package org.apache.solr.security;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.security.Principal;
import java.util.Locale;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.AuthenticationHandler;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.security.PermissionNameProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/KerberosFilter.class */
public class KerberosFilter extends AuthenticationFilter {
    private final Locale defaultLocale = Locale.getDefault();
    private final CoreContainer coreContainer;
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

    public KerberosFilter(CoreContainer coreContainer) {
        this.coreContainer = coreContainer;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
    }

    protected void initializeAuthHandler(String str, FilterConfig filterConfig) throws ServletException {
        super.initializeAuthHandler(str, filterConfig);
        AuthenticationHandler authenticationHandler = getAuthenticationHandler();
        super.initializeAuthHandler(RequestContinuesRecorderAuthenticationHandler.class.getName(), filterConfig);
        ((RequestContinuesRecorderAuthenticationHandler) getAuthenticationHandler()).setAuthHandler(authenticationHandler);
    }

    protected void doFilter(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Locale.setDefault(this.defaultLocale);
        super.doFilter(filterChain, substituteOriginalUserRequest(httpServletRequest), httpServletResponse);
    }

    private HttpServletRequest substituteOriginalUserRequest(final HttpServletRequest httpServletRequest) {
        AuthorizationPlugin authorizationPlugin = this.coreContainer.getAuthorizationPlugin();
        if (authorizationPlugin instanceof RuleBasedAuthorizationPlugin) {
            RuleBasedAuthorizationPlugin ruleBasedAuthorizationPlugin = (RuleBasedAuthorizationPlugin) authorizationPlugin;
            if (httpServletRequest.getHeader("originalUserPrincipal") != null && ruleBasedAuthorizationPlugin.doesUserHavePermission(httpServletRequest.getUserPrincipal().getName(), PermissionNameProvider.Name.ALL)) {
                httpServletRequest = new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.solr.security.KerberosFilter.1
                    public Principal getUserPrincipal() {
                        final String header = httpServletRequest.getHeader("originalUserPrincipal");
                        KerberosFilter.log.info("Substituting user principal from {} to {}.", httpServletRequest.getUserPrincipal(), header);
                        return new Principal() { // from class: org.apache.solr.security.KerberosFilter.1.1
                            @Override // java.security.Principal
                            public String getName() {
                                return header;
                            }

                            @Override // java.security.Principal
                            public String toString() {
                                return header;
                            }
                        };
                    }
                };
            }
        }
        return httpServletRequest;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Locale.setDefault(Locale.US);
        super.doFilter(servletRequest, servletResponse, filterChain);
    }
}
