package org.apache.solr.security;

import com.ibm.icu.text.PluralRules;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.invoke.MethodHandles;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.commons.collections.iterators.IteratorEnumeration;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
import org.apache.solr.cloud.ZkController;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.util.SuppressForbidden;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.metrics.SolrMetricManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/solr-core-6.6.3.jar:org/apache/solr/security/HadoopAuthPlugin.class */
public class HadoopAuthPlugin extends AuthenticationPlugin {
    private static final String HADOOP_AUTH_TYPE = "type";
    private static final String SYSPROP_PREFIX_PROPERTY = "sysPropPrefix";
    private static final String AUTH_CONFIG_NAMES_PROPERTY = "authConfigs";
    private static final String DEFAULT_AUTH_CONFIGS_PROPERTY = "defaultConfigs";
    private static final String DELEGATION_TOKEN_ENABLED_PROPERTY = "enableDelegationToken";
    private static final String INIT_KERBEROS_ZK = "initKerberosZk";
    public static final String PROXY_USER_CONFIGS = "proxyUserConfigs";
    private AuthenticationFilter authFilter;
    protected final CoreContainer coreContainer;
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final boolean TRACE_HTTP = Boolean.getBoolean("hadoopauth.tracehttp");

    public HadoopAuthPlugin(CoreContainer coreContainer) {
        this.coreContainer = coreContainer;
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public void init(Map<String, Object> map) {
        try {
            this.authFilter = Boolean.parseBoolean((String) map.getOrDefault(DELEGATION_TOKEN_ENABLED_PROPERTY, "false")) ? new HadoopAuthFilter() : new AuthenticationFilter();
            if (Boolean.parseBoolean((String) map.getOrDefault(INIT_KERBEROS_ZK, "false"))) {
                new Krb5HttpClientConfigurer().configure(new DefaultHttpClient(), new ModifiableSolrParams());
            }
            this.authFilter.init(getInitFilterConfig(map));
        } catch (ServletException e) {
            log.error("Error initializing " + getClass().getSimpleName(), (Throwable) e);
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Error initializing " + getClass().getName() + PluralRules.KEYWORD_RULE_SEPARATOR + e);
        }
    }

    protected FilterConfig getInitFilterConfig(Map<String, Object> map) {
        final HashMap hashMap = new HashMap();
        hashMap.put("type", (String) Objects.requireNonNull(map.get("type")));
        String str = (String) map.getOrDefault(SYSPROP_PREFIX_PROPERTY, SolrMetricManager.REGISTRY_NAME_PREFIX);
        Collection<String> collection = (Collection) map.getOrDefault(AUTH_CONFIG_NAMES_PROPERTY, Collections.emptyList());
        Map map2 = (Map) map.getOrDefault(DEFAULT_AUTH_CONFIGS_PROPERTY, Collections.emptyMap());
        Map map3 = (Map) map.getOrDefault(PROXY_USER_CONFIGS, Collections.emptyMap());
        for (String str2 : collection) {
            String property = System.getProperty(str + str2, (String) map2.get(str2));
            if (property != null) {
                hashMap.put(str2, property);
            }
        }
        hashMap.putAll(map3);
        final AttributeOnlyServletContext attributeOnlyServletContext = new AttributeOnlyServletContext();
        log.info("Params: " + hashMap);
        ZkController zkController = this.coreContainer.getZkController();
        if (zkController != null) {
            attributeOnlyServletContext.setAttribute("solr.kerberos.delegation.token.zk.client", zkController.getZkClient());
        }
        return new FilterConfig() { // from class: org.apache.solr.security.HadoopAuthPlugin.1
            @Override // javax.servlet.FilterConfig
            public ServletContext getServletContext() {
                return attributeOnlyServletContext;
            }

            @Override // javax.servlet.FilterConfig
            public Enumeration<String> getInitParameterNames() {
                return new IteratorEnumeration(hashMap.keySet().iterator());
            }

            @Override // javax.servlet.FilterConfig
            public String getInitParameter(String str3) {
                return (String) hashMap.get(str3);
            }

            @Override // javax.servlet.FilterConfig
            public String getFilterName() {
                return "HadoopAuthFilter";
            }
        };
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws Exception {
        final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (TRACE_HTTP) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            log.info("----------HTTP Request---------");
            log.info("{} : {}", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
            log.info("Query : {}", httpServletRequest.getQueryString());
            log.info("Headers :");
            Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String nextElement = headerNames.nextElement();
                Enumeration<String> headers = httpServletRequest.getHeaders(nextElement);
                while (headers.hasMoreElements()) {
                    log.info("{} : {}", nextElement, headers.nextElement());
                }
            }
            log.info("-------------------------------");
        }
        this.authFilter.doFilter(servletRequest, new HttpServletResponseWrapper(httpServletResponse) { // from class: org.apache.solr.security.HadoopAuthPlugin.2
            @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
            @SuppressForbidden(reason = "Hadoop DelegationTokenAuthenticationFilter uses response writer, thisis providing a CloseShield on top of that")
            public PrintWriter getWriter() throws IOException {
                return new PrintWriterWrapper(httpServletResponse.getWriter()) { // from class: org.apache.solr.security.HadoopAuthPlugin.2.1
                    @Override // org.apache.solr.security.PrintWriterWrapper, java.io.PrintWriter, java.io.Writer, java.io.Closeable, java.lang.AutoCloseable
                    public void close() {
                    }
                };
            }
        }, filterChain);
        if (TRACE_HTTP) {
            log.info("----------HTTP Response---------");
            log.info("Status : {}", Integer.valueOf(httpServletResponse.getStatus()));
            log.info("Headers :");
            for (String str : httpServletResponse.getHeaderNames()) {
                Iterator<String> it = httpServletResponse.getHeaders(str).iterator();
                while (it.hasNext()) {
                    log.info("{} : {}", str, it.next());
                }
            }
            log.info("-------------------------------");
        }
        if (!(this.authFilter instanceof HadoopAuthFilter)) {
            return true;
        }
        String str2 = (String) servletRequest.getAttribute("org.apache.solr.security.authentication.requestcontinues");
        if (str2 != null) {
            return Boolean.parseBoolean(str2);
        }
        log.warn("Could not find org.apache.solr.security.authentication.requestcontinues");
        return false;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.authFilter != null) {
            this.authFilter.destroy();
        }
    }
}
