package org.apache.hadoop.security.authentication.server;

import io.hops.hadoop.shaded.javax.servlet.ServletException;
import io.hops.hadoop.shaded.javax.servlet.http.HttpServletRequest;
import io.hops.hadoop.shaded.javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import sun.security.x509.X500Name;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.11-EE-RC0.jar:org/apache/hadoop/security/authentication/server/HopsX509AuthenticationHandler.class */
public class HopsX509AuthenticationHandler implements AuthenticationHandler {
    public static final String TYPE = "hops.x509";
    private static final Pattern HOPSWORKS_PROJECT_USERNAME = Pattern.compile(".+__.+");
    private final String type;

    public HopsX509AuthenticationHandler() {
        this(TYPE);
    }

    public HopsX509AuthenticationHandler(String str) {
        this.type = str;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public String getType() {
        return this.type;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void init(Properties properties) throws ServletException {
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public void destroy() {
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public boolean managementOperation(AuthenticationToken authenticationToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        return true;
    }

    @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
    public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
        String str;
        X500Name x500Name = new X500Name(getPeerX509Certificate(httpServletRequest).getSubjectX500Principal().getName("RFC2253"));
        String locality = x500Name.getLocality();
        String commonName = x500Name.getCommonName();
        Matcher matcher = null;
        if (commonName != null) {
            matcher = HOPSWORKS_PROJECT_USERNAME.matcher(commonName);
        }
        if (locality == null && matcher != null && matcher.matches()) {
            str = commonName;
        } else {
            if (locality == null) {
                throw new AuthenticationException("Could not authenticate user from x509 Subject " + x500Name.toString());
            }
            str = locality;
        }
        return new AuthenticationToken(str, str, getType());
    }

    private X509Certificate getPeerX509Certificate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("io.hops.hadoop.shaded.javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new AuthenticationException("HTTP request does not contain peer certificate");
        }
        return x509CertificateArr[0];
    }
}
