package org.apache.hadoop.gateway.dispatch;

import java.io.IOException;
import java.net.URI;
import java.security.Principal;
import org.apache.hadoop.gateway.SpiGatewayMessages;
import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
import org.apache.hadoop.gateway.audit.api.Auditor;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpOptions;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:org/apache/hadoop/gateway/dispatch/AppCookieManager.class */
public class AppCookieManager {
    static final String HADOOP_AUTH = "hadoop.auth";
    private static final String HADOOP_AUTH_EQ = "hadoop.auth=";
    private static final String SET_COOKIE = "Set-Cookie";
    private static SpiGatewayMessages LOG = (SpiGatewayMessages) MessagesFactory.get(SpiGatewayMessages.class);
    private static Auditor auditor = AuditServiceFactory.getAuditService().getAuditor("audit", "knox", "knox");
    private static final EmptyJaasCredentials EMPTY_JAAS_CREDENTIALS = new EmptyJaasCredentials();
    String appCookie;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/gateway/dispatch/AppCookieManager$EmptyJaasCredentials.class */
    public static class EmptyJaasCredentials implements Credentials {
        private EmptyJaasCredentials() {
        }

        @Override // org.apache.http.auth.Credentials
        public String getPassword() {
            return null;
        }

        @Override // org.apache.http.auth.Credentials
        public Principal getUserPrincipal() {
            return null;
        }
    }

    public static void main(String[] strArr) throws IOException {
        new AppCookieManager().getAppCookie(new HttpGet(strArr[0]), false);
    }

    public String getAppCookie(HttpUriRequest httpUriRequest, boolean z) throws IOException {
        HttpEntity entity;
        HttpEntity entity2;
        URI uri = httpUriRequest.getURI();
        String scheme = uri.getScheme();
        String host = uri.getHost();
        int port = uri.getPort();
        if (!z && this.appCookie != null) {
            return this.appCookie;
        }
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        defaultHttpClient.getAuthSchemes().register("negotiate", new SPNegoSchemeFactory(true));
        defaultHttpClient.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), EMPTY_JAAS_CREDENTIALS);
        clearAppCookie();
        HttpResponse httpResponse = null;
        try {
            httpResponse = defaultHttpClient.execute(new HttpHost(host, port, scheme), createKerberosAuthenticationRequest(httpUriRequest));
            String hadoopAuthCookieValue = getHadoopAuthCookieValue(httpResponse.getHeaders(SET_COOKIE));
            EntityUtils.consume(httpResponse.getEntity());
            if (hadoopAuthCookieValue == null) {
                LOG.failedSPNegoAuthn(uri.toString());
                auditor.audit("authentication", uri.toString(), "uri", "failure");
                throw new IOException("SPNego authn failed, can not get hadoop.auth cookie");
            }
            if (httpResponse != null && (entity2 = httpResponse.getEntity()) != null) {
                entity2.getContent().close();
            }
            LOG.successfulSPNegoAuthn(uri.toString());
            auditor.audit("authentication", uri.toString(), "uri", "success");
            setAppCookie(HADOOP_AUTH_EQ + quote(hadoopAuthCookieValue));
            return this.appCookie;
        } catch (Throwable th) {
            if (httpResponse != null && (entity = httpResponse.getEntity()) != null) {
                entity.getContent().close();
            }
            throw th;
        }
    }

    protected HttpRequest createKerberosAuthenticationRequest(HttpUriRequest httpUriRequest) {
        return new HttpOptions(httpUriRequest.getURI().getPath());
    }

    public String getCachedAppCookie() {
        return this.appCookie;
    }

    private void setAppCookie(String str) {
        this.appCookie = str;
    }

    private void clearAppCookie() {
        this.appCookie = null;
    }

    static String quote(String str) {
        return str == null ? str : "\"" + str + "\"";
    }

    static String getHadoopAuthCookieValue(Header[] headerArr) {
        if (headerArr == null) {
            return null;
        }
        for (Header header : headerArr) {
            for (HeaderElement headerElement : header.getElements()) {
                if (headerElement.getName().equals(HADOOP_AUTH) && headerElement.getValue() != null) {
                    String trim = headerElement.getValue().trim();
                    if (!trim.isEmpty()) {
                        return trim;
                    }
                }
            }
        }
        return null;
    }
}
