package _ss_com.streamsets.datacollector.http;

import _ss_com.streamsets.datacollector.main.RuntimeInfo;
import _ss_com.streamsets.datacollector.util.Configuration;
import _ss_com.streamsets.lib.security.http.CORSConstants;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.security.authentication.SessionAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
import org.eclipse.jetty.util.URIUtil;

/* loaded from: input_file:_ss_com/streamsets/datacollector/http/ProxyAuthenticator.class */
public class ProxyAuthenticator extends LoginAuthenticator {
    private final RuntimeInfo runtimeInfo;
    private final LoginAuthenticator authenticator;
    private final Configuration conf;
    public static final String AUTH_TOKEN = "auth_token";
    public static final String AUTH_USER = "auth_user";
    private static final String TOKEN_AUTHENTICATION_USER_NAME = "admin";

    public ProxyAuthenticator(LoginAuthenticator loginAuthenticator, RuntimeInfo runtimeInfo, Configuration configuration) {
        this.authenticator = loginAuthenticator;
        this.runtimeInfo = runtimeInfo;
        this.conf = configuration;
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator, org.eclipse.jetty.security.Authenticator
    public void prepareRequest(ServletRequest servletRequest) {
        super.prepareRequest(servletRequest);
        this.authenticator.prepareRequest(servletRequest);
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator
    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        return this.authenticator.login(str, obj, servletRequest);
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator, org.eclipse.jetty.security.Authenticator
    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        super.setConfiguration(authConfiguration);
        this.authenticator.setConfiguration(authConfiguration);
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator
    public LoginService getLoginService() {
        return this.authenticator.getLoginService();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator
    public HttpSession renewSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return super.renewSession(httpServletRequest, httpServletResponse);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return this.authenticator.getAuthMethod();
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return this.authenticator.secureResponse(servletRequest, servletResponse, z, user);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        String decode;
        int indexOf;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(true);
        Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
        if ("OPTIONS".equals(httpServletRequest.getMethod())) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", this.conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_ORIGIN, "*"));
            httpServletResponse.setHeader("Access-Control-Allow-Headers", this.conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_HEADERS, CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_HEADERS_DEFAULT));
            httpServletResponse.setHeader("Access-Control-Allow-Methods", this.conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_METHODS, CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_METHODS_DEFAULT));
            return Authentication.SEND_SUCCESS;
        }
        if (authentication == null) {
            String header = httpServletRequest.getHeader(AUTH_TOKEN);
            String header2 = httpServletRequest.getHeader(AUTH_USER);
            if (header == null) {
                header = httpServletRequest.getParameter(AUTH_TOKEN);
                header2 = httpServletRequest.getParameter(AUTH_USER);
                if (header2 == null) {
                    header2 = "admin";
                }
            }
            if (header != null && this.runtimeInfo.isValidAuthenticationToken(header)) {
                session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, new SessionAuthentication(getAuthMethod(), ((HashLoginService) getLoginService()).getUsers().get(header2), null));
            }
            if (this.authenticator instanceof FormAuthenticator) {
                String header3 = httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString());
                if (header3 != null) {
                    int indexOf2 = header3.indexOf(32);
                    if (indexOf2 > 0 && "basic".equalsIgnoreCase(header3.substring(0, indexOf2)) && (indexOf = (decode = B64Code.decode(header3.substring(indexOf2 + 1), StandardCharsets.ISO_8859_1)).indexOf(58)) > 0) {
                        UserIdentity login = login(decode.substring(0, indexOf), decode.substring(indexOf + 1), httpServletRequest);
                        if (login == null) {
                            try {
                                httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + this._loginService.getName() + '\"');
                                httpServletResponse.sendError(401);
                                return Authentication.SEND_CONTINUE;
                            } catch (IOException e) {
                                throw new ServerAuthException(e);
                            }
                        }
                        session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, new SessionAuthentication(getAuthMethod(), login, null));
                    }
                } else if (FormAuthenticator.__J_SECURITY_CHECK.equals(httpServletRequest.getPathInfo())) {
                    String parameter = httpServletRequest.getParameter("basePath");
                    if (parameter == null || parameter.trim().length() == 0) {
                        parameter = URIUtil.SLASH;
                    }
                    String str = (String) session.getAttribute(FormAuthenticator.__J_URI);
                    if ((str != null && (str.contains("rest/v1/") || str.contains("jmx"))) || !parameter.equals(URIUtil.SLASH)) {
                        session.setAttribute(FormAuthenticator.__J_URI, parameter);
                    }
                }
            }
        }
        return this.authenticator.validateRequest(servletRequest, servletResponse, z);
    }
}
