package com.huawei.hadoop.adapter.sso;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/hadoop/adapter/sso/WebHDFSTokenSetterFilter.class */
public class WebHDFSTokenSetterFilter implements Filter {
    private static final String WEB_HDFS_DELEGATION_TOKEN = "_WEB_HDFS_DELEGATION_TOKEN_";
    private UserGroupInformation ugi = null;
    private final Configuration conf = new Configuration();
    private boolean isObserverNN;
    private static final Logger LOG = LoggerFactory.getLogger(WebHDFSTokenSetterFilter.class);
    private static final Path ROOT_PATH = new Path("/");
    private static final Cache<String, String> USER_TOKEN_CACHE = CacheBuilder.newBuilder().expireAfterWrite(30, TimeUnit.MINUTES).build();

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            this.ugi = UserGroupInformation.getLoginUser();
            StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
            if (stackTrace.length > 0 && stackTrace[stackTrace.length - 1].getClassName().equals("org.apache.hadoop.hdfs.server.federation.router.DFSRouter")) {
                this.conf.set("fs.defaultFS", this.conf.get("dfs.router.internal.defaultFS"));
            }
            modifyConf();
        } catch (Exception e) {
            LOG.error("WebHDFSTokenSetterFilter init failed", e);
            throw new ServletException(e);
        }
    }

    private void modifyConf() {
        String str = this.conf.get("dfs.ha.namenode.id");
        String str2 = this.conf.get("dfs.current.nameservice");
        this.isObserverNN = this.conf.getStringCollection("dfs.namenode.observer.ids." + str2).contains(str);
        if (this.isObserverNN) {
            String str3 = this.conf.get("dfs.namenode.active_standby.ids." + str2);
            String str4 = "dfs.ha.namenodes." + str2;
            String str5 = str3 + "," + str;
            LOG.info("Modify the Observer NN's {} value to {}.", str4, str5);
            this.conf.set(str4, str5);
        }
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!StringUtils.startsWith(httpServletRequest.getServletPath(), "/webhdfs") || !StringUtils.startsWith(httpServletRequest.getHeader("User-Agent"), "Mozilla")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("POST".equals(httpServletRequest.getMethod()) && StringUtils.isNotBlank(httpServletRequest.getParameter("logoutRequest"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getParameter("delegation") != null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        String userName = getUserName(httpServletRequest);
        String str = null;
        if (session != null && userName != null) {
            str = getTokenFromSesson(session, userName);
            if (str == null) {
                str = getToken(userName, httpServletRequest);
                setTokenToSession(session, userName, str);
            }
        }
        final String str2 = str;
        filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { // from class: com.huawei.hadoop.adapter.sso.WebHDFSTokenSetterFilter.1
            public String getParameter(String str3) {
                return "delegation".equals(str3) ? str2 : super.getParameter(str3);
            }

            public String getQueryString() {
                String queryString = super.getQueryString();
                String str3 = "delegation=" + str2;
                return StringUtils.isBlank(queryString) ? str3 : queryString + "&" + str3;
            }
        }, servletResponse);
    }

    private void setTokenToSession(HttpSession httpSession, String str, String str2) {
        httpSession.setAttribute(WEB_HDFS_DELEGATION_TOKEN + str, str2);
    }

    private String getTokenFromSesson(HttpSession httpSession, String str) {
        return (String) httpSession.getAttribute(WEB_HDFS_DELEGATION_TOKEN + str);
    }

    private String getToken(final String str, final ServletRequest servletRequest) {
        try {
            return (String) USER_TOKEN_CACHE.get(str, new Callable<String>() { // from class: com.huawei.hadoop.adapter.sso.WebHDFSTokenSetterFilter.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public String call() throws IOException, InterruptedException {
                    return WebHDFSTokenSetterFilter.this.getTokenInternal(str, servletRequest);
                }
            });
        } catch (ExecutionException e) {
            LOG.error("Failed to get token of {}.", str, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getTokenInternal(String str, ServletRequest servletRequest) throws IOException, InterruptedException {
        UserGroupInformation createProxyUser;
        LOG.info("Require token for {}.", str);
        if (StringUtils.equals(str, this.ugi.getShortUserName())) {
            createProxyUser = this.ugi;
        } else {
            String remoteAddr = servletRequest.getRemoteAddr();
            createProxyUser = UserGroupInformation.createProxyUser(str, this.ugi);
            ProxyUsers.authorize(createProxyUser, remoteAddr);
        }
        return (String) createProxyUser.doAs(new PrivilegedExceptionAction<String>() { // from class: com.huawei.hadoop.adapter.sso.WebHDFSTokenSetterFilter.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws IOException {
                FileSystem fileSystem = FileSystem.get(WebHDFSTokenSetterFilter.this.conf);
                Token delegationToken = fileSystem.getDelegationToken((String) null);
                if (delegationToken == null) {
                    throw new IOException("Failed to getDelegationToken. token==null.");
                }
                if (WebHDFSTokenSetterFilter.this.isObserverNN) {
                    try {
                        fileSystem.getFileStatus(WebHDFSTokenSetterFilter.ROOT_PATH);
                    } catch (IOException e) {
                        WebHDFSTokenSetterFilter.LOG.debug("Failed to getFileStatus.", e);
                    }
                }
                return delegationToken.encodeToUrlString();
            }
        });
    }

    private String getUserName(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        Assertion assertion = (Assertion) (session == null ? httpServletRequest.getAttribute("_const_cas_assertion_") : session.getAttribute("_const_cas_assertion_"));
        AttributePrincipal principal = assertion == null ? null : assertion.getPrincipal();
        if (principal == null) {
            return null;
        }
        return principal.getName();
    }
}
