return (String) it.next();
                    }
                };
            }
        };
    }
}
