package com.datastax.bdp.dsefs.auth;

import com.cloudera.alfredo.client.KerberosAuthenticator;
import com.datastax.bdp.cassandra.auth.http.DseAuthenticationFilter;
import com.datastax.bdp.cassandra.auth.http.DseHttpKerberosAuthenticationFilter;
import com.datastax.bdp.dsefs.auth.webhdfs.alfredo.EmptyConfig;
import com.datastax.bdp.dsefs.auth.webhdfs.alfredo.HttpServletRequestAdapter;
import com.datastax.bdp.dsefs.auth.webhdfs.alfredo.HttpServletResponseAdapter;
import com.datastax.bdp.dsefs.auth.webhdfs.alfredo.ReachableFilterChain;
import com.datastax.bdp.fs.rest.IllegalRestParamException;
import com.datastax.bdp.fs.rest.IllegalRestParamException$;
import com.datastax.bdp.fs.rest.server.auth.AuthenticatedUser;
import com.datastax.bdp.fs.rest.server.auth.DelegationTokenManager;
import com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider;
import com.datastax.bdp.fs.rest.util.NettyHttpUtil$;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpRequest;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpResponse;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpResponseStatus;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.HttpUtil;
import com.datastax.bdp.fs.shaded.io.netty.handler.codec.http.QueryStringDecoder;
import com.datastax.dse.byos.shade.com.google.common.base.Strings;
import com.typesafe.scalalogging.Logger;
import com.typesafe.scalalogging.Logger$;
import com.typesafe.scalalogging.StrictLogging;
import java.net.InetSocketAddress;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.slf4j.LoggerFactory;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.collection.JavaConversions$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Either;

