package org.apache.hive.service.auth;

import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.NewCookie;
import org.apache.hive.service.CookieSigner;
import org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/HttpAuthService.class */
public class HttpAuthService {
    public static final String USERNAME_REQUEST_PARAM_NAME = "username";
    public static final String PASSWORD_REQUEST_PARAM_NAME = "password";
    public static final String HIVE_SERVER2_WEBUI_AUTH_COOKIE_NAME = "hive.server2.webui.auth";
    private final CookieSigner signer = new CookieSigner(Long.toString(RAN.nextLong()).getBytes());
    private final String cookieDomain;
    private final String cookiePath;
    private final int cookieMaxAge;
    private final boolean isCookieSecure;
    private final String authCookieName;
    private static final Logger LOG = LoggerFactory.getLogger(HttpAuthService.class);
    private static final SecureRandom RAN = new SecureRandom();

    public HttpAuthService(String str, String str2, int i, boolean z, String str3) {
        this.cookieMaxAge = i;
        this.cookieDomain = str;
        this.cookiePath = str2;
        this.authCookieName = str3;
        this.isCookieSecure = z;
    }

    public Cookie signAndCreateCookie(String str) {
        return createCookie(this.signer.signCookie(str));
    }

    public Cookie createCookie(String str) {
        Cookie cookie = new Cookie(this.authCookieName, str);
        cookie.setMaxAge(this.cookieMaxAge);
        if (this.cookieDomain != null) {
            cookie.setDomain(this.cookieDomain);
        }
        if (this.cookiePath != null) {
            cookie.setPath(this.cookiePath);
        }
        cookie.setSecure(this.isCookieSecure);
        return cookie;
    }

    public String validateCookie(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Received cookies: {}", toCookieStr(cookies));
            }
            return getClientNameFromCookie(cookies);
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("No valid cookies associated with the request {}", httpServletRequest);
        return null;
    }

    private String getClientNameFromCookie(Cookie[] cookieArr) {
        String str;
        for (Cookie cookie : cookieArr) {
            if (cookie.getName().equals(this.authCookieName)) {
                try {
                    str = this.signer.verifyAndExtract(cookie.getValue());
                } catch (IllegalArgumentException e) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Invalid cookie", e);
                    }
                    str = null;
                }
                if (str == null) {
                    continue;
                } else {
                    String userNameFromCookieToken = HttpAuthUtils.getUserNameFromCookieToken(str);
                    if (userNameFromCookieToken != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Validated the cookie for user {}", userNameFromCookieToken);
                        }
                        return userNameFromCookieToken;
                    }
                    LOG.warn("Invalid cookie token {}", str);
                }
            }
        }
        return null;
    }

    public String verifyAndExtract(String str) {
        return this.signer.verifyAndExtract(str);
    }

    private String toCookieStr(Cookie[] cookieArr) {
        StringBuilder sb = new StringBuilder();
        for (Cookie cookie : cookieArr) {
            sb.append(cookie.getName()).append('=').append(cookie.getValue()).append(" ;\n");
        }
        return sb.toString();
    }

    public String getUsername(HttpServletRequest httpServletRequest) throws HttpAuthenticationException {
        String parameter = httpServletRequest.getParameter(USERNAME_REQUEST_PARAM_NAME);
        if (parameter != null && !parameter.isEmpty()) {
            return parameter;
        }
        String[] split = getAuthHeaderDecodedString(httpServletRequest).split(":", 2);
        if (split[0] == null || split[0].isEmpty()) {
            throw new HttpAuthenticationException("Authorization header received from the client does not contain username.");
        }
        return split[0];
    }

    public String getPassword(HttpServletRequest httpServletRequest) throws HttpAuthenticationException {
        String parameter = httpServletRequest.getParameter(PASSWORD_REQUEST_PARAM_NAME);
        if (parameter != null && !parameter.isEmpty()) {
            return parameter;
        }
        String[] split = getAuthHeaderDecodedString(httpServletRequest).split(":", 2);
        if (split.length < 2 || split[1] == null || split[1].isEmpty()) {
            throw new HttpAuthenticationException("Authorization header received from the client does not contain password.");
        }
        return split[1];
    }

    private String getAuthHeaderDecodedString(HttpServletRequest httpServletRequest) throws HttpAuthenticationException {
        try {
            return new String(Base64.getDecoder().decode(getAuthHeader(httpServletRequest)), StandardCharsets.UTF_8);
        } catch (IllegalArgumentException e) {
            throw new HttpAuthenticationException("Authorization header received from the client does not contain base64 encoded data", e);
        }
    }

    public String getAuthHeader(HttpServletRequest httpServletRequest) throws HttpAuthenticationException {
        String header = httpServletRequest.getHeader(HttpAuthUtils.AUTHORIZATION);
        if (header == null || header.isEmpty()) {
            throw new HttpEmptyAuthenticationException("Authorization header received from the client is empty.");
        }
        LOG.debug("HTTP Auth Header [{}]", header);
        String[] split = header.split(" ");
        String str = split[split.length - 1];
        if (str.isEmpty()) {
            throw new HttpAuthenticationException("Authorization header received from the client does not contain any data.");
        }
        return str;
    }

    public static String getHttpOnlyCookieHeader(Cookie cookie) {
        return new NewCookie(cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getVersion(), cookie.getComment(), cookie.getMaxAge(), cookie.getSecure()) + "; HttpOnly";
    }
}
