package org.apache.hadoop.security.token.delegation.web;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationHandler;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.hadoop.util.HttpExceptionUtils;
import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.class */
public abstract class DelegationTokenAuthenticationHandler implements AuthenticationHandler {
    protected static final String TYPE_POSTFIX = "-dt";
    public static final String PREFIX = "delegation-token.";
    public static final String TOKEN_KIND = "delegation-token.token-kind";
    public static final String DELEGATION_TOKEN_UGI_ATTRIBUTE = "hadoop.security.delegation-token.ugi";
    public static final String JSON_MAPPER_PREFIX = "delegation-token.json-mapper.";
    private AuthenticationHandler authHandler;
    private DelegationTokenManager tokenManager;
    private String authType;
    private JsonFactory jsonFactory;
    private static final String ENTER;
    private static final Logger LOG = LoggerFactory.getLogger(DelegationTokenAuthenticationHandler.class);
    private static final Set<String> DELEGATION_TOKEN_OPS = new HashSet();

    public DelegationTokenAuthenticationHandler(AuthenticationHandler authenticationHandler) {
        this.authHandler = authenticationHandler;
        this.authType = authenticationHandler.getType();
    }

    @VisibleForTesting
    DelegationTokenManager getTokenManager() {
        return this.tokenManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationHandler getAuthHandler() {
        return this.authHandler;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
        this.authHandler.init(properties);
        initTokenManager(properties);
        initJsonFactory(properties);
    }

    public void setExternalDelegationTokenSecretManager(AbstractDelegationTokenSecretManager abstractDelegationTokenSecretManager) {
        this.tokenManager.setExternalDelegationTokenSecretManager(abstractDelegationTokenSecretManager);
    }

    @VisibleForTesting
    public void initTokenManager(Properties properties) {
        Configuration configuration = new Configuration(false);
        for (Map.Entry entry : properties.entrySet()) {
            configuration.set((String) entry.getKey(), (String) entry.getValue());
        }
        String str = configuration.get(TOKEN_KIND);
        if (str == null) {
            throw new IllegalArgumentException("The configuration does not define the token kind");
        }
        this.tokenManager = new DelegationTokenManager(configuration, new Text(str.trim()));
        this.tokenManager.init();
    }

    @VisibleForTesting
    public void initJsonFactory(Properties properties) {
        JsonGenerator.Feature valueOf;
        boolean z = false;
        JsonFactory jsonFactory = new JsonFactory();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith(JSON_MAPPER_PREFIX) && (valueOf = JsonGenerator.Feature.valueOf(str.substring(JSON_MAPPER_PREFIX.length()))) != null) {
                z = true;
                jsonFactory.configure(valueOf, Boolean.parseBoolean((String) entry.getValue()));
            }
        }
        if (z) {
            this.jsonFactory = jsonFactory;
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void destroy() {
        this.tokenManager.destroy();
        this.authHandler.destroy();
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public String getType() {
        return this.authType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isManagementOperation(HttpServletRequest httpServletRequest) throws IOException {
        String parameter = ServletUtils.getParameter(httpServletRequest, DelegationTokenAuthenticator.OP_PARAM);
        return DELEGATION_TOKEN_OPS.contains(parameter != null ? StringUtils.toUpperCase(parameter) : null) && !httpServletRequest.getMethod().equals("OPTIONS");
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:33:0x00d8. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0244  */
    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken r9, javax.servlet.http.HttpServletRequest r10, javax.servlet.http.HttpServletResponse r11) throws java.io.IOException, org.apache.hadoop.security.authentication.client.AuthenticationException {
        /*
            Method dump skipped, instructions count: 699
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):boolean");
    }

    private static Map delegationTokenToJSON(Token token) throws IOException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(DelegationTokenAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON, token.encodeToUrlString());
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put(DelegationTokenAuthenticator.DELEGATION_TOKEN_JSON, linkedHashMap);
        return linkedHashMap2;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        AuthenticationToken authenticate;
        String delegationToken = getDelegationToken(httpServletRequest);
        if (delegationToken != null) {
            LOG.debug("Authenticating with dt param: {}", delegationToken);
            try {
                Token<? extends AbstractDelegationTokenIdentifier> token = new Token<>();
                token.decodeFromUrlString(delegationToken);
                UserGroupInformation verifyToken = this.tokenManager.verifyToken(token);
                authenticate = new AuthenticationToken(verifyToken.getShortUserName(), verifyToken.getUserName(), getType());
                authenticate.setExpires(0L);
                httpServletRequest.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, verifyToken);
            } catch (Throwable th) {
                authenticate = null;
                HttpExceptionUtils.createServletExceptionResponse(httpServletResponse, 403, new AuthenticationException(th));
            }
        } else {
            LOG.debug("Falling back to {} (req={})", this.authHandler.getClass(), httpServletRequest);
            authenticate = this.authHandler.authenticate(httpServletRequest, httpServletResponse);
        }
        return authenticate;
    }

    private String getDelegationToken(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER);
        if (header == null) {
            header = ServletUtils.getParameter(httpServletRequest, DelegationTokenAuthenticator.DELEGATION_PARAM);
        }
        return header;
    }

    static {
        DELEGATION_TOKEN_OPS.add(DelegationTokenAuthenticator.DelegationTokenOperation.GETDELEGATIONTOKEN.toString());
        DELEGATION_TOKEN_OPS.add(DelegationTokenAuthenticator.DelegationTokenOperation.RENEWDELEGATIONTOKEN.toString());
        DELEGATION_TOKEN_OPS.add(DelegationTokenAuthenticator.DelegationTokenOperation.CANCELDELEGATIONTOKEN.toString());
        ENTER = System.getProperty("line.separator");
    }
}