/* compiled from: WebHdfsRestServerAuthProvider.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\rf\u0001B\u0001\u0003\u00015\u0011QdV3c\u0011\u001247OU3tiN+'O^3s\u0003V$\b\u000e\u0015:pm&$WM\u001d\u0006\u0003\u0007\u0011\tA!Y;uQ*\u0011QAB\u0001\u0006IN,gm\u001d\u0006\u0003\u000f!\t1A\u00193q\u0015\tI!\"\u0001\u0005eCR\f7\u000f^1y\u0015\u0005Y\u0011aA2p[\u000e\u00011\u0003\u0002\u0001\u000f)}\u0001\"a\u0004\n\u000e\u0003AQ\u0011!E\u0001\u0006g\u000e\fG.Y\u0005\u0003'A\u0011a!\u00118z%\u00164\u0007CA\u000b\u001e\u001b\u00051\"BA\u0002\u0018\u0015\tA\u0012$\u0001\u0004tKJ4XM\u001d\u0006\u00035m\tAA]3ti*\u0011ADB\u0001\u0003MNL!A\b\f\u0003-I+7\u000f^*feZ,'/Q;uQB\u0013xN^5eKJ\u0004\"\u0001I\u0013\u000e\u0003\u0005R!AI\u0012\u0002\u0019M\u001c\u0017\r\\1m_\u001e<\u0017N\\4\u000b\u0005\u0011R\u0011\u0001\u0003;za\u0016\u001c\u0018MZ3\n\u0005\u0019\n#!D*ue&\u001cG\u000fT8hO&tw\r\u0003\u0005)\u0001\t\u0005\t\u0015!\u0003*\u00035\u0011X-\\8uK\u0006#GM]3tgB\u0011!fL\u0007\u0002W)\u0011A&L\u0001\u0004]\u0016$(\"\u0001\u0018\u0002\t)\fg/Y\u0005\u0003a-\u0012\u0011#\u00138fiN{7m[3u\u0003\u0012$'/Z:t\u0011!\u0011\u0004A!A!\u0002\u0013I\u0013\u0001\u00047pG\u0006d\u0017\t\u001a3sKN\u001c\b\u0002\u0003\u001b\u0001\u0005\u0003\u0005\u000b\u0011B\u001b\u0002\u0019Q|7.\u001a8NC:\fw-\u001a:\u0011\u0005U1\u0014BA\u001c\u0017\u0005Y!U\r\\3hCRLwN\u001c+pW\u0016tW*\u00198bO\u0016\u0014\b\"B\u001d\u0001\t\u0003Q\u0014A\u0002\u001fj]&$h\b\u0006\u0003<{yz\u0004C\u0001\u001f\u0001\u001b\u0005\u0011\u0001\"\u0002\u00159\u0001\u0004I\u0003\"\u0002\u001a9\u0001\u0004I\u0003\"\u0002\u001b9\u0001\u0004)\u0004\"B!\u0001\t\u0003\u0012\u0015AB:dQ\u0016lW-F\u0001D!\t!uI\u0004\u0002\u0010\u000b&\u0011a\tE\u0001\u0007!J,G-\u001a4\n\u0005!K%AB*ue&twM\u0003\u0002G!!)1\n\u0001C!\u0005\u0006I1\r[1mY\u0016tw-\u001a\u0005\t\u001b\u0002A)\u0019!C\u0005\u001d\u0006a1\u000f\u001d8fO>4\u0015\u000e\u001c;feV\tq\n\u0005\u0002Q-6\t\u0011K\u0003\u0002S'\u0006!\u0001\u000e\u001e;q\u0015\t\u0019AK\u0003\u0002V\r\u0005I1-Y:tC:$'/Y\u0005\u0003/F\u00131\u0005R:f\u0011R$\boS3sE\u0016\u0014xn]!vi\",g\u000e^5dCRLwN\u001c$jYR,'\u000f\u0003\u0005Z\u0001!\u0005\t\u0015)\u0003P\u00035\u0019\bO\\3h_\u001aKG\u000e^3sA!91\f\u0001a\u0001\n\u0013a\u0016\u0001\b:fgB|gn]3BkRDWM\u001c;jG\u0006$\u0018n\u001c8IK\u0006$WM]\u000b\u0002;B\u0019qBX\"\n\u0005}\u0003\"AB(qi&|g\u000eC\u0004b\u0001\u0001\u0007I\u0011\u00022\u0002AI,7\u000f]8og\u0016\fU\u000f\u001e5f]RL7-\u0019;j_:DU-\u00193fe~#S-\u001d\u000b\u0003G\u001a\u0004\"a\u00043\n\u0005\u0015\u0004\"\u0001B+oSRDqa\u001a1\u0002\u0002\u0003\u0007Q,A\u0002yIEBa!\u001b\u0001!B\u0013i\u0016!\b:fgB|gn]3BkRDWM\u001c;jG\u0006$\u0018n\u001c8IK\u0006$WM\u001d\u0011\t\u000f-\u0004\u0001\u0019!C\u0005Y\u0006y!/Z:q_:\u001cXmQ8pW&,7/F\u0001n!\rqgo\u0011\b\u0003_Rt!\u0001]:\u000e\u0003ET!A\u001d\u0007\u0002\rq\u0012xn\u001c;?\u0013\u0005\t\u0012BA;\u0011\u0003\u001d\u0001\u0018mY6bO\u0016L!a\u001e=\u0003\u0007M+\u0017O\u0003\u0002v!!9!\u0010\u0001a\u0001\n\u0013Y\u0018a\u0005:fgB|gn]3D_>\\\u0017.Z:`I\u0015\fHCA2}\u0011\u001d9\u00170!AA\u00025DaA \u0001!B\u0013i\u0017\u0001\u0005:fgB|gn]3D_>\\\u0017.Z:!\u0011\u001d\t\t\u0001\u0001C\u0005\u0003\u0007\tqcY8oi\u0006Lgn\u001d#fY\u0016<\u0017\r^5p]R{7.\u001a8\u0015\t\u0005\u0015\u00111\u0002\t\u0004\u001f\u0005\u001d\u0011bAA\u0005!\t9!i\\8mK\u0006t\u0007bBA\u0007\u007f\u0002\u0007\u0011qB\u0001\be\u0016\fX/Z:u!