package id.onyx.obdp.server.security.authentication.kerberos;

import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.security.authentication.AmbariAuthenticationException;
import id.onyx.obdp.server.security.authentication.OBDPAuthenticationEventHandler;
import id.onyx.obdp.server.security.authentication.OBDPAuthenticationFilter;
import id.onyx.obdp.server.security.authentication.tproxy.TrustedProxyAuthenticationDetailsSource;
import id.onyx.obdp.server.utils.RequestUtils;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

@Component
@Order(2)
/* loaded from: input_file:id/onyx/obdp/server/security/authentication/kerberos/OBDPKerberosAuthenticationFilter.class */
public class OBDPKerberosAuthenticationFilter extends SpnegoAuthenticationProcessingFilter implements OBDPAuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(OBDPKerberosAuthenticationFilter.class);
    private final OBDPAuthenticationEventHandler eventHandler;
    private final boolean kerberosAuthenticationEnabled;

    public OBDPKerberosAuthenticationFilter(AuthenticationManager authenticationManager, final AuthenticationEntryPoint authenticationEntryPoint, Configuration configuration, final OBDPAuthenticationEventHandler oBDPAuthenticationEventHandler) {
        AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties = configuration == null ? null : configuration.getKerberosAuthenticationProperties();
        this.kerberosAuthenticationEnabled = kerberosAuthenticationProperties != null && kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
        if (oBDPAuthenticationEventHandler == null) {
            throw new IllegalArgumentException("The OBDPAuthenticationEventHandler must not be null");
        }
        this.eventHandler = oBDPAuthenticationEventHandler;
        setAuthenticationManager(authenticationManager);
        setAuthenticationDetailsSource(new TrustedProxyAuthenticationDetailsSource());
        setFailureHandler(new AuthenticationFailureHandler() { // from class: id.onyx.obdp.server.security.authentication.kerberos.OBDPKerberosAuthenticationFilter.1
            public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
                oBDPAuthenticationEventHandler.onUnsuccessfulAuthentication(OBDPKerberosAuthenticationFilter.this, httpServletRequest, httpServletResponse, authenticationException instanceof AmbariAuthenticationException ? (AmbariAuthenticationException) authenticationException : new AmbariAuthenticationException(null, authenticationException.getLocalizedMessage(), false, authenticationException));
                authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
            }
        });
        setSuccessHandler(new AuthenticationSuccessHandler() { // from class: id.onyx.obdp.server.security.authentication.kerberos.OBDPKerberosAuthenticationFilter.2
            public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                oBDPAuthenticationEventHandler.onSuccessfulAuthentication(OBDPKerberosAuthenticationFilter.this, httpServletRequest, httpServletResponse, authentication);
            }
        });
    }

    @Override // id.onyx.obdp.server.security.authentication.OBDPAuthenticationFilter
    public boolean shouldApply(HttpServletRequest httpServletRequest) {
        String header;
        if (LOG.isDebugEnabled()) {
            RequestUtils.logRequestHeadersAndQueryParams(httpServletRequest, LOG);
        }
        return this.kerberosAuthenticationEnabled && (header = httpServletRequest.getHeader("Authorization")) != null && (header.startsWith("Negotiate ") || header.startsWith("Kerberos "));
    }

    @Override // id.onyx.obdp.server.security.authentication.OBDPAuthenticationFilter
    public boolean shouldIncrementFailureCount() {
        return false;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (this.eventHandler != null) {
            this.eventHandler.beforeAttemptAuthentication(this, httpServletRequest, httpServletResponse);
        }
        super.doFilter(httpServletRequest, httpServletResponse, filterChain);
    }
}
