package org.apache.pulsar.broker.web;

import java.io.IOException;
import org.apache.pulsar.broker.authentication.AuthenticationDataHttps;
import org.apache.pulsar.broker.authentication.AuthenticationService;
import org.apache.pulsar.common.sasl.SaslConstants;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.Filter;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.FilterChain;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.FilterConfig;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.ServletException;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.ServletRequest;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.ServletResponse;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.http.HttpServletRequest;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/web/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private final AuthenticationService authenticationService;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationFilter.class);
    public static final String AuthenticatedRoleAttributeName = AuthenticationFilter.class.getName() + "-role";
    public static final String AuthenticatedDataAttributeName = AuthenticationFilter.class.getName() + "-data";

    public AuthenticationFilter(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    private boolean isSaslRequest(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getHeader(SaslConstants.SASL_HEADER_TYPE) == null || httpServletRequest.getHeader(SaslConstants.SASL_HEADER_TYPE).isEmpty() || !httpServletRequest.getHeader(SaslConstants.SASL_HEADER_TYPE).equalsIgnoreCase("Kerberos")) ? false : true;
    }

    @Override // org.apache.pulsar.functions.runtime.shaded.javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (isSaslRequest(httpServletRequest)) {
                if (this.authenticationService.getAuthenticationProvider(SaslConstants.AUTH_METHOD_NAME).authenticateHttpRequest(httpServletRequest, httpServletResponse)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                }
                return;
            }
            String authenticateHttpRequest = this.authenticationService.authenticateHttpRequest((HttpServletRequest) servletRequest);
            servletRequest.setAttribute(AuthenticatedRoleAttributeName, authenticateHttpRequest);
            servletRequest.setAttribute(AuthenticatedDataAttributeName, new AuthenticationDataHttps((HttpServletRequest) servletRequest));
            if (LOG.isDebugEnabled()) {
                LOG.debug("[{}] Authenticated HTTP request with role {}", servletRequest.getRemoteAddr(), authenticateHttpRequest);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Exception e) {
            ((HttpServletResponse) servletResponse).sendError(401, "Authentication required");
            LOG.warn("[{}] Failed to authenticate HTTP request: {}", servletRequest.getRemoteAddr(), e.getMessage());
        }
    }

    @Override // org.apache.pulsar.functions.runtime.shaded.javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // org.apache.pulsar.functions.runtime.shaded.javax.servlet.Filter
    public void destroy() {
    }
}
