package org.apache.hadoop.yarn.server.timeline.security;

import com.google.common.annotations.VisibleForTesting;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.http.FilterContainer;
import org.apache.hadoop.http.FilterInitializer;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticationHandler;
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;

/* loaded from: input_file:WEB-INF/lib/hadoop-yarn-server-applicationhistoryservice-2.6.0.jar:org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.class */
public class TimelineAuthenticationFilterInitializer extends FilterInitializer {
    public static final String PREFIX = "yarn.timeline-service.http-authentication.";
    private static final String SIGNATURE_SECRET_FILE = "signature.secret.file";

    @VisibleForTesting
    Map<String, String> filterConfig;

    public void initFilter(FilterContainer filterContainer, Configuration configuration) {
        this.filterConfig = new HashMap();
        this.filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");
        Iterator it = configuration.iterator();
        while (it.hasNext()) {
            String str = (String) ((Map.Entry) it.next()).getKey();
            if (str.startsWith("hadoop.proxyuser")) {
                this.filterConfig.put(str.substring("hadoop.".length()), configuration.get(str));
            }
        }
        Iterator it2 = configuration.iterator();
        while (it2.hasNext()) {
            String str2 = (String) ((Map.Entry) it2.next()).getKey();
            if (str2.startsWith(PREFIX)) {
                this.filterConfig.put(str2.substring(PREFIX.length()), configuration.get(str2));
            }
        }
        String str3 = this.filterConfig.get(SIGNATURE_SECRET_FILE);
        if (str3 != null) {
            FileReader fileReader = null;
            try {
                try {
                    StringBuilder sb = new StringBuilder();
                    fileReader = new FileReader(str3);
                    for (int read = fileReader.read(); read > -1; read = fileReader.read()) {
                        sb.append((char) read);
                    }
                    this.filterConfig.put(AuthenticationFilter.SIGNATURE_SECRET, sb.toString());
                    IOUtils.closeStream(fileReader);
                } catch (IOException e) {
                    throw new RuntimeException("Could not read HTTP signature secret file: " + str3);
                }
            } catch (Throwable th) {
                IOUtils.closeStream(fileReader);
                throw th;
            }
        }
        String str4 = this.filterConfig.get("type");
        if (str4.equals(PseudoAuthenticationHandler.TYPE)) {
            this.filterConfig.put("type", PseudoDelegationTokenAuthenticationHandler.class.getName());
        } else if (str4.equals(KerberosAuthenticationHandler.TYPE)) {
            this.filterConfig.put("type", KerberosDelegationTokenAuthenticationHandler.class.getName());
            String str5 = configuration.get("bind.address");
            String str6 = this.filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
            if (str6 != null) {
                try {
                    this.filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, SecurityUtil.getServerPrincipal(str6, str5));
                } catch (IOException e2) {
                    throw new RuntimeException("Could not resolve Kerberos principal name: " + e2.toString(), e2);
                }
            }
        }
        this.filterConfig.put("delegation-token.token-kind", TimelineDelegationTokenIdentifier.KIND_NAME.toString());
        filterContainer.addGlobalFilter("Timeline Authentication Filter", TimelineAuthenticationFilter.class.getName(), this.filterConfig);
    }
}
