package org.apache.hadoop.security.authentication.server;

import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import java.io.IOException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.http.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-auth-2.8.3.jar:org/apache/hadoop/security/authentication/server/MultiSchemeAuthenticationHandler.class */
public class MultiSchemeAuthenticationHandler implements CompositeAuthenticationHandler {
    public static final String SCHEMES_PROPERTY = "multi-scheme-auth-handler.schemes";
    public static final String AUTH_HANDLER_PROPERTY = "multi-scheme-auth-handler.schemes.%s.handler";
    private final Map<String, AuthenticationHandler> schemeToAuthHandlerMapping;
    private final Collection<String> types;
    private final String authType;
    public static final String TYPE = "multi-scheme";
    private static Logger logger = LoggerFactory.getLogger((Class<?>) MultiSchemeAuthenticationHandler.class);
    private static final Splitter STR_SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings();

    public MultiSchemeAuthenticationHandler() {
        this(TYPE);
    }

    public MultiSchemeAuthenticationHandler(String str) {
        this.schemeToAuthHandlerMapping = new HashMap();
        this.types = new HashSet();
        this.authType = str;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public String getType() {
        return this.authType;
    }

    @Override // org.apache.hadoop.security.authentication.server.CompositeAuthenticationHandler
    public Collection<String> getTokenTypes() {
        return this.types;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
        for (Map.Entry entry : properties.entrySet()) {
            logger.info("{} : {}", entry.getKey(), entry.getValue());
        }
        this.types.clear();
        Iterator<String> it = STR_SPLITTER.split((String) Preconditions.checkNotNull(properties.getProperty(SCHEMES_PROPERTY), "%s system property is not specified.", SCHEMES_PROPERTY)).iterator();
        while (it.hasNext()) {
            String checkAuthScheme = AuthenticationHandlerUtil.checkAuthScheme(it.next());
            if (this.schemeToAuthHandlerMapping.containsKey(checkAuthScheme)) {
                throw new IllegalArgumentException("Handler is already specified for " + checkAuthScheme + " authentication scheme.");
            }
            String property = properties.getProperty(String.format(AUTH_HANDLER_PROPERTY, checkAuthScheme).toLowerCase());
            Preconditions.checkNotNull(property, "No auth handler configured for scheme %s.", checkAuthScheme);
            AuthenticationHandler initializeAuthHandler = initializeAuthHandler(AuthenticationHandlerUtil.getAuthenticationHandlerClassName(property), properties);
            this.schemeToAuthHandlerMapping.put(checkAuthScheme, initializeAuthHandler);
            this.types.add(initializeAuthHandler.getType());
        }
        logger.info("Successfully initialized MultiSchemeAuthenticationHandler");
    }

    protected AuthenticationHandler initializeAuthHandler(String str, Properties properties) throws ServletException {
        try {
            Preconditions.checkNotNull(str);
            logger.debug("Initializing Authentication handler of type " + str);
            AuthenticationHandler authenticationHandler = (AuthenticationHandler) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
            authenticationHandler.init(properties);
            logger.info("Successfully initialized Authentication handler of type " + str);
            return authenticationHandler;
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            logger.error("Failed to initialize authentication handler " + str, e);
            throw new ServletException(e);
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void destroy() {
        Iterator<AuthenticationHandler> it = this.schemeToAuthHandlerMapping.values().iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public boolean managementOperation(AuthenticationToken authenticationToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        return true;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            for (String str : this.schemeToAuthHandlerMapping.keySet()) {
                if (AuthenticationHandlerUtil.matchAuthScheme(str, header)) {
                    AuthenticationToken authenticate = this.schemeToAuthHandlerMapping.get(str).authenticate(httpServletRequest, httpServletResponse);
                    logger.trace("Token generated with type {}", authenticate.getType());
                    return authenticate;
                }
            }
        }
        httpServletResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
        Iterator<String> it = this.schemeToAuthHandlerMapping.keySet().iterator();
        while (it.hasNext()) {
            httpServletResponse.addHeader("WWW-Authenticate", it.next());
        }
        return null;
    }
}
