package org.apache.hive.service.auth;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.ServiceUtils;

/* loaded from: input_file:org/apache/hive/service/auth/LdapAuthenticationProviderImpl.class */
public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {
    private final String ldapURL;
    private final String baseDN;
    private final String ldapDomain;
    private final String userDNPattern;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapAuthenticationProviderImpl() {
        HiveConf hiveConf = new HiveConf();
        this.ldapURL = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
        this.baseDN = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
        this.ldapDomain = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
        this.userDNPattern = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v55, types: [java.util.List] */
    @Override // org.apache.hive.service.auth.PasswdAuthenticationProvider
    public void Authenticate(String str, String str2) throws AuthenticationException {
        if (!hasDomain(str) && this.ldapDomain != null) {
            str = str + "@" + this.ldapDomain;
        }
        if (str2 == null || str2.isEmpty() || str2.getBytes()[0] == 0) {
            throw new AuthenticationException("Error validating LDAP user: a null or blank password has been provided");
        }
        ArrayList arrayList = new ArrayList();
        if (!StringUtils.isBlank(this.userDNPattern)) {
            for (String str3 : this.userDNPattern.split(":")) {
                if (StringUtils.contains(str3, ",") && StringUtils.contains(str3, "=")) {
                    arrayList.add(str3.replaceAll("%s", str));
                }
            }
        } else if (StringUtils.isNotBlank(this.baseDN)) {
            arrayList.add("uid=" + str + "," + this.baseDN);
        }
        if (arrayList.isEmpty()) {
            arrayList = Collections.singletonList(str);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str4 = (String) it.next();
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", this.ldapURL);
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", str4);
            hashtable.put("java.naming.security.credentials", str2);
            try {
                new InitialDirContext(hashtable).close();
                return;
            } catch (NamingException e) {
                if (!it.hasNext()) {
                    throw new AuthenticationException("Error validating LDAP user", e);
                }
            }
        }
    }

    private boolean hasDomain(String str) {
        return ServiceUtils.indexOfDomainMatch(str) > 0;
    }
}
