package org.apache.ambari.server.security.authentication.kerberos;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.security.authentication.AmbariAuthenticationEventHandler;
import org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
import org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter;
import org.apache.ambari.server.security.authentication.tproxy.TrustedProxyAuthenticationDetailsSource;
import org.apache.ambari.server.utils.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

@Component
@Order(2)
/* loaded from: input_file:org/apache/ambari/server/security/authentication/kerberos/AmbariKerberosAuthenticationFilter.class */
public class AmbariKerberosAuthenticationFilter extends SpnegoAuthenticationProcessingFilter implements AmbariAuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariKerberosAuthenticationFilter.class);
    private final AmbariAuthenticationEventHandler eventHandler;
    private final boolean kerberosAuthenticationEnabled;

    public AmbariKerberosAuthenticationFilter(AuthenticationManager authenticationManager, final AuthenticationEntryPoint authenticationEntryPoint, Configuration configuration, final AmbariAuthenticationEventHandler ambariAuthenticationEventHandler) {
        AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration == null ? null : configuration.getKerberosAuthenticationProperties();
        this.kerberosAuthenticationEnabled = kerberosAuthenticationProperties != null && kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
        if (ambariAuthenticationEventHandler == null) {
            throw new IllegalArgumentException("The AmbariAuthenticationEventHandler must not be null");
        }
        this.eventHandler = ambariAuthenticationEventHandler;
        setAuthenticationManager(authenticationManager);
        setAuthenticationDetailsSource(new TrustedProxyAuthenticationDetailsSource());
        setFailureHandler(new AuthenticationFailureHandler() { // from class: org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationFilter.1
            public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
                if (ambariAuthenticationEventHandler != null) {
                    ambariAuthenticationEventHandler.onUnsuccessfulAuthentication(AmbariKerberosAuthenticationFilter.this, httpServletRequest, httpServletResponse, authenticationException instanceof AmbariAuthenticationException ? (AmbariAuthenticationException) authenticationException : new AmbariAuthenticationException(null, authenticationException.getLocalizedMessage(), false, authenticationException));
                }
                authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
            }
        });
        setSuccessHandler(new AuthenticationSuccessHandler() { // from class: org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationFilter.2
            public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                if (ambariAuthenticationEventHandler != null) {
                    ambariAuthenticationEventHandler.onSuccessfulAuthentication(AmbariKerberosAuthenticationFilter.this, httpServletRequest, httpServletResponse, authentication);
                }
            }
        });
    }

    @Override // org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter
    public boolean shouldApply(HttpServletRequest httpServletRequest) {
        String header;
        if (LOG.isDebugEnabled()) {
            RequestUtils.logRequestHeadersAndQueryParams(httpServletRequest, LOG);
        }
        return this.kerberosAuthenticationEnabled && (header = httpServletRequest.getHeader("Authorization")) != null && (header.startsWith("Negotiate ") || header.startsWith("Kerberos "));
    }

    @Override // org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter
    public boolean shouldIncrementFailureCount() {
        return false;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.eventHandler != null) {
            this.eventHandler.beforeAttemptAuthentication(this, servletRequest, servletResponse);
        }
        super.doFilter(servletRequest, servletResponse, filterChain);
    }
}
