package org.apache.zeppelin.realm.jwt;

import java.util.Iterator;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.zeppelin.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.class */
public class KnoxAuthenticationFilter extends FormAuthenticationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(KnoxAuthenticationFilter.class);

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        Boolean valueOf = Boolean.valueOf(super.isAccessAllowed(servletRequest, servletResponse, obj) || (!isLoginRequest(servletRequest, servletResponse) && isPermissive(obj)));
        if (valueOf.booleanValue()) {
            valueOf = false;
            KnoxJwtRealm knoxJwtRealm = null;
            Iterator it = SecurityUtils.getRealmsList().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof KnoxJwtRealm) {
                    knoxJwtRealm = (KnoxJwtRealm) next;
                    break;
                }
            }
            if (knoxJwtRealm != null) {
                Cookie[] cookies = ((ShiroHttpServletRequest) servletRequest).getCookies();
                int length = cookies.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Cookie cookie = cookies[i];
                    if (!cookie.getName().equals(knoxJwtRealm.getCookieName())) {
                        i++;
                    } else if (knoxJwtRealm.validateToken(cookie.getValue())) {
                        valueOf = true;
                    }
                }
            } else {
                LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html#knox-sso");
            }
        }
        return valueOf.booleanValue();
    }
}
