package org.apache.hive.service.auth;

import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.common.util.HiveStringUtils;
import org.apache.hive.service.ServiceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/LdapAuthenticationProviderImpl.class */
public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthenticationProviderImpl.class.getName());
    private static String ldapURL;
    private static String ldapDomain;
    private static List<String> baseDnList;
    private static boolean initialized;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapAuthenticationProviderImpl() {
        initialize();
    }

    private void initialize() {
        if (initialized) {
            return;
        }
        synchronized (LdapAuthenticationProviderImpl.class) {
            if (!initialized) {
                ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
                String var = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
                String var2 = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_EXTRA_BASEDNS);
                ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
                baseDnList = new ArrayList();
                baseDnList.add(var == null ? StringUtils.EMPTY : var);
                if (var2 != null) {
                    for (String str : var2.split("\\s+")) {
                        if (str.length() != 0 && !baseDnList.contains(str)) {
                            baseDnList.add(str);
                        }
                    }
                }
                initialized = true;
            }
        }
    }

    @Override // org.apache.hive.service.auth.PasswdAuthenticationProvider
    public void Authenticate(String str, String str2) throws AuthenticationException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", ldapURL);
        if (!hasDomain(str) && ldapDomain != null) {
            str = str + "@" + ldapDomain;
        }
        for (int i = 0; i < baseDnList.size(); i++) {
            String bindDn = getBindDn(str, baseDnList.get(i));
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", bindDn);
            hashtable.put("java.naming.security.credentials", str2);
            try {
                new InitialDirContext(hashtable).close();
                return;
            } catch (NamingException e) {
                if (i == baseDnList.size() - 1) {
                    throw new AuthenticationException("Error validating LDAP user", e);
                }
                LOGGER.debug("Error validating LDAP user {} and continue to validate with the next bind dn", bindDn, e);
            }
        }
    }

    private boolean hasDomain(String str) {
        return ServiceUtils.indexOfDomainMatch(str) > 0;
    }

    private String getBindDn(String str, String str2) {
        return (str2 == null || str2.length() == 0) ? str : "uid=" + str + HiveStringUtils.COMMA_STR + str2;
    }
}