\u0011\t\t\"!\n\u000e\u0005\u0005M!b\u0001*\u0002\u0016)!\u0011qCA\r\u0003\u0015\u0019w\u000eZ3d\u0015\u0011\tY\"!\b\u0002\u000f!\fg\u000e\u001a7fe*!\u0011qDA\u0011\u0003\u0015qW\r\u001e;z\u0015\t\t\u0019#\u0001\u0002j_&!\u0011qEA\n\u0005-AE\u000f\u001e9SKF,Xm\u001d;\t\u000f\u0005-\u0002\u0001\"\u0003\u0002.\u0005!2m\u001c8uC&t7o\u00159oK\u001e|\u0007*Z1eKJ$B!!\u0002\u00020!A\u0011QBA\u0015\u0001\u0004\ty\u0001C\u0004\u00024\u0001!\t%!\u000e\u0002\u0013\r\fg\u000eS1oI2,G\u0003BA\u0003\u0003oA\u0001\"!\u0004\u00022\u0001\u0007\u0011q\u0002\u0005\b\u0003w\u0001A\u0011BA\u001f\u0003I\tW\u000f\u001e5f]RL7-\u0019;f'BtWmZ8\u0015\t\u0005}\u0012q\f\t\u0007\u0003\u0003\n9%a\u0013\u000e\u0005\u0005\r#bAA#!\u0005Q1m\u001c8dkJ\u0014XM\u001c;\n\t\u0005%\u00131\t\u0002\u0007\rV$XO]3\u0011\u000f9\fi%!\u0015\u0002X%\u0019\u0011q\n=\u0003\r\u0015KG\u000f[3s!\u0011\t\t\"a\u0015\n\t\u0005U\u00131\u0003\u0002\r\u0011R$\bOU3ta>t7/\u001a\t\u0005\u001fy\u000bI\u0006E\u0002\u0016\u00037J1!!\u0018\u0017\u0005E\tU\u000f\u001e5f]RL7-\u0019;fIV\u001bXM\u001d\u0005\t\u0003\u001b\tI\u00041\u0001\u0002\u0010!9\u00111\r\u0001\u0005\n\u0005\u0015\u0014aG1vi\",g\u000e^5dCR,G)\u001a7fO\u0006$\u0018n\u001c8U_.,g\u000e\u0006\u0003\u0002@\u0005\u001d\u0004\u0002CA\u0007\u0003C\u0002\r!a\u0004\t\u000f\u0005-\u0004\u0001\"\u0011\u0002n\u0005a\u0011-\u001e;iK:$\u0018nY1uKR!\u0011qHA8\u0011!\ti!!\u001bA\u0002\u0005=\u0001bBA:\u0001\u0011\u0005\u0013QO\u0001\u000eCR$\u0018m\u00195IK\u0006$WM]:\u0015\t\u0005\u0015\u0011q\u000f\u0005\t\u0003s\n\t\b1\u0001\u0002R\u0005A!/Z:q_:\u001cX\rC\u0004\u0002~\u0001!\t%a \u0002KMDw.\u001e7e%\u0016lwN^3Ge>l\u0007+\u001b9fY&tWm\u00148BkRD7+^2dKN\u001cXCAA\u0003\u000f\u001d\t\u0019I\u0001E\u0001\u0003\u000b\u000bQdV3c\u0011\u001247OU3tiN+'O^3s\u0003V$\b\u000e\u0015:pm&$WM\u001d\t\u0004y\u0005\u001deAB\u0001\u0003\u0011\u0003\tIiE\u0002\u0002\b:Aq!OAD\t\u0003\ti\t\u0006\u0002\u0002\u0006\"Q\u0011\u0011SAD\u0005\u0004%I!a%\u0002'\u0011+G.Z4bi&|g\u000eU1sC6t\u0015-\\3\u0016\u0005\u0005U\u0005\u0003BAL\u0003;k!!!'\u000b\u0007\u0005mU&\u0001\u0003mC:<\u0017b\u0001%\u0002\u001a\"I\u0011\u0011UADA\u0003%\u0011QS\u0001\u0015\t\u0016dWmZ1uS>t\u0007+\u0019:b[:\u000bW.\u001a\u0011")
/* loaded from: input_file:com/datastax/bdp/dsefs/auth/WebHdfsRestServerAuthProvider.class */
public class WebHdfsRestServerAuthProvider implements RestServerAuthProvider, StrictLogging {
    private final InetSocketAddress remoteAddress;
    private final InetSocketAddress localAddress;
    private final DelegationTokenManager tokenManager;
    private DseHttpKerberosAuthenticationFilter spnegoFilter;
    private Option<String> responseAuthenticationHeader;
    private Seq<String> responseCookies;
    private final Logger logger;
    private volatile boolean bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private DseHttpKerberosAuthenticationFilter spnegoFilter$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                DseHttpKerberosAuthenticationFilter dseHttpKerberosAuthenticationFilter = new DseHttpKerberosAuthenticationFilter();
                dseHttpKerberosAuthenticationFilter.init(DseAuthenticationFilter.kerberosAuthenticationFilterConfig(new EmptyConfig()));
                this.spnegoFilter = dseHttpKerberosAuthenticationFilter;
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.spnegoFilter;
        }
    }

