package org.apache.hadoop.hive.shims;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jodd.util.SystemUtil;
import org.apache.hadoop.hive.thrift.DelegationTokenIdentifier;
import org.apache.hadoop.hive.thrift.DelegationTokenSelector;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hive.jdbc.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/hive-shims-common-2.3.3-mapr-1904.jar:org/apache/hadoop/hive/shims/Utils.class
 */
/* loaded from: input_file:WEB-INF/lib/hive-exec-2.3.3-mapr-1904.jar:org/apache/hadoop/hive/shims/Utils.class */
public class Utils {
    public static final String XSRF_CUSTOM_HEADER_PARAM = "custom-header";
    public static final String XSRF_CUSTOM_METHODS_TO_IGNORE_PARAM = "methods-to-ignore";
    private static final String XSRF_HEADER_DEFAULT = "X-XSRF-HEADER";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) Utils.class);
    private static final boolean IBM_JAVA = System.getProperty(SystemUtil.JAVA_VENDOR).contains("IBM");
    private static final Set<String> XSRF_METHODS_TO_IGNORE_DEFAULT = new HashSet(Arrays.asList("GET", "OPTIONS", "HEAD", "TRACE"));

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/hive-shims-common-2.3.3-mapr-1904.jar:org/apache/hadoop/hive/shims/Utils$JaasConfiguration.class
     */
    /* loaded from: input_file:WEB-INF/lib/hive-exec-2.3.3-mapr-1904.jar:org/apache/hadoop/hive/shims/Utils$JaasConfiguration.class */
    private static class JaasConfiguration extends Configuration {
        private static final boolean IBM_JAVA = System.getProperty(SystemUtil.JAVA_VENDOR).contains("IBM");
        private final Configuration baseConfig = Configuration.getConfiguration();
        private final String loginContextName;
        private final String principal;
        private final String keyTabFile;

        public JaasConfiguration(String str, String str2, String str3) {
            this.loginContextName = str;
            this.principal = str2;
            this.keyTabFile = str3;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (!this.loginContextName.equals(str)) {
                if (this.baseConfig != null) {
                    return this.baseConfig.getAppConfigurationEntry(str);
                }
                return null;
            }
            HashMap hashMap = new HashMap();
            if (IBM_JAVA) {
                hashMap.put("credsType", "both");
                hashMap.put("useKeytab", this.keyTabFile);
            } else {
                hashMap.put("doNotPrompt", "true");
                hashMap.put("storeKey", "true");
                hashMap.put("useKeyTab", "true");
                hashMap.put("keyTab", this.keyTabFile);
            }
            hashMap.put(Utils.JdbcConnectionParams.AUTH_PRINCIPAL, this.principal);
            hashMap.put("refreshKrb5Config", "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    public static UserGroupInformation getUGI() throws LoginException, IOException {
        String str = System.getenv("HADOOP_USER_NAME");
        return (str == null || str.length() <= 0) ? UserGroupInformation.getCurrentUser() : UserGroupInformation.createProxyUser(str, UserGroupInformation.getLoginUser());
    }

    public static String getTokenStrForm(String str) throws IOException {
        Token selectToken = new DelegationTokenSelector().selectToken(str == null ? new Text() : new Text(str), UserGroupInformation.getCurrentUser().getTokens());
        if (selectToken != null) {
            return selectToken.encodeToUrlString();
        }
        return null;
    }

    public static void setTokenStr(UserGroupInformation userGroupInformation, String str, String str2) throws IOException {
        userGroupInformation.addToken(createToken(str, str2));
    }

    public static String addServiceToToken(String str, String str2) throws IOException {
        return createToken(str, str2).encodeToUrlString();
    }

    private static Token<DelegationTokenIdentifier> createToken(String str, String str2) throws IOException {
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(str);
        token.setService(new Text(str2));
        return token;
    }

    public static void setZookeeperClientKerberosJaasConfig(String str, String str2) throws IOException {
        System.setProperty("zookeeper.sasl.clientconfig", "HiveZooKeeperClient");
        Configuration.setConfiguration(new JaasConfiguration("HiveZooKeeperClient", SecurityUtil.getServerPrincipal(str, "0.0.0.0"), str2));
    }

    public static Filter getXSRFFilter() {
        try {
            Filter filter = (Filter) Class.forName("org.apache.hadoop.security.http.RestCsrfPreventionFilter").newInstance();
            LOG.debug("Filter {} found, using as-is.", "org.apache.hadoop.security.http.RestCsrfPreventionFilter");
            return filter;
        } catch (Exception e) {
            LOG.debug("Unable to use {}, got exception {}. Using internal shims impl of filter.", "org.apache.hadoop.security.http.RestCsrfPreventionFilter", e.getClass().getName());
            return constructXSRFFilter();
        }
    }

    private static Filter constructXSRFFilter() {
        return new Filter() { // from class: org.apache.hadoop.hive.shims.Utils.1
            private String headerName = Utils.XSRF_HEADER_DEFAULT;
            private Set<String> methodsToIgnore = Utils.XSRF_METHODS_TO_IGNORE_DEFAULT;

            @Override // javax.servlet.Filter
            public void init(FilterConfig filterConfig) throws ServletException {
                String initParameter = filterConfig.getInitParameter(Utils.XSRF_CUSTOM_HEADER_PARAM);
                if (initParameter != null) {
                    this.headerName = initParameter;
                }
                String initParameter2 = filterConfig.getInitParameter(Utils.XSRF_CUSTOM_METHODS_TO_IGNORE_PARAM);
                if (initParameter2 != null) {
                    parseMethodsToIgnore(initParameter2);
                }
            }

            void parseMethodsToIgnore(String str) {
                String[] split = str.split(",");
                this.methodsToIgnore = new HashSet();
                for (String str2 : split) {
                    this.methodsToIgnore.add(str2);
                }
            }

            @Override // javax.servlet.Filter
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                if (Utils.doXsrfFilter(servletRequest, servletResponse, this.methodsToIgnore, this.headerName)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                }
            }

            @Override // javax.servlet.Filter
            public void destroy() {
            }
        };
    }

    public static boolean doXsrfFilter(ServletRequest servletRequest, ServletResponse servletResponse, Set<String> set, String str) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (set == null) {
            set = XSRF_METHODS_TO_IGNORE_DEFAULT;
        }
        if (str == null) {
            str = XSRF_HEADER_DEFAULT;
        }
        if (set.contains(httpServletRequest.getMethod()) || httpServletRequest.getHeader(str) != null) {
            return true;
        }
        ((HttpServletResponse) servletResponse).sendError(400, "Missing Required Header for Vulnerability Protection");
        servletResponse.getWriter().println("XSRF filter denial, requests must contain header : " + str);
        return false;
    }
}
