package org.apache.hive.service.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.util.Iterator;
import java.util.List;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.ServiceUtils;
import org.apache.hive.service.auth.ldap.ChainFilterFactory;
import org.apache.hive.service.auth.ldap.CustomQueryFilterFactory;
import org.apache.hive.service.auth.ldap.DirSearch;
import org.apache.hive.service.auth.ldap.DirSearchFactory;
import org.apache.hive.service.auth.ldap.Filter;
import org.apache.hive.service.auth.ldap.FilterFactory;
import org.apache.hive.service.auth.ldap.GroupFilterFactory;
import org.apache.hive.service.auth.ldap.LdapSearchFactory;
import org.apache.hive.service.auth.ldap.LdapUtils;
import org.apache.hive.service.auth.ldap.UserFilterFactory;
import org.apache.hive.service.auth.ldap.UserSearchFilterFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hive-service-2.3.8-mapr-2104.jar:org/apache/hive/service/auth/LdapAuthenticationProviderImpl.class */
public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) LdapAuthenticationProviderImpl.class);
    private static final List<FilterFactory> FILTER_FACTORIES = ImmutableList.of((ChainFilterFactory) new CustomQueryFilterFactory(), new ChainFilterFactory(new UserSearchFilterFactory(), new UserFilterFactory(), new GroupFilterFactory()));
    private final HiveConf conf;
    private final Filter filter;
    private final DirSearchFactory searchFactory;

    public LdapAuthenticationProviderImpl(HiveConf hiveConf) {
        this(hiveConf, new LdapSearchFactory());
    }

    @VisibleForTesting
    LdapAuthenticationProviderImpl(HiveConf hiveConf, DirSearchFactory dirSearchFactory) {
        this.conf = hiveConf;
        this.searchFactory = dirSearchFactory;
        this.filter = resolveFilter(hiveConf);
    }

    @Override // org.apache.hive.service.auth.PasswdAuthenticationProvider
    public void Authenticate(String str, String str2) throws AuthenticationException {
        DirSearch dirSearch = null;
        try {
            dirSearch = createDirSearch(str, str2);
            applyFilter(dirSearch, str);
            ServiceUtils.cleanup(LOG, dirSearch);
        } catch (Throwable th) {
            ServiceUtils.cleanup(LOG, dirSearch);
            throw th;
        }
    }

    private DirSearch createDirSearch(String str, String str2) throws AuthenticationException {
        if (StringUtils.isBlank(str)) {
            throw new AuthenticationException("Error validating LDAP user: a null or blank user name has been provided");
        }
        if (StringUtils.isBlank(str2) || str2.getBytes()[0] == 0) {
            throw new AuthenticationException("Error validating LDAP user: a null or blank password has been provided");
        }
        Iterator<String> it = LdapUtils.createCandidatePrincipals(this.conf, str).iterator();
        while (it.hasNext()) {
            try {
                return this.searchFactory.getInstance(this.conf, it.next(), str2);
            } catch (AuthenticationException e) {
                if (!it.hasNext()) {
                    throw e;
                }
            }
        }
        throw new AuthenticationException(String.format("No candidate principals for %s was found.", str));
    }

    private static Filter resolveFilter(HiveConf hiveConf) {
        Iterator<FilterFactory> it = FILTER_FACTORIES.iterator();
        while (it.hasNext()) {
            Filter filterFactory = it.next().getInstance(hiveConf);
            if (filterFactory != null) {
                return filterFactory;
            }
        }
        return null;
    }

    private void applyFilter(DirSearch dirSearch, String str) throws AuthenticationException {
        if (this.filter != null) {
            if (LdapUtils.hasDomain(str)) {
                this.filter.apply(dirSearch, LdapUtils.extractUserName(str));
            } else {
                this.filter.apply(dirSearch, str);
            }
        }
    }
}