    @Override // com.typesafe.scalalogging.StrictLogging
    public Logger logger() {
        return this.logger;
    }

    @Override // com.typesafe.scalalogging.StrictLogging
    public void com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger logger) {
        this.logger = logger;
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public String scheme() {
        return KerberosAuthenticator.NEGOTIATE;
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public String challenge() {
        return scheme();
    }

    private DseHttpKerberosAuthenticationFilter spnegoFilter() {
        return this.bitmap$0 ? this.spnegoFilter : spnegoFilter$lzycompute();
    }

    private Option<String> responseAuthenticationHeader() {
        return this.responseAuthenticationHeader;
    }

    private void responseAuthenticationHeader_$eq(Option<String> option) {
        this.responseAuthenticationHeader = option;
    }

    private Seq<String> responseCookies() {
        return this.responseCookies;
    }

    private void responseCookies_$eq(Seq<String> seq) {
        this.responseCookies = seq;
    }

    private boolean containsDelegationToken(HttpRequest httpRequest) {
        return httpRequest.uri().contains(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", "="})).s(Predef$.MODULE$.genericWrapArray(new Object[]{WebHdfsRestServerAuthProvider$.MODULE$.com$datastax$bdp$dsefs$auth$WebHdfsRestServerAuthProvider$$DelegationParamName()})));
    }

    private boolean containsSpnegoHeader(HttpRequest httpRequest) {
        return NettyHttpUtil$.MODULE$.containsAuthenticationScheme(httpRequest, scheme());
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public boolean canHandle(HttpRequest httpRequest) {
        return containsDelegationToken(httpRequest) || containsSpnegoHeader(httpRequest);
    }

