public class oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler extends java.lang.Object implements oadd.org.apache.hadoop.security.authentication.server.AuthenticationHandler
{
private static org.slf4j.Logger logger;
public static final java.lang.String TYPE;
public static final java.lang.String SECURITY_AUTHENTICATION;
public static final java.lang.String PROVIDER_URL;
public static final java.lang.String BASE_DN;
public static final java.lang.String LDAP_BIND_DOMAIN;
public static final java.lang.String ENABLE_START_TLS;
private java.lang.String ldapDomain;
private java.lang.String baseDN;
private java.lang.String providerUrl;
private java.lang.Boolean enableStartTls;
private java.lang.Boolean disableHostNameVerification;
public void <init>()
{
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
specialinvoke v.<java.lang.Object: void <init>()>();
return;
}
public void setEnableStartTls(java.lang.Boolean)
{
java.lang.Boolean v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.lang.Boolean;
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean enableStartTls> = v;
return;
}
public void setDisableHostNameVerification(java.lang.Boolean)
{
java.lang.Boolean v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.lang.Boolean;
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean disableHostNameVerification> = v;
return;
}
public java.lang.String getType()
{
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
return "ldap";
}
public void init(java.util.Properties) throws javax.servlet.ServletException
{
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
java.lang.Boolean v, v;
java.lang.String v, v, v, v, v, v, v, v, v;
boolean v, v, v, v, v, v;
java.util.Properties v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.util.Properties;
v = virtualinvoke v.<java.util.Properties: java.lang.String getProperty(java.lang.String)>("ldap.basedn");
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String baseDN> = v;
v = virtualinvoke v.<java.util.Properties: java.lang.String getProperty(java.lang.String)>("ldap.providerurl");
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String providerUrl> = v;
v = virtualinvoke v.<java.util.Properties: java.lang.String getProperty(java.lang.String)>("ldap.binddomain");
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String ldapDomain> = v;
v = virtualinvoke v.<java.util.Properties: java.lang.String getProperty(java.lang.String,java.lang.String)>("ldap.enablestarttls", "false");
v = staticinvoke <java.lang.Boolean: java.lang.Boolean valueOf(java.lang.String)>(v);
v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean enableStartTls> = v;
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String providerUrl>;
staticinvoke <oadd.com.google.common.base.Preconditions: java.lang.Object checkNotNull(java.lang.Object,java.lang.Object)>(v, "The LDAP URI can not be null");
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String baseDN>;
if v != null goto label;
v = 1;
goto label;
label:
v = 0;
label:
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String ldapDomain>;
if v != null goto label;
v = 1;
goto label;
label:
v = 0;
label:
v = v ^ v;
staticinvoke <oadd.com.google.common.base.Preconditions: void checkArgument(boolean,java.lang.Object)>(v, "Either LDAP base DN or LDAP domain value needs to be specified");
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean enableStartTls>;
v = virtualinvoke v.<java.lang.Boolean: boolean booleanValue()>();
if v == 0 goto label;
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String providerUrl>;
v = virtualinvoke v.<java.lang.String: java.lang.String toLowerCase()>();
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>("ldaps");
if v != 0 goto label;
v = 1;
goto label;
label:
v = 0;
label:
staticinvoke <oadd.com.google.common.base.Preconditions: void checkArgument(boolean,java.lang.Object)>(v, "Can not use ldaps and StartTLS option at the same time");
label:
return;
}
public void destroy()
{
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
return;
}
public boolean managementOperation(oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.io.IOException, oadd.org.apache.hadoop.security.authentication.client.AuthenticationException
{
javax.servlet.http.HttpServletRequest v;
oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken v;
javax.servlet.http.HttpServletResponse v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken;
v := @parameter: javax.servlet.http.HttpServletRequest;
v := @parameter: javax.servlet.http.HttpServletResponse;
return 1;
}
public oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.io.IOException, oadd.org.apache.hadoop.security.authentication.client.AuthenticationException
{
byte[] v;
oadd.org.apache.commons.codec.binary.Base v;
java.lang.String[] v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
javax.servlet.http.HttpServletRequest v;
java.nio.charset.Charset v;
int v, v;
java.lang.String v, v, v, v, v, v, v;
boolean v;
org.slf4j.Logger v, v;
oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken v;
javax.servlet.http.HttpServletResponse v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: javax.servlet.http.HttpServletRequest;
v := @parameter: javax.servlet.http.HttpServletResponse;
v = null;
v = interfaceinvoke v.<javax.servlet.http.HttpServletRequest: java.lang.String getHeader(java.lang.String)>("Authorization");
if v == null goto label;
v = staticinvoke <oadd.org.apache.hadoop.security.authentication.server.AuthenticationHandlerUtil: boolean matchAuthScheme(java.lang.String,java.lang.String)>("Basic", v);
if v != 0 goto label;
label:
interfaceinvoke v.<javax.servlet.http.HttpServletResponse: void setHeader(java.lang.String,java.lang.String)>("WWW-Authenticate", "Basic");
interfaceinvoke v.<javax.servlet.http.HttpServletResponse: void setStatus(int)>(401);
if v != null goto label;
v = <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void trace(java.lang.String)>("Basic auth starting");
goto label;
label:
v = <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>("\'Authorization\' does not start with \'Basic\' :  {}", v);
goto label;
label:
v = "Basic";
v = virtualinvoke v.<java.lang.String: int length()>();
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int)>(v);
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = new oadd.org.apache.commons.codec.binary.Base;
specialinvoke v.<oadd.org.apache.commons.codec.binary.Base64: void <init>(int)>(0);
v = new java.lang.String;
