package com.huawei.cloudtable.hbase.rest.filter;

import com.google.gson.JsonObject;
import com.huawei.cloudtable.hbase.rest.filter.token.consts.CloudTableConfig;
import com.huawei.cloudtable.hbase.rest.filter.token.enums.ErrorCode;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.AkSkValidatorImpl;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.ITokenvalidator;
import com.huawei.cloudtable.hbase.rest.filter.token.utils.TokenValidatorImpl;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.rest.RestAclUtil;
import org.apache.hadoop.hbase.security.token.AKSKRequestInfo;

/* loaded from: input_file:com/huawei/cloudtable/hbase/rest/filter/RestTokenFilter.class */
public class RestTokenFilter extends CloudTableConfig implements Filter {
    private static final String TOKEN_HEADER = "X-Auth-Token";
    private static final String PROJECT_ID_HEADER = "X-Auth-ProjectId";
    private static final String AK_HEADER = "X-Auth-AK";
    private static final String USER_HEADER = "X-Auth-User";
    private static final String SECURITY_TOKEN_HEADER = "X-Security-Token";
    private ITokenvalidator tokenValidator;
    private ITokenvalidator akskTokenValidator;
    private static final Log logger = LogFactory.getLog(RestTokenFilter.class);
    private static final Boolean iamSwitch = CloudTableConfig.IAM_SWITCH;

    public void init(FilterConfig filterConfig) throws ServletException {
        initConfig();
        logger.debug("RestTokenFilter, Will use IAM to validate user...");
        if (isAkskAuth()) {
            this.akskTokenValidator = new AkSkValidatorImpl();
        }
        this.tokenValidator = new TokenValidatorImpl();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (iamSwitch.booleanValue()) {
            checkToken((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        } else {
            logger.info("Cloudtable Iam switch is off !");
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isAkskAuth() {
        return CloudTableConfig.AUTHENTICATION.equals(CloudTableConfig.SECURITY_AUTHENTICATION_AKSK);
    }

    private void checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        ErrorCode validateToken;
        String header = httpServletRequest.getHeader(TOKEN_HEADER);
        String header2 = httpServletRequest.getHeader(PROJECT_ID_HEADER);
        String header3 = httpServletRequest.getHeader(AK_HEADER);
        String header4 = httpServletRequest.getHeader(USER_HEADER);
        String header5 = httpServletRequest.getHeader(SECURITY_TOKEN_HEADER);
        boolean isAkskAuth = isAkskAuth();
        logger.info("Start validate token,user:" + header4 + ",ak:" + header3 + ",projectId:" + header2 + ",isAkskAuth:" + isAkskAuth);
        if (isAkskAuth && StringUtils.isNotEmpty(header3) && StringUtils.isNotEmpty(header4)) {
            logger.debug("enter validateAkSk");
            AKSKRequestInfo aKSKRequestInfo = new AKSKRequestInfo(header3, header4);
            if (StringUtils.isNotEmpty(header5)) {
                logger.info("set securityToken for temp ak sk.");
                aKSKRequestInfo.setSecurityToken(header5);
            }
            validateToken = this.akskTokenValidator.validateAkSk(header, header2, aKSKRequestInfo);
            if (null == validateToken) {
                RestAclUtil.checkAcl(httpServletRequest, header4);
            }
        } else {
            logger.debug("enter validateToken");
            validateToken = this.tokenValidator.validateToken(header, header2);
        }
        if (null != validateToken) {
            logger.error("return code:" + validateToken);
            setResponse(httpServletResponse, validateToken);
        } else {
            logger.debug("Token validting success,  Do next filter...");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void setResponse(HttpServletResponse httpServletResponse, ErrorCode errorCode) throws IOException {
        httpServletResponse.setStatus(errorCode.getStatusCode());
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("error", errorCode.toString());
        httpServletResponse.getWriter().write(jsonObject.toString());
    }

    public void destroy() {
        this.tokenValidator = null;
        this.akskTokenValidator = null;
    }
}
