package org.apache.hadoop.gateway.pac4j.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.pac4j.Pac4jMessages;
import org.apache.hadoop.gateway.pac4j.session.KnoxSessionStore;
import org.apache.hadoop.gateway.services.GatewayServices;
import org.apache.hadoop.gateway.services.security.AliasService;
import org.apache.hadoop.gateway.services.security.AliasServiceException;
import org.apache.hadoop.gateway.services.security.CryptoService;
import org.apache.hadoop.gateway.services.security.KeystoreService;
import org.apache.hadoop.gateway.services.security.MasterService;
import org.pac4j.config.client.PropertiesConfigFactory;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.config.ConfigSingleton;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.http.client.indirect.IndirectBasicAuthClient;
import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
import org.pac4j.j2e.filter.CallbackFilter;
import org.pac4j.j2e.filter.RequiresAuthenticationFilter;

/* loaded from: input_file:org/apache/hadoop/gateway/pac4j/filter/Pac4jDispatcherFilter.class */
public class Pac4jDispatcherFilter implements Filter {
    private static Pac4jMessages log = (Pac4jMessages) MessagesFactory.get(Pac4jMessages.class);
    public static final String TEST_BASIC_AUTH = "testBasicAuth";
    public static final String PAC4J_CALLBACK_URL = "pac4j.callbackUrl";
    public static final String PAC4J_CALLBACK_PARAMETER = "pac4jCallback";
    private static final String PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM = "pac4j.cookie.domain.suffix";
    private CallbackFilter callbackFilter;
    private RequiresAuthenticationFilter requiresAuthenticationFilter;
    private MasterService masterService = null;
    private KeystoreService keystoreService = null;
    private AliasService aliasService = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        Config build;
        String name;
        ServletContext servletContext = filterConfig.getServletContext();
        CryptoService cryptoService = null;
        String str = null;
        if (servletContext != null) {
            GatewayServices gatewayServices = (GatewayServices) servletContext.getAttribute("org.apache.hadoop.gateway.gateway.services");
            str = (String) servletContext.getAttribute("org.apache.hadoop.gateway.gateway.cluster");
            if (gatewayServices != null) {
                this.keystoreService = (KeystoreService) gatewayServices.getService("KeystoreService");
                cryptoService = (CryptoService) gatewayServices.getService("CryptoService");
                this.aliasService = (AliasService) gatewayServices.getService("AliasService");
                this.masterService = (MasterService) gatewayServices.getService("MasterService");
            }
        }
        if (cryptoService == null || this.aliasService == null || str == null) {
            log.cryptoServiceAndAliasServiceAndClusterNameRequired();
            throw new ServletException("The crypto service, alias service and cluster name are required.");
        }
        try {
            this.aliasService.getPasswordFromAliasForCluster(str, KnoxSessionStore.PAC4J_PASSWORD, true);
            String initParameter = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
            if (initParameter == null) {
                log.ssoAuthenticationProviderUrlRequired();
                throw new ServletException("Required pac4j callback URL is missing.");
            }
            String addParameter = CommonHelper.addParameter(initParameter, PAC4J_CALLBACK_PARAMETER, "true");
            String initParameter2 = filterConfig.getInitParameter("clientName");
            if (initParameter2 == null) {
                log.clientNameParameterRequired();
                throw new ServletException("Required pac4j clientName parameter is missing.");
            }
            if (TEST_BASIC_AUTH.equalsIgnoreCase(initParameter2)) {
                IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
                indirectBasicAuthClient.setRealmName("Knox TEST");
                build = new Config(addParameter, indirectBasicAuthClient);
                name = "IndirectBasicAuthClient";
            } else {
                HashMap hashMap = new HashMap();
                Enumeration initParameterNames = filterConfig.getInitParameterNames();
                addDefaultConfig(initParameter2, hashMap);
                while (initParameterNames.hasMoreElements()) {
                    String str2 = (String) initParameterNames.nextElement();
                    hashMap.put(str2, filterConfig.getInitParameter(str2));
                }
                build = new PropertiesConfigFactory(addParameter, hashMap).build();
                List clients = build.getClients().getClients();
                if (clients == null || clients.size() == 0) {
                    log.atLeastOnePac4jClientMustBeDefined();
                    throw new ServletException("At least one pac4j client must be defined.");
                }
                name = CommonHelper.isBlank(initParameter2) ? ((Client) clients.get(0)).getName() : initParameter2;
            }
            this.callbackFilter = new CallbackFilter();
            this.requiresAuthenticationFilter = new RequiresAuthenticationFilter();
            this.requiresAuthenticationFilter.setClientName(name);
            this.requiresAuthenticationFilter.setConfig(build);
            build.setSessionStore(new KnoxSessionStore(cryptoService, str, servletContext.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM)));
            ConfigSingleton.setConfig(build);
        } catch (AliasServiceException e) {
            log.unableToGenerateAPasswordForEncryption(e);
            throw new ServletException("Unable to generate a password for encryption.");
        }
    }

    private void addDefaultConfig(String str, Map<String, String> map) {
        if (str.contains("SAML2Client")) {
            map.put("saml.keystorePath", this.keystoreService.getKeystorePath());
            map.put("saml.keystorePassword", new String(this.masterService.getMasterSecret()));
            char[] cArr = null;
            try {
                cArr = this.aliasService.getGatewayIdentityPassphrase();
            } catch (AliasServiceException e) {
                log.noPrivateKeyPasshraseProvisioned(e);
            }
            if (cArr != null) {
                map.put("saml.privateKeyPassword", new String(cArr));
            } else {
                map.put("saml.privateKeyPassword", new String(this.masterService.getMasterSecret()));
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        new J2EContext(httpServletRequest, (HttpServletResponse) servletResponse, ConfigSingleton.getConfig().getSessionStore());
        if (httpServletRequest.getParameter(PAC4J_CALLBACK_PARAMETER) != null) {
            this.callbackFilter.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            this.requiresAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain);
        }
    }

    public void destroy() {
    }
}
