package org.apache.hadoop.hive.common.auth;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.hadoop.hive.conf.MapRSecurityUtil;
import org.apache.hive.FipsUtil;
import org.apache.thrift.TConfiguration;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/common/auth/HiveAuthUtils.class */
public class HiveAuthUtils {
    private static final Logger LOG = LoggerFactory.getLogger(HiveAuthUtils.class);

    public static TTransport getSocketTransport(String str, int i, int i2) throws TTransportException {
        return new TSocket(new TConfiguration(), str, i, i2);
    }

    public static TTransport getSSLSocket(String str, int i, int i2, String str2, String str3, String str4) throws TTransportException {
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters(str4, (String[]) null);
        tSSLTransportParameters.setTrustStore(str2, str3, TrustManagerFactory.getDefaultAlgorithm(), KeyStore.getDefaultType());
        tSSLTransportParameters.requireClientAuth(true);
        return getSSLSocketWithHttps(TSSLTransportFactory.getClientSocket(str, i, i2, tSSLTransportParameters));
    }

    private static TSocket getSSLSocketWithHttps(TSocket tSocket) throws TTransportException {
        SSLSocket sSLSocket = (SSLSocket) tSocket.getSocket();
        SSLParameters sSLParameters = sSLSocket.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        sSLSocket.setSSLParameters(sSLParameters);
        return new TSocket(sSLSocket);
    }

    public static TServerSocket getServerSocket(String str, int i) throws TTransportException {
        return new TServerSocket((str == null || str.isEmpty()) ? new InetSocketAddress(i) : new InetSocketAddress(str, i));
    }

    public static TServerSocket getServerSSLSocket(String str, int i, String str2, String str3, List<String> list, String str4) throws TTransportException, UnknownHostException {
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters(str4, (String[]) null);
        tSSLTransportParameters.setKeyStore(str2, str3, TrustManagerFactory.getDefaultAlgorithm(), KeyStore.getDefaultType());
        TServerSocket serverSocket = TSSLTransportFactory.getServerSocket(i, 0, ((str == null || str.isEmpty()) ? new InetSocketAddress(i) : new InetSocketAddress(str, i)).getAddress(), tSSLTransportParameters);
        if (serverSocket.getServerSocket() instanceof SSLServerSocket) {
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().trim().toLowerCase());
            }
            SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket.getServerSocket();
            ArrayList arrayList2 = new ArrayList();
            for (String str5 : sSLServerSocket.getEnabledProtocols()) {
                if (arrayList.contains(str5.toLowerCase())) {
                    LOG.debug("Disabling SSL Protocol: " + str5);
                } else {
                    arrayList2.add(str5);
                }
            }
            sSLServerSocket.setEnabledProtocols((String[]) arrayList2.toArray(new String[0]));
            LOG.info("SSL Server Socket Enabled Protocols: " + Arrays.toString(sSLServerSocket.getEnabledProtocols()));
        }
        return serverSocket;
    }

    public static TTransport getTrustAllSSLSocket(String str, int i, int i2) throws TTransportException {
        TrustManager[] trustManagerArr = {new X509ExtendedTrustManager() { // from class: org.apache.hadoop.hive.common.auth.HiveAuthUtils.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2, SSLEngine sSLEngine) throws CertificateException {
            }
        }};
        try {
            SSLContext sSLContext = FipsUtil.isFips() ? SSLContext.getInstance(MapRSecurityUtil.getSslProtocolVersion(), (Provider) new BouncyCastleJsseProvider()) : SSLContext.getInstance(MapRSecurityUtil.getSslProtocolVersion());
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
            sSLSocket.setSoTimeout(i2);
            return new TSocket(sSLSocket);
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException e) {
            throw new TTransportException("Couldn't create Trust All SSL socket", e);
        }
    }
}
