package com.datastax.bdp.cassandra.auth.http;

import com.cloudera.alfredo.client.KerberosAuthenticator;
import com.cloudera.alfredo.server.AuthenticationFilter;
import com.datastax.bdp.cassandra.auth.DseAuthenticationException;
import com.datastax.bdp.transport.server.KerberosServerUtils;
import java.io.IOException;
import java.net.InetSocketAddress;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.concurrent.TPCUtils;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.service.ClientState;
import org.apache.http.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/http/DseHttpKerberosAuthenticationFilter.class */
public class DseHttpKerberosAuthenticationFilter extends AuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DseHttpKerberosAuthenticationFilter.class);

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/http/DseHttpKerberosAuthenticationFilter$FilterChainWrapper.class */
    private static class FilterChainWrapper implements FilterChain {
        private final FilterChain underlyingFilterChain;

        private FilterChainWrapper(FilterChain filterChain) {
            this.underlyingFilterChain = filterChain;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (httpServletRequest.getMethod().toUpperCase().equals(KerberosAuthenticator.getAuthHttpMethod())) {
                return;
            }
            if (!DseAuthenticationFilter.isTrustedDseNode(httpServletRequest)) {
                try {
                    AuthenticatedUser userFromAuthzId = KerberosServerUtils.getUserFromAuthzId(httpServletRequest.getUserPrincipal().getName());
                    ClientState forExternalCalls = ClientState.forExternalCalls(InetSocketAddress.createUnresolved(httpServletRequest.getRemoteAddr(), httpServletRequest.getRemotePort()), null);
                    TPCUtils.blockingGet(forExternalCalls.login(userFromAuthzId));
                    servletRequest = new DseAuthenticatedHttpRequest(httpServletRequest, forExternalCalls);
                } catch (AuthenticationException e) {
                    DseHttpKerberosAuthenticationFilter.logger.info("Authentication error", (Throwable) e);
                    httpServletResponse.sendError(HttpStatus.SC_UNAUTHORIZED, DseAuthenticationException.reason);
                    return;
                }
            }
            this.underlyingFilterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        super.doFilter(servletRequest, servletResponse, new FilterChainWrapper(filterChain));
    }
}
