package org.apache.hadoop.yarn.server.timeline.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.http.FilterContainer;
import org.apache.hadoop.http.FilterInitializer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticationHandler;
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
import shaded.com.google.common.annotations.VisibleForTesting;

/* loaded from: input_file:org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.class */
public class TimelineAuthenticationFilterInitializer extends FilterInitializer {
    public static final String PREFIX = "yarn.timeline-service.http-authentication.";

    @VisibleForTesting
    Map<String, String> filterConfig;

    protected void setAuthFilterConfig(Configuration configuration) {
        this.filterConfig = new HashMap();
        this.filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");
        Iterator<Map.Entry<String, String>> it = configuration.iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (key.startsWith(ProxyUsers.CONF_HADOOP_PROXYUSER)) {
                this.filterConfig.put(key.substring("hadoop.".length()), configuration.get(key));
            }
        }
        Iterator<Map.Entry<String, String>> it2 = configuration.iterator();
        while (it2.hasNext()) {
            String key2 = it2.next().getKey();
            if (key2.startsWith(PREFIX)) {
                this.filterConfig.put(key2.substring(PREFIX.length()), configuration.get(key2));
            }
        }
        String str = configuration.get("bind.address");
        String str2 = this.filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
        if (str2 != null) {
            try {
                this.filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, SecurityUtil.getServerPrincipal(str2, str));
            } catch (IOException e) {
                throw new RuntimeException("Could not resolve Kerberos principal name: " + e.toString(), e);
            }
        }
    }

    protected Map<String, String> getFilterConfig() {
        return this.filterConfig;
    }

    @Override // org.apache.hadoop.http.FilterInitializer
    public void initFilter(FilterContainer filterContainer, Configuration configuration) {
        setAuthFilterConfig(configuration);
        String str = this.filterConfig.get("type");
        if (str.equals("simple")) {
            this.filterConfig.put("type", PseudoDelegationTokenAuthenticationHandler.class.getName());
        } else if (str.equals("kerberos")) {
            this.filterConfig.put("type", KerberosDelegationTokenAuthenticationHandler.class.getName());
        }
        this.filterConfig.put(DelegationTokenAuthenticationHandler.TOKEN_KIND, TimelineDelegationTokenIdentifier.KIND_NAME.toString());
        filterContainer.addGlobalFilter("Timeline Authentication Filter", TimelineAuthenticationFilter.class.getName(), this.filterConfig);
    }
}
