package org.apache.ambari.server.security.authentication;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.security.AmbariEntryPoint;
import org.apache.ambari.server.utils.RequestUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.stereotype.Component;

@Component
@Order(3)
/* loaded from: input_file:org/apache/ambari/server/security/authentication/AmbariBasicAuthenticationFilter.class */
public class AmbariBasicAuthenticationFilter extends BasicAuthenticationFilter implements AmbariAuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariBasicAuthenticationFilter.class);
    private final AmbariAuthenticationEventHandler eventHandler;

    public AmbariBasicAuthenticationFilter(AuthenticationManager authenticationManager, AmbariEntryPoint ambariEntryPoint, AmbariAuthenticationEventHandler ambariAuthenticationEventHandler) {
        super(authenticationManager, ambariEntryPoint);
        if (ambariAuthenticationEventHandler == null) {
            throw new IllegalArgumentException("The AmbariAuthenticationEventHandler must not be null");
        }
        this.eventHandler = ambariAuthenticationEventHandler;
    }

    @Override // org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter
    public boolean shouldApply(HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            RequestUtils.logRequestHeadersAndQueryParams(httpServletRequest, LOG);
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            return false;
        }
        if (StringUtils.isEmpty(RequestUtils.getQueryStringParameterValue(httpServletRequest, "doAs"))) {
            return true;
        }
        LOG.warn("The 'doAs' query parameter was provided; however, the BasicAuth header is found. Ignoring the BasicAuth header hoping to negotiate Kerberos authentication.");
        return false;
    }

    @Override // org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter
    public boolean shouldIncrementFailureCount() {
        return true;
    }

    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.eventHandler != null) {
            this.eventHandler.beforeAttemptAuthentication(this, httpServletRequest, httpServletResponse);
        }
        super.doFilterInternal(httpServletRequest, httpServletResponse, filterChain);
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        if (this.eventHandler != null) {
            this.eventHandler.onSuccessfulAuthentication(this, httpServletRequest, httpServletResponse, authentication);
        }
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        AmbariAuthenticationException ambariAuthenticationException;
        if (this.eventHandler != null) {
            if (authenticationException instanceof AmbariAuthenticationException) {
                ambariAuthenticationException = (AmbariAuthenticationException) authenticationException;
            } else {
                String str = null;
                try {
                    str = getUsernameFromAuth(httpServletRequest.getHeader("Authorization"), getCredentialsCharset(httpServletRequest));
                } catch (Exception e) {
                    LOG.warn("Error occurred during decoding authorization header.", e);
                }
                ambariAuthenticationException = new AmbariAuthenticationException(str, authenticationException.getMessage(), false, authenticationException);
            }
            this.eventHandler.onUnsuccessfulAuthentication(this, httpServletRequest, httpServletResponse, ambariAuthenticationException);
        }
    }

    private String getUsernameFromAuth(String str, String str2) throws IOException {
        try {
            String str3 = new String(Base64.decode(str.substring(6).getBytes("UTF-8")), str2);
            int indexOf = str3.indexOf(":");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid basic authentication token");
            }
            return str3.substring(0, indexOf);
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }
}
