package org.apache.oozie.servlet;

import java.io.IOException;
import java.net.InetAddress;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider;
import org.apache.oozie.service.JobsConcurrencyService;
import org.apache.oozie.service.Services;
import org.apache.oozie.util.ZKUtils;

/* loaded from: input_file:WEB-INF/lib/oozie-core-4.3.0-mapr-508.jar:org/apache/oozie/servlet/AuthFilter.class */
public class AuthFilter extends AuthenticationFilter {
    public static final String OOZIE_PREFIX = "oozie.authentication.";
    private static final String KERBEROS_PRINCIPAL_CONFIG = "kerberos.principal";
    private HttpServlet optionsServlet;
    private ZKUtils zkUtils = null;

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        if (((JobsConcurrencyService) Services.get().get(JobsConcurrencyService.class)).isHighlyAvailableMode()) {
            try {
                this.zkUtils = ZKUtils.register(this);
                filterConfig.getServletContext().setAttribute(ZKSignerSecretProvider.ZOOKEEPER_SIGNER_SECRET_PROVIDER_CURATOR_CLIENT_ATTRIBUTE, this.zkUtils.getClient());
            } catch (Exception e) {
                throw new ServletException(e);
            }
        }
        super.init(filterConfig);
        this.optionsServlet = new HttpServlet() { // from class: org.apache.oozie.servlet.AuthFilter.1
        };
        this.optionsServlet.init();
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    public void destroy() {
        this.optionsServlet.destroy();
        if (this.zkUtils != null) {
            this.zkUtils.unregister(this);
        }
        super.destroy();
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    protected Properties getConfiguration(String str, FilterConfig filterConfig) {
        Properties properties = new Properties();
        Configuration conf = Services.get().getConf();
        properties.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
        Iterator it = conf.iterator();
        while (it.hasNext()) {
            String str2 = (String) ((Map.Entry) it.next()).getKey();
            if (str2.startsWith(OOZIE_PREFIX)) {
                String str3 = conf.get(str2);
                String substring = str2.substring(OOZIE_PREFIX.length());
                if (substring.equals("kerberos.principal")) {
                    String str4 = str3;
                    try {
                        str4 = SecurityUtil.getServerPrincipal(str3, InetAddress.getLocalHost().getCanonicalHostName());
                    } catch (IOException e) {
                    }
                    properties.setProperty(substring, str4);
                } else {
                    properties.setProperty(substring, str3);
                }
            }
        }
        if (((JobsConcurrencyService) Services.get().get(JobsConcurrencyService.class)).isHighlyAvailableMode()) {
            if (!properties.containsKey(AuthenticationFilter.SIGNER_SECRET_PROVIDER)) {
                properties.setProperty(AuthenticationFilter.SIGNER_SECRET_PROVIDER, "zookeeper");
            }
            if (!properties.containsKey(ZKSignerSecretProvider.ZOOKEEPER_PATH)) {
                properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_PATH, "/services/signersecrets");
            }
            properties.setProperty(ZKSignerSecretProvider.DISCONNECT_FROM_ZOOKEEPER_ON_SHUTDOWN, "false");
        }
        return properties;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        super.doFilter(servletRequest, servletResponse, new FilterChain() { // from class: org.apache.oozie.servlet.AuthFilter.2
            public void doFilter(ServletRequest servletRequest2, ServletResponse servletResponse2) throws IOException, ServletException {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest2;
                if (httpServletRequest.getMethod().equals("OPTIONS")) {
                    AuthFilter.this.optionsServlet.service(servletRequest, servletResponse);
                } else {
                    httpServletRequest.setAttribute(JsonRestServlet.USER_NAME, httpServletRequest.getRemoteUser());
                    filterChain.doFilter(servletRequest2, servletResponse2);
                }
            }
        });
    }
}
