package org.apache.hadoop.security.authentication.server;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.util.HttpExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/authentication/server/ProxyUserAuthenticationFilter.class */
public class ProxyUserAuthenticationFilter extends AuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ProxyUserAuthenticationFilter.class);
    private static final String DO_AS = "doAs";
    public static final String PROXYUSER_PREFIX = "proxyuser";

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter, javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        ProxyUsers.refreshSuperUserGroupsConfiguration(getProxyuserConfiguration(filterConfig), "proxyuser");
        super.init(filterConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.authentication.server.AuthenticationFilter
    public void doFilter(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter(DO_AS);
        if (parameter != null && !parameter.equals(httpServletRequest.getRemoteUser())) {
            LOG.debug("doAsUser = {}, RemoteUser = {} , RemoteAddress = {} ", new Object[]{parameter, httpServletRequest.getRemoteUser(), httpServletRequest.getRemoteAddr()});
            UserGroupInformation createRemoteUser = httpServletRequest.getUserPrincipal() != null ? UserGroupInformation.createRemoteUser(httpServletRequest.getRemoteUser()) : null;
            if (createRemoteUser != null) {
                final UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser(parameter, createRemoteUser);
                try {
                    ProxyUsers.authorize(createProxyUser, httpServletRequest.getRemoteAddr());
                    httpServletRequest = new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.1
                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public String getRemoteUser() {
                            return createProxyUser.getShortUserName();
                        }

                        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
                        public Principal getUserPrincipal() {
                            return new Principal() { // from class: org.apache.hadoop.security.authentication.server.ProxyUserAuthenticationFilter.1.1
                                @Override // java.security.Principal
                                public String getName() {
                                    return createProxyUser.getUserName();
                                }
                            };
                        }
                    };
                    LOG.debug("Proxy user Authentication successful");
                } catch (AuthorizationException e) {
                    HttpExceptionUtils.createServletExceptionResponse(httpServletResponse, 403, e);
                    LOG.warn("Proxy user Authentication exception", e);
                    return;
                }
            }
        }
        super.doFilter(filterChain, httpServletRequest, httpServletResponse);
    }

    protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) throws ServletException {
        Configuration configuration = new Configuration(false);
        Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String nextElement = initParameterNames.nextElement();
            if (nextElement.startsWith("proxyuser.")) {
                configuration.set(nextElement, filterConfig.getInitParameter(nextElement));
            }
        }
        return configuration;
    }
}
