package io.transwarp.hive.service.auth;

import io.transwarp.hadoop.hive.conf.HiveConf;
import io.transwarp.hive.service.auth.AuthenticationProviderFactory;
import java.security.Provider;
import java.util.ArrayDeque;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.jasig.cas.client.ssl.AnyHostnameVerifier;
import org.jasig.cas.client.ssl.HttpsURLConnectionFactory;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas30ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;

/* loaded from: input_file:io/transwarp/hive/service/auth/CasSaslServer.class */
public class CasSaslServer implements SaslServer {
    private final String casPrefix;
    private String user;
    private static HiveConf conf = new HiveConf();

    /* loaded from: input_file:io/transwarp/hive/service/auth/CasSaslServer$SaslCasServerFactory.class */
    public static class SaslCasServerFactory implements SaslServerFactory {
        public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
            if (!CasSaslHelper.CAS_METHOD.equals(str)) {
                return null;
            }
            try {
                return new CasSaslServer(callbackHandler, str2);
            } catch (SaslException e) {
                return null;
            }
        }

        public String[] getMechanismNames(Map<String, ?> map) {
            return new String[]{CasSaslHelper.CAS_METHOD};
        }
    }

    /* loaded from: input_file:io/transwarp/hive/service/auth/CasSaslServer$SaslCasServerProvider.class */
    public static class SaslCasServerProvider extends Provider {
        public SaslCasServerProvider() {
            super("HiveSaslCasServer", 1.0d, "Hive CAS SASL server provider");
            put("SaslServerFactory.CAS", SaslCasServerFactory.class.getName());
        }
    }

    CasSaslServer(CallbackHandler callbackHandler, String str) throws SaslException {
        AuthenticationProviderFactory.AuthMethods.getValidAuthMethod(str);
        this.casPrefix = conf.getVar(HiveConf.ConfVars.HIVE_SERVER_CAS_PREFIX);
    }

    public String getMechanismName() {
        return CasSaslHelper.CAS_METHOD;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        Cas30ProxyTicketValidator cas30ServiceTicketValidator;
        if (this.casPrefix == null) {
            throw new SaslException("The cas prefix is null");
        }
        ArrayDeque arrayDeque = new ArrayDeque();
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            if (b == 0) {
                arrayDeque.addLast(sb.toString());
                sb = new StringBuilder();
            } else {
                sb.append((char) b);
            }
        }
        arrayDeque.addLast(sb.toString());
        if (arrayDeque.size() != 2) {
            throw new SaslException("Invalid message format");
        }
        String str = (String) arrayDeque.removeLast();
        String str2 = (String) arrayDeque.removeLast();
        if (str2 == null || str2.isEmpty()) {
            throw new SaslException("No serviceUrl provided");
        }
        if (str == null || str.isEmpty()) {
            throw new SaslException("No cas ticket provided");
        }
        if (conf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER_CAS_ALLOW_PROXY)) {
            Cas30ProxyTicketValidator cas30ProxyTicketValidator = new Cas30ProxyTicketValidator(this.casPrefix);
            boolean boolVar = conf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER_CAS_ALLOW_PROXY);
            String var = conf.getVar(HiveConf.ConfVars.HIVE_SERVER_CAS_ALLOWED_PROXY_CHAINS);
            cas30ProxyTicketValidator.setAcceptAnyProxy(boolVar);
            if (var != null && !var.isEmpty()) {
                cas30ProxyTicketValidator.setAllowedProxyChains(CommonUtils.createProxyList(var));
            }
            cas30ServiceTicketValidator = cas30ProxyTicketValidator;
        } else {
            cas30ServiceTicketValidator = new Cas30ServiceTicketValidator(this.casPrefix);
        }
        AnyHostnameVerifier anyHostnameVerifier = new AnyHostnameVerifier();
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory();
        httpsURLConnectionFactory.setHostnameVerifier(anyHostnameVerifier);
        cas30ServiceTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        try {
            Assertion validate = cas30ServiceTicketValidator.validate(str, str2);
            if (!validate.isValid()) {
                throw new SaslException("CAS ticket is invalid");
            }
            this.user = validate.getPrincipal().getName();
            return null;
        } catch (TicketValidationException e) {
            throw new SaslException("Cannot validate the CAS ticket", e);
        }
    }

    public boolean isComplete() {
        return this.user != null;
    }

    public String getAuthorizationID() {
        return this.user;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new UnsupportedOperationException();
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new UnsupportedOperationException();
    }

    public Object getNegotiatedProperty(String str) {
        return null;
    }

    public void dispose() throws SaslException {
    }
}
