package org.apache.drill.exec.server.rest.auth;

import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.drill.exec.planner.sql.parser.impl.DrillParserImplConstants;
import org.apache.drill.exec.server.rest.WebServerConstants;
import org.apache.parquet.Strings;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.authentication.SessionAuthentication;
import org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/server/rest/auth/DrillSpnegoAuthenticator.class */
public class DrillSpnegoAuthenticator extends SpnegoAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(DrillSpnegoAuthenticator.class);

    public DrillSpnegoAuthenticator(String str) {
        super(str);
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Authentication authentication = (Authentication) httpServletRequest.getSession(true).getAttribute("org.eclipse.jetty.security.UserIdentity");
        String requestURI = httpServletRequest.getRequestURI();
        boolean z2 = z || requestURI.equals(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH);
        if (authentication == null) {
            return authenticateSession(servletRequest, servletResponse, z2);
        }
        if (requestURI.equals(WebServerConstants.LOGOUT_RESOURCE_PATH)) {
            return null;
        }
        return authentication;
    }

    private Authentication authenticateSession(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        UserIdentity login;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(true);
        if (!z) {
            return new DeferredAuthentication(this);
        }
        String header = httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString());
        if (header == null) {
            try {
                if (DeferredAuthentication.isDeferred(httpServletResponse)) {
                    return Authentication.UNAUTHENTICATED;
                }
                httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
                httpServletResponse.sendError(DrillParserImplConstants.PARAMETER);
                logger.debug("DrillSpnegoAuthenticator: Sending challenge to client {}", httpServletRequest.getRemoteAddr());
                return Authentication.SEND_CONTINUE;
            } catch (IOException e) {
                logger.error("DrillSpnegoAuthenticator: Failed while sending challenge to client {}", httpServletRequest.getRemoteAddr(), e);
                throw new ServerAuthException(e);
            }
        }
        logger.debug("DrillSpnegoAuthenticator: Received NEGOTIATE Response back from client {}", httpServletRequest.getRemoteAddr());
        String asString = HttpHeader.NEGOTIATE.asString();
        if (!header.startsWith(asString) || (login = login(null, header.substring(asString.length() + 1), servletRequest)) == null) {
            logger.debug("DrillSpnegoAuthenticator: Authentication failed for client session: {}", httpServletRequest.getRemoteAddr());
            return Authentication.UNAUTHENTICATED;
        }
        String str = (String) session.getAttribute("org.eclipse.jetty.security.form_URI");
        if (Strings.isNullOrEmpty(str)) {
            str = httpServletRequest.getContextPath();
            if (Strings.isNullOrEmpty(str)) {
                str = WebServerConstants.WEBSERVER_ROOT_PATH;
            }
        }
        servletResponse.setContentLength(0);
        Request baseRequest = Request.getBaseRequest(httpServletRequest);
        try {
            baseRequest.getResponse().sendRedirect(baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? DrillParserImplConstants.LAST_VALUE : DrillParserImplConstants.LATERAL, httpServletResponse.encodeRedirectURL(str));
            logger.debug("DrillSpnegoAuthenticator: Successfully authenticated this client session: {}", login.getUserPrincipal().getName());
            return new UserAuthentication(getAuthMethod(), login);
        } catch (IOException e2) {
            logger.error("DrillSpnegoAuthenticator: Failed while using the redirect URL {} from client {}", new Object[]{str, httpServletRequest.getRemoteAddr(), e2});
            throw new ServerAuthException(e2);
        }
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        UserIdentity login = super.login(str, obj, servletRequest);
        if (login != null) {
            ((HttpServletRequest) servletRequest).getSession(true).setAttribute("org.eclipse.jetty.security.UserIdentity", new SessionAuthentication(getAuthMethod(), login, obj));
        }
        return login;
    }
}
