package com.huawei.hadoop.adapter.sso;

import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;

/* loaded from: input_file:com/huawei/hadoop/adapter/sso/SpnegoFilter.class */
public class SpnegoFilter extends AuthenticationFilter {
    private static final Log LOG = LogFactory.getLog(SpnegoFilter.class);
    private List<Pattern> patternForHostName = new ArrayList();
    private List<Pattern> patternForPath = new ArrayList();

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String[] strArr = null;
        String initParameter = filterConfig.getInitParameter("hadoop.spnego.allowed.ips");
        if (null != initParameter && !initParameter.isEmpty()) {
            strArr = StringUtils.split(initParameter, ',');
        }
        if (null != strArr && strArr.length > 0) {
            for (String str : strArr) {
                String trim = StringUtils.trim(str);
                if (null != trim && !trim.isEmpty()) {
                    this.patternForHostName.add(Pattern.compile(trim + ".*"));
                }
            }
        }
        if (this.patternForHostName.isEmpty()) {
            this.patternForHostName.add(Pattern.compile(".*"));
        }
        this.patternForPath.add(Pattern.compile("/jmx.*"));
        this.patternForPath.add(Pattern.compile("/conf.*"));
        this.patternForPath.add(Pattern.compile("/stacks.*"));
        this.patternForPath.add(Pattern.compile("/logLevel.*"));
        this.patternForPath.add(Pattern.compile("/getJournal.*"));
        this.patternForPath.add(Pattern.compile("/webhdfs.*"));
        this.patternForPath.add(Pattern.compile("/node.*"));
        this.patternForPath.add(Pattern.compile("/jobhistory.*"));
        this.patternForPath.add(Pattern.compile("/master-status.*"));
        this.patternForPath.add(Pattern.compile("/browseDirectory.jsp.*"));
        this.patternForPath.add(Pattern.compile("/dfshealth.html.*"));
        this.patternForPath.add(Pattern.compile("/ws/v1.*"));
        this.patternForPath.add(Pattern.compile("/imagetransfer.*"));
        this.patternForPath.add(Pattern.compile("/fsck.*"));
        this.patternForPath.add(Pattern.compile("/journalstatus.jsp.*"));
        this.patternForPath.add(Pattern.compile("/dataNodeHome.jsp.*"));
        this.patternForPath.add(Pattern.compile("/application_.*"));
        this.patternForPath.add(Pattern.compile("/static/.*"));
        this.patternForPath.add(Pattern.compile("/kms.*"));
    }

    public void destroy() {
        super.destroy();
    }

    protected Properties getConfiguration(String str, FilterConfig filterConfig) {
        Properties properties = new Properties();
        properties.setProperty("type", filterConfig.getInitParameter("type"));
        properties.setProperty("token.validity", filterConfig.getInitParameter("token.validity"));
        properties.setProperty("kerberos.keytab", filterConfig.getInitParameter("kerberos.keytab"));
        properties.setProperty("kerberos.principal", filterConfig.getInitParameter("kerberos.principal"));
        return properties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        if (StringUtils.startsWith(httpServletRequest.getHeader("User-Agent"), "Mozilla")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("POST".equals(httpServletRequest.getMethod()) && StringUtils.isNotBlank(httpServletRequest.getParameter("logoutRequest"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String hostName = InetAddress.getByName(remoteAddr).getHostName();
        Boolean bool = false;
        for (Pattern pattern : this.patternForHostName) {
            if (pattern.matcher(remoteAddr).matches() || pattern.matcher(hostName).matches()) {
                bool = true;
                break;
            }
        }
        if (!bool.booleanValue()) {
            LOG.warn("User is not authorized to access the resource");
            return;
        }
        Boolean bool2 = false;
        Iterator<Pattern> it = this.patternForPath.iterator();
        while (true) {
            if (it.hasNext()) {
                if (it.next().matcher(servletPath).matches()) {
                    bool2 = true;
                    break;
                }
            } else {
                break;
            }
        }
        if (!bool2.booleanValue()) {
            LOG.warn("Requested path is not accessible: " + httpServletRequest.getServletPath());
        } else {
            httpServletRequest.setAttribute("skipPrivateFilters", "true");
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
}
