package org.apache.solr.servlet.authentication;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import org.apache.hadoop.security.authentication.server.AuthenticationHandler;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.util.StringUtils;
import org.apache.http.HttpStatus;
import org.apache.http.client.params.AuthPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/solr-core-4.10.3-cdh5.15.0.jar:org/apache/solr/servlet/authentication/MultiSchemeAuthenticationHandler.class */
public class MultiSchemeAuthenticationHandler implements AuthenticationHandler {
    public static final String SCHEMES_PROPERTY = "multi-scheme-auth-handler.schemes";
    public static final String AUTH_HANDLER_PROPERTY = "multi-scheme-auth-handler.schemes.%s.handler";
    private final Map<String, AuthenticationHandler> schemeToAuthHandlerMapping;
    private final String authType;
    public static final String TYPE = "multi-auth-handler";
    private static Logger LOG = LoggerFactory.getLogger(MultiSchemeAuthenticationHandler.class);
    public static final Collection<String> SUPPORTED_HTTP_AUTH_SCHEMES = Arrays.asList("Basic", KerberosAuthenticator.NEGOTIATE, AuthPolicy.DIGEST);
    private static Collection<String> types = null;

    public MultiSchemeAuthenticationHandler() {
        this(TYPE);
    }

    public MultiSchemeAuthenticationHandler(String str) {
        this.schemeToAuthHandlerMapping = new HashMap();
        this.authType = str;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public String getType() {
        return this.authType;
    }

    public static Collection<String> getTypes() {
        return types;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
        for (Object obj : properties.keySet()) {
            LOG.debug("{} : {}", obj, properties.get(obj));
        }
        types = new HashSet();
        for (String str : properties.getProperty(SCHEMES_PROPERTY).split(StringUtils.COMMA_STR)) {
            if (!SUPPORTED_HTTP_AUTH_SCHEMES.contains(str)) {
                throw new IllegalArgumentException("Unsupported HTTP authentication scheme " + str + " . Supported schemes are " + SUPPORTED_HTTP_AUTH_SCHEMES);
            }
            if (this.schemeToAuthHandlerMapping.containsKey(str)) {
                throw new IllegalArgumentException("Handler is already specified for " + str + " authentication scheme.");
            }
            String property = properties.getProperty(String.format(Locale.ENGLISH, AUTH_HANDLER_PROPERTY, str).toLowerCase(Locale.ENGLISH));
            Preconditions.checkNotNull(property, "No auth handler configured for scheme %s.", str);
            AuthenticationHandler initializeAuthHandler = initializeAuthHandler(getAuthenticationHandlerClassName(property), properties);
            this.schemeToAuthHandlerMapping.put(str, initializeAuthHandler);
            types.add(initializeAuthHandler.getType());
        }
        LOG.info("Successfully initialized MultiSchemeAuthenticationHandler");
    }

    protected String getAuthenticationHandlerClassName(String str) {
        Preconditions.checkNotNull(str);
        return str.toLowerCase(Locale.ENGLISH).equals("simple") ? PseudoAuthenticationHandler.class.getName() : str.toLowerCase(Locale.ENGLISH).equals(KerberosAuthenticationHandler.TYPE) ? KerberosAuthenticationHandler.class.getName() : str.toLowerCase(Locale.ENGLISH).equals(LdapAuthenticationHandler.TYPE) ? LdapAuthenticationHandler.class.getName() : str;
    }

    protected AuthenticationHandler initializeAuthHandler(String str, Properties properties) throws ServletException {
        try {
            Preconditions.checkNotNull(str);
            LOG.debug("Initializing Authentication handler of type " + str);
            AuthenticationHandler authenticationHandler = (AuthenticationHandler) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
            authenticationHandler.init(properties);
            LOG.info("Successfully initialized Authentication handler of type " + str);
            return authenticationHandler;
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            LOG.error("Failed to initialize authentication handler " + str, e);
            throw new ServletException(e);
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void destroy() {
        Iterator<AuthenticationHandler> it = this.schemeToAuthHandlerMapping.values().iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public boolean managementOperation(AuthenticationToken authenticationToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        return true;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            httpServletResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
            Iterator<String> it = this.schemeToAuthHandlerMapping.keySet().iterator();
            while (it.hasNext()) {
                httpServletResponse.addHeader("WWW-Authenticate", it.next());
            }
            return null;
        }
        for (String str : this.schemeToAuthHandlerMapping.keySet()) {
            if (header.startsWith(str)) {
                AuthenticationToken authenticate = this.schemeToAuthHandlerMapping.get(str).authenticate(httpServletRequest, httpServletResponse);
                LOG.debug("Token generated with type {}", authenticate.getType());
                return authenticate;
            }
        }
        return null;
    }
}
