package org.apache.hive.service.auth;

import com.facebook.presto.hive.$internal.org.apache.commons.codec.binary.Base64;
import com.facebook.presto.hive.$internal.org.apache.hadoop.hive.conf.HiveConf;
import com.facebook.presto.hive.$internal.org.apache.hadoop.hive.shims.ShimLoader;
import com.facebook.presto.hive.$internal.org.apache.hadoop.security.UserGroupInformation;
import com.facebook.presto.hive.$internal.org.apache.thrift.TProcessor;
import com.facebook.presto.hive.$internal.org.apache.thrift.TProcessorFactory;
import com.facebook.presto.hive.$internal.org.apache.thrift.transport.TTransport;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hive.service.cli.thrift.TCLIService;
import org.apache.hive.service.cli.thrift.ThriftCLIService;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/apache/hive/service/auth/HttpAuthUtils.class */
public class HttpAuthUtils {
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String AUTHORIZATION = "Authorization";
    public static final String BASIC = "Basic";
    public static final String NEGOTIATE = "Negotiate";

    /* loaded from: input_file:org/apache/hive/service/auth/HttpAuthUtils$HttpCLIServiceProcessorFactory.class */
    public static class HttpCLIServiceProcessorFactory extends TProcessorFactory {
        private final ThriftCLIService service;
        private final HiveConf hiveConf;
        private final boolean isDoAsEnabled;

        public HttpCLIServiceProcessorFactory(ThriftCLIService thriftCLIService) {
            super(null);
            this.service = thriftCLIService;
            this.hiveConf = thriftCLIService.getHiveConf();
            this.isDoAsEnabled = this.hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS);
        }

        @Override // com.facebook.presto.hive.$internal.org.apache.thrift.TProcessorFactory
        public TProcessor getProcessor(TTransport tTransport) {
            TCLIService.Processor processor = new TCLIService.Processor(this.service);
            return this.isDoAsEnabled ? new HttpCLIServiceUGIProcessor(processor) : processor;
        }
    }

    /* loaded from: input_file:org/apache/hive/service/auth/HttpAuthUtils$HttpKerberosClientAction.class */
    public static class HttpKerberosClientAction implements PrivilegedExceptionAction<String> {
        String serverPrincipal;
        String clientUserName;
        String serverHttpUrl;
        public static final String HTTP_RESPONSE = "HTTP_RESPONSE";
        public static final String SERVER_HTTP_URL = "SERVER_HTTP_URL";
        private final Base64 base64codec = new Base64(0);
        private final HttpContext httpContext = new BasicHttpContext();

        public HttpKerberosClientAction(String str, String str2, String str3) {
            this.serverPrincipal = str;
            this.clientUserName = str2;
            this.serverHttpUrl = str3;
            this.httpContext.setAttribute(SERVER_HTTP_URL, str3);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public String run() throws Exception {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.serverPrincipal, oid2), oid, gSSManager.createCredential(gSSManager.createName(this.clientUserName, GSSName.NT_USER_NAME), 0, oid, 1), 0);
            createContext.requestMutualAuth(false);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            createContext.dispose();
            return new String(this.base64codec.encode(initSecContext));
        }
    }

    public static TProcessorFactory getAuthProcFactory(ThriftCLIService thriftCLIService) {
        return new HttpCLIServiceProcessorFactory(thriftCLIService);
    }

    public static String getKerberosServiceTicket(String str, String str2, String str3) throws GSSException, IOException, InterruptedException {
        UserGroupInformation clientUGI = getClientUGI("kerberos");
        return (String) clientUGI.doAs(new HttpKerberosClientAction(getServerPrincipal(str, str2), clientUGI.getShortUserName(), str3));
    }

    private static String getServerPrincipal(String str, String str2) throws IOException {
        return ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(str, str2);
    }

    public static UserGroupInformation getClientUGI(String str) throws IOException {
        return ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf(str);
    }
}
