package org.apache.hive.service.auth;

import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hive-service-2.1.1-mapr-1803.jar:org/apache/hive/service/auth/HttpAuthUtils.class */
public final class HttpAuthUtils {
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String AUTHORIZATION = "Authorization";
    public static final String BASIC = "Basic";
    public static final String NEGOTIATE = "Negotiate";
    private static final String COOKIE_ATTR_SEPARATOR = "&";
    private static final String COOKIE_KEY_VALUE_SEPARATOR = "=";
    private static final Logger LOG = LoggerFactory.getLogger(HttpAuthUtils.class);
    private static final String COOKIE_CLIENT_USER_NAME = "cu";
    private static final String COOKIE_CLIENT_RAND_NUMBER = "rn";
    private static final Set<String> COOKIE_ATTRIBUTES = new HashSet(Arrays.asList(COOKIE_CLIENT_USER_NAME, COOKIE_CLIENT_RAND_NUMBER));

    /* loaded from: input_file:WEB-INF/lib/hive-service-2.1.1-mapr-1803.jar:org/apache/hive/service/auth/HttpAuthUtils$HttpKerberosClientAction.class */
    public static class HttpKerberosClientAction implements PrivilegedExceptionAction<String> {
        public static final String HTTP_RESPONSE = "HTTP_RESPONSE";
        public static final String SERVER_HTTP_URL = "SERVER_HTTP_URL";
        private final String serverPrincipal;
        private final String serverHttpUrl;
        private final Base64 base64codec = new Base64(0);
        private final HttpContext httpContext = new BasicHttpContext();

        public HttpKerberosClientAction(String str, String str2) {
            this.serverPrincipal = str;
            this.serverHttpUrl = str2;
            this.httpContext.setAttribute(SERVER_HTTP_URL, str2);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public String run() throws Exception {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.serverPrincipal, oid2), oid, (GSSCredential) null, 0);
            createContext.requestMutualAuth(false);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            createContext.dispose();
            return new String(this.base64codec.encode(initSecContext));
        }
    }

    public static String getKerberosServiceTicket(String str, String str2, String str3, boolean z) throws Exception {
        String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(str, str2);
        if (!z) {
            return (String) ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf(KerberosAuthenticationHandler.TYPE).doAs(new HttpKerberosClientAction(serverPrincipal, str3));
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            throw new Exception("The Subject is not set");
        }
        return (String) Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, str3));
    }

    public static String createCookieToken(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(COOKIE_CLIENT_USER_NAME).append("=").append(str).append(COOKIE_ATTR_SEPARATOR);
        sb.append(COOKIE_CLIENT_RAND_NUMBER).append("=").append(new Random(System.currentTimeMillis()).nextLong());
        return sb.toString();
    }

    public static String getUserNameFromCookieToken(String str) {
        Map<String, String> splitCookieToken = splitCookieToken(str);
        if (splitCookieToken.keySet().equals(COOKIE_ATTRIBUTES)) {
            return splitCookieToken.get(COOKIE_CLIENT_USER_NAME);
        }
        LOG.error("Invalid token with missing attributes " + str);
        return null;
    }

    private static Map<String, String> splitCookieToken(String str) {
        HashMap hashMap = new HashMap();
        StringTokenizer stringTokenizer = new StringTokenizer(str, COOKIE_ATTR_SEPARATOR);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf("=");
            if (indexOf == -1) {
                LOG.error("Invalid token string " + str);
                return null;
            }
            hashMap.put(nextToken.substring(0, indexOf), nextToken.substring(indexOf + 1));
        }
        return hashMap;
    }

    private HttpAuthUtils() {
        throw new UnsupportedOperationException("Can't initialize class");
    }
}
