package org.apache.hadoop.gateway.provider.federation.jwt.filter;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.text.ParseException;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.provider.federation.jwt.JWTMessages;
import org.apache.hadoop.gateway.services.GatewayServices;
import org.apache.hadoop.gateway.services.registry.ServiceRegistry;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
import org.apache.hadoop.gateway.util.JsonUtils;

/* loaded from: input_file:org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.class */
public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilter {
    private static final String SVC_URL = "svc";
    private static final String EXPIRES_IN = "expires_in";
    private static final String TOKEN_TYPE = "token_type";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String BEARER = "Bearer ";
    private static JWTMessages log = (JWTMessages) MessagesFactory.get(JWTMessages.class);
    private long validity;
    private JWTokenAuthority authority = null;
    private ServiceRegistry sr;

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String initParameter = filterConfig.getInitParameter("validity");
        if (initParameter == null) {
            initParameter = "3600";
        }
        this.validity = Long.parseLong(initParameter);
        GatewayServices gatewayServices = (GatewayServices) filterConfig.getServletContext().getAttribute("org.apache.hadoop.gateway.gateway.services");
        this.authority = (JWTokenAuthority) gatewayServices.getService("TokenService");
        this.sr = (ServiceRegistry) gatewayServices.getService("ServiceRegistryService");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (header == null || !header.startsWith(BEARER)) {
            ((HttpServletResponse) servletResponse).sendError(401);
            return;
        }
        try {
            JWTToken parseToken = JWTToken.parseToken(header.substring(BEARER.length()));
            if (parseToken == null) {
                throw new ServletException("Expected JWT Token not provided as Bearer token");
            }
            try {
                this.authority.verifyToken(parseToken);
            } catch (TokenServiceException e) {
                log.unableToVerifyToken(e);
            }
            String mapUserPrincipal = this.mapper.mapUserPrincipal(getPrincipalName(Subject.getSubject(AccessController.getContext())));
            long currentTimeMillis = System.currentTimeMillis() + (this.validity * 1000);
            String parameter = servletRequest.getParameter("service-name");
            String parameter2 = servletRequest.getParameter("cluster-name");
            String accessToken = getAccessToken(mapUserPrincipal, parameter, currentTimeMillis);
            String lookupServiceURL = this.sr.lookupServiceURL(parameter2, parameter);
            HashMap hashMap = new HashMap();
            hashMap.put(ACCESS_TOKEN, accessToken);
            hashMap.put(TOKEN_TYPE, BEARER);
            hashMap.put(EXPIRES_IN, Long.valueOf(currentTimeMillis));
            hashMap.put(SVC_URL, lookupServiceURL);
            servletResponse.getWriter().write(JsonUtils.renderAsJsonString(hashMap));
        } catch (ParseException e2) {
            throw new ServletException("ParseException encountered while processing the JWT token: ", e2);
        }
    }

    private String getAccessToken(final String str, String str2, long j) {
        String str3 = null;
        try {
            JWTToken issueToken = this.authority.issueToken(new Principal() { // from class: org.apache.hadoop.gateway.provider.federation.jwt.filter.JWTAccessTokenAssertionFilter.1
                @Override // java.security.Principal
                public String getName() {
                    return str;
                }
            }, str2, "RS256", j);
            if (issueToken != null) {
                str3 = issueToken.toString();
            }
        } catch (TokenServiceException e) {
            log.unableToIssueToken(e);
        }
        return str3;
    }
}
