package org.apache.hadoop.ozone.s3;

import com.google.common.base.Strings;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.hdds.conf.MutableConfigurationSource;
import org.apache.hadoop.hdds.server.http.BaseHttpServer;
import org.apache.hadoop.hdds.server.http.ServletElementsFactory;
import org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.eclipse.jetty.servlet.ServletHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/S3GatewayHttpServer.class */
public class S3GatewayHttpServer extends BaseHttpServer {
    private static final Logger LOG = LoggerFactory.getLogger(S3GatewayHttpServer.class);
    public static final int FILTER_PRIORITY_DO_AFTER = 50;

    /* loaded from: input_file:org/apache/hadoop/ozone/s3/S3GatewayHttpServer$IconServlet.class */
    public static class IconServlet extends HttpServlet {
        private static final long serialVersionUID = -1;

        public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            httpServletResponse.setContentType("image/png");
            httpServletResponse.sendRedirect("/static/images/ozone.ico");
        }
    }

    public S3GatewayHttpServer(MutableConfigurationSource mutableConfigurationSource, String str) throws IOException {
        super(mutableConfigurationSource, str);
        addServlet("icon", "/favicon.ico", IconServlet.class);
        addSecretAuthentication(mutableConfigurationSource);
    }

    private void addSecretAuthentication(MutableConfigurationSource mutableConfigurationSource) throws IOException {
        if (mutableConfigurationSource.getBoolean(S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_ENABLED_KEY, false)) {
            String str = mutableConfigurationSource.get(S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_AUTH_TYPE_KEY, S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_AUTH_TYPE_DEFAULT);
            if (!UserGroupInformation.isSecurityEnabled() || !str.equals(S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_AUTH_TYPE_DEFAULT)) {
                LOG.error("Secret Endpoint should be secured with Kerberos");
                throw new IllegalStateException("Secret Endpoint should be secured with Kerberos");
            }
            ServletHandler servletHandler = getWebAppContext().getServletHandler();
            HashMap hashMap = new HashMap();
            String str2 = mutableConfigurationSource.get(S3GatewayConfigKeys.OZONE_S3G_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL);
            if (!Strings.isNullOrEmpty(str2)) {
                hashMap.put("kerberos.principal", SecurityUtil.getServerPrincipal(str2, mutableConfigurationSource.get(S3GatewayConfigKeys.OZONE_S3G_HTTP_BIND_HOST_KEY)));
            }
            String str3 = mutableConfigurationSource.get(S3GatewayConfigKeys.OZONE_S3G_KEYTAB_FILE);
            if (!Strings.isNullOrEmpty(str3)) {
                hashMap.put("kerberos.keytab", str3);
            }
            hashMap.put("type", S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_AUTH_TYPE_DEFAULT);
            servletHandler.addFilter(ServletElementsFactory.createFilterHolder("secretAuthentication", AuthenticationFilter.class.getName(), hashMap), ServletElementsFactory.createFilterMapping("secretAuthentication", new String[]{"/secret/*"}));
        }
    }

    protected String getHttpAddressKey() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_ADDRESS_KEY;
    }

    protected String getHttpBindHostKey() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_BIND_HOST_KEY;
    }

    protected String getHttpsAddressKey() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTPS_ADDRESS_KEY;
    }

    protected String getHttpsBindHostKey() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTPS_BIND_HOST_KEY;
    }

    protected String getBindHostDefault() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_BIND_HOST_DEFAULT;
    }

    protected int getHttpBindPortDefault() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_BIND_PORT_DEFAULT;
    }

    protected int getHttpsBindPortDefault() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTPS_BIND_PORT_DEFAULT;
    }

    protected String getKeytabFile() {
        return S3GatewayConfigKeys.OZONE_S3G_KEYTAB_FILE;
    }

    protected String getSpnegoPrincipal() {
        return S3GatewayConfigKeys.OZONE_S3G_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL;
    }

    protected String getEnabledKey() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_ENABLED_KEY;
    }

    protected String getHttpAuthType() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_AUTH_TYPE;
    }

    protected String getHttpAuthConfigPrefix() {
        return S3GatewayConfigKeys.OZONE_S3G_HTTP_AUTH_CONFIG_PREFIX;
    }
}