    private Future<Either<HttpResponse, Option<AuthenticatedUser>>> authenticateSpnego(HttpRequest httpRequest) {
        ServletRequest httpServletRequestAdapter = new HttpServletRequestAdapter(httpRequest, this.localAddress, this.remoteAddress);
        ServletResponse httpServletResponseAdapter = new HttpServletResponseAdapter(HttpUtil.isKeepAlive(httpRequest));
        ReachableFilterChain reachableFilterChain = new ReachableFilterChain();
        spnegoFilter().doFilter(httpServletRequestAdapter, httpServletResponseAdapter, reachableFilterChain);
        if (httpServletResponseAdapter.isCommitted() || !reachableFilterChain.isReached()) {
            return Future$.MODULE$.successful(package$.MODULE$.Left().apply(httpServletResponseAdapter.response()));
        }
        if (logger().underlying().isDebugEnabled()) {
            logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Successfully authenticated spnego user ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{reachableFilterChain.authenticatedUser().name()})));
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        responseAuthenticationHeader_$eq(new Some(reachableFilterChain.authenticateHeader()));
        responseCookies_$eq(reachableFilterChain.cookies());
        return Future$.MODULE$.successful(package$.MODULE$.Right().apply(new Some(reachableFilterChain.authenticatedUser())));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Future<Either<HttpResponse, Option<AuthenticatedUser>>> authenticateDelegationToken(HttpRequest httpRequest) {
        try {
            String str = (String) JavaConversions$.MODULE$.asScalaBuffer(new QueryStringDecoder(httpRequest.uri()).parameters().get(WebHdfsRestServerAuthProvider$.MODULE$.com$datastax$bdp$dsefs$auth$WebHdfsRestServerAuthProvider$$DelegationParamName())).mo8570head();
            if (Strings.isNullOrEmpty(str)) {
                throw new IllegalRestParamException(WebHdfsRestServerAuthProvider$.MODULE$.com$datastax$bdp$dsefs$auth$WebHdfsRestServerAuthProvider$$DelegationParamName(), str, IllegalRestParamException$.MODULE$.$lessinit$greater$default$3());
            }
            this.tokenManager.verifyDelegationToken(str);
            String extractUserName = this.tokenManager.extractUserName(str);
            AuthenticatedUser dsefsUser = RestAuthUtil$.MODULE$.toDsefsUser(new org.apache.cassandra.auth.AuthenticatedUser(extractUserName));
            if (logger().underlying().isDebugEnabled()) {
                logger().underlying().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Successfully authenticated delegation token user ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{extractUserName})));
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            responseAuthenticationHeader_$eq(None$.MODULE$);
            responseCookies_$eq((Seq) Seq$.MODULE$.empty());
            return Future$.MODULE$.successful(package$.MODULE$.Right().apply(new Some(dsefsUser)));
        } catch (Throwable th) {
            if (logger().underlying().isWarnEnabled()) {
                logger().underlying().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Authentication failed ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{httpRequest.uri()})), th);
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            return Future$.MODULE$.successful(package$.MODULE$.Left().apply(NettyHttpUtil$.MODULE$.emptyHttpResponse(httpRequest, HttpResponseStatus.UNAUTHORIZED)));
        }
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public Future<Either<HttpResponse, Option<AuthenticatedUser>>> authenticate(HttpRequest httpRequest) {
        try {
            return containsDelegationToken(httpRequest) ? authenticateDelegationToken(httpRequest) : authenticateSpnego(httpRequest);
        } catch (Throwable th) {
            if (logger().underlying().isErrorEnabled()) {
                logger().underlying().error(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Error during request ", " authentication"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{httpRequest.uri()})), th);
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            return Future$.MODULE$.successful(package$.MODULE$.Left().apply(NettyHttpUtil$.MODULE$.emptyHttpResponse(httpRequest, HttpResponseStatus.INTERNAL_SERVER_ERROR)));
        }
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public boolean attachHeaders(HttpResponse httpResponse) {
        responseAuthenticationHeader().foreach(new WebHdfsRestServerAuthProvider$$anonfun$attachHeaders$1(this, httpResponse));
        responseCookies().foreach(new WebHdfsRestServerAuthProvider$$anonfun$attachHeaders$2(this, httpResponse));
        return responseCookies().nonEmpty() || responseAuthenticationHeader().nonEmpty();
    }

    @Override // com.datastax.bdp.fs.rest.server.auth.RestServerAuthProvider
    public boolean shouldRemoveFromPipelineOnAuthSuccess() {
        return false;
    }

    public WebHdfsRestServerAuthProvider(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, DelegationTokenManager delegationTokenManager) {
        this.remoteAddress = inetSocketAddress;
        this.localAddress = inetSocketAddress2;
        this.tokenManager = delegationTokenManager;
        RestServerAuthProvider.Cclass.$init$(this);
        com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger$.MODULE$.apply(LoggerFactory.getLogger(getClass().getName())));
        this.responseAuthenticationHeader = None$.MODULE$;
        this.responseCookies = (Seq) Seq$.MODULE$.empty();
    }
}
