package com.huawei.hadoop.adapter.sso;

import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;

/* loaded from: input_file:com/huawei/hadoop/adapter/sso/SpnegoFilterForYARN.class */
public class SpnegoFilterForYARN extends AuthenticationFilter {
    private static final Log LOG = LogFactory.getLog(SpnegoFilter.class.getName());
    private ArrayList<Pattern> pattern = new ArrayList<>();
    private boolean isSasPluginEnable = false;
    private volatile boolean isInit = false;

    public void init(FilterConfig filterConfig) throws ServletException {
        LOG.info("init SpnegoFilterForYARN");
        synchronized (this) {
            if (!this.isInit) {
                LOG.info("init AuthenticationFilter: " + this);
                initFilter(filterConfig);
                this.isInit = true;
            }
        }
    }

    private void initFilter(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String[] strArr = null;
        String initParameter = filterConfig.getInitParameter("hadoop.spnego.allowed.ips");
        if (null != initParameter && !initParameter.isEmpty()) {
            strArr = StringUtils.split(initParameter, ',');
        }
        if (null != strArr && strArr.length > 0) {
            for (String str : strArr) {
                String trim = StringUtils.trim(str);
                if (null != trim && !trim.isEmpty()) {
                    this.pattern.add(Pattern.compile(trim + ".*"));
                }
            }
        }
        if (this.pattern.size() == 0) {
            this.pattern.add(Pattern.compile(".*"));
        }
        this.isSasPluginEnable = Boolean.parseBoolean(filterConfig.getInitParameter("sas.plugin.enable"));
    }

    public void destroy() {
        super.destroy();
        this.isInit = false;
    }

    protected Properties getConfiguration(String str, FilterConfig filterConfig) {
        Properties properties = new Properties();
        properties.setProperty("type", filterConfig.getInitParameter("type"));
        properties.setProperty("token.validity", filterConfig.getInitParameter("token.validity"));
        properties.setProperty("kerberos.keytab", filterConfig.getInitParameter("kerberos.keytab"));
        properties.setProperty("kerberos.principal", filterConfig.getInitParameter("kerberos.principal"));
        return properties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        String requestURI = httpServletRequest.getRequestURI();
        filterIp(httpServletRequest);
        if (StringUtils.startsWith(httpServletRequest.getHeader("User-Agent"), "Mozilla") && !StringUtils.equals(requestURI, "/api/v1/applications") && !StringUtils.equals(requestURI, "/static/historypage-template.html")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("POST".equals(httpServletRequest.getMethod()) && StringUtils.isNotBlank(httpServletRequest.getParameter("logoutRequest"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletRequest.setAttribute("skipPrivateFilters", "true");
        if (StringUtils.equals(servletPath, "/jmx")) {
            filterChain.doFilter(SSOUtils.getRequestWithStaticUser(httpServletRequest), servletResponse);
            return;
        }
        if ((this.isSasPluginEnable && StringUtils.startsWith(httpServletRequest.getRequestURI(), "/proxy/application_")) || StringUtils.contains(httpServletRequest.getQueryString(), "mode=monitoring")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        LOG.debug("===do filter:SpnegoFilter");
        super.doFilter(servletRequest, servletResponse, filterChain);
        LOG.debug("===do filter:SpnegoFilter end");
    }

    private void filterIp(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String hostName = InetAddress.getByName(remoteAddr).getHostName();
        Boolean bool = false;
        Iterator<Pattern> it = this.pattern.iterator();
        while (it.hasNext()) {
            Pattern next = it.next();
            if (next.matcher(remoteAddr).matches() || next.matcher(hostName).matches()) {
                bool = true;
                break;
            }
        }
        if (!bool.booleanValue()) {
            throw new ServletException("User not authorized to access the resource");
        }
    }
}