v = virtualinvoke v.<oadd.org.apache.commons.codec.binary.Base64: byte[] decode(java.lang.String)>(v);
v = <java.nio.charset.StandardCharsets: java.nio.charset.Charset UTF_8>;
specialinvoke v.<java.lang.String: void <init>(byte[],java.nio.charset.Charset)>(v, v);
v = virtualinvoke v.<java.lang.String: java.lang.String[] split(java.lang.String,int)>(":", 2);
v = lengthof v;
if v != 2 goto label;
v = v[0];
v = v[1];
v = specialinvoke v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken authenticateUser(java.lang.String,java.lang.String)>(v, v);
interfaceinvoke v.<javax.servlet.http.HttpServletResponse: void setStatus(int)>(200);
label:
return v;
}
private oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken authenticateUser(java.lang.String, java.lang.String) throws oadd.org.apache.hadoop.security.authentication.client.AuthenticationException
{
byte[] v;
oadd.org.apache.hadoop.security.authentication.client.AuthenticationException v, v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
byte v;
java.nio.charset.Charset v;
java.lang.Boolean v;
java.lang.String v, v, v, v, v, v, v;
boolean v, v, v, v;
oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new oadd.org.apache.hadoop.security.authentication.client.AuthenticationException;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.client.AuthenticationException: void <init>(java.lang.String)>("Error validating LDAP user: a null or blank username has been provided");
throw v;
label:
v = staticinvoke <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: boolean hasDomain(java.lang.String)>(v);
if v != 0 goto label;
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String ldapDomain>;
if v == null goto label;
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String ldapDomain>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u0001@\u0001");
label:
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v != 0 goto label;
v = <java.nio.charset.StandardCharsets: java.nio.charset.Charset UTF_8>;
v = virtualinvoke v.<java.lang.String: byte[] getBytes(java.nio.charset.Charset)>(v);
v = v[0];
if v != 0 goto label;
label:
v = new oadd.org.apache.hadoop.security.authentication.client.AuthenticationException;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.client.AuthenticationException: void <init>(java.lang.String)>("Error validating LDAP user: a null or blank password has been provided");
throw v;
label:
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String baseDN>;
if v != null goto label;
v = v;
goto label;
label:
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String baseDN>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("uid=\u,\u0001");
label:
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean enableStartTls>;
v = virtualinvoke v.<java.lang.Boolean: boolean booleanValue()>();
if v == 0 goto label;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: void authenticateWithTlsExtension(java.lang.String,java.lang.String)>(v, v);
goto label;
label:
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: void authenticateWithoutTlsExtension(java.lang.String,java.lang.String)>(v, v);
label:
v = new oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.server.AuthenticationToken: void <init>(java.lang.String,java.lang.String,java.lang.String)>(v, v, "ldap");
return v;
}
private void authenticateWithTlsExtension(java.lang.String, java.lang.String) throws oadd.org.apache.hadoop.security.authentication.client.AuthenticationException
{
java.lang.Throwable v;
javax.naming.ldap.InitialLdapContext v, v;
oadd.org.apache.hadoop.security.authentication.client.AuthenticationException v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
javax.naming.ldap.ExtendedResponse v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler$1 v;
java.lang.Boolean v;
java.lang.String v, v, v;
javax.naming.ldap.StartTlsRequest v;
java.util.Hashtable v;
boolean v;
org.slf4j.Logger v;
java.lang.Exception v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = new java.util.Hashtable;
specialinvoke v.<java.util.Hashtable: void <init>()>();
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String providerUrl>;
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.provider.url", v);
label:
v = new javax.naming.ldap.InitialLdapContext;
specialinvoke v.<javax.naming.ldap.InitialLdapContext: void <init>(java.util.Hashtable,javax.naming.ldap.Control[])>(v, null);
v = new javax.naming.ldap.StartTlsRequest;
specialinvoke v.<javax.naming.ldap.StartTlsRequest: void <init>()>();
v = interfaceinvoke v.<javax.naming.ldap.LdapContext: javax.naming.ldap.ExtendedResponse extendedOperation(javax.naming.ldap.ExtendedRequest)>(v);
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.Boolean disableHostNameVerification>;
v = virtualinvoke v.<java.lang.Boolean: boolean booleanValue()>();
if v == 0 goto label;
v = new oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler$1;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler$1: void <init>(oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler)>(v);
virtualinvoke v.<javax.naming.ldap.StartTlsResponse: void setHostnameVerifier(javax.net.ssl.HostnameVerifier)>(v);
label:
virtualinvoke v.<javax.naming.ldap.StartTlsResponse: javax.net.ssl.SSLSession negotiate()>();
interfaceinvoke v.<javax.naming.ldap.LdapContext: java.lang.Object addToEnvironment(java.lang.String,java.lang.Object)>("java.naming.security.authentication", "simple");
interfaceinvoke v.<javax.naming.ldap.LdapContext: java.lang.Object addToEnvironment(java.lang.String,java.lang.Object)>("java.naming.security.principal", v);
interfaceinvoke v.<javax.naming.ldap.LdapContext: java.lang.Object addToEnvironment(java.lang.String,java.lang.Object)>("java.naming.security.credentials", v);
interfaceinvoke v.<javax.naming.ldap.LdapContext: java.lang.Object lookup(java.lang.String)>(v);
v = <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("Authentication successful for {}", v);
label:
goto label;
label:
v := @caughtexception;
v = new oadd.org.apache.hadoop.security.authentication.client.AuthenticationException;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.client.AuthenticationException: void <init>(java.lang.String,java.lang.Throwable)>("Error validating LDAP user", v);
throw v;
label:
v := @caughtexception;
throw v;
label:
return;
catch javax.naming.NamingException from label to label with label;
catch java.io.IOException from label to label with label;
catch java.lang.Throwable from label to label with label;
}
private void authenticateWithoutTlsExtension(java.lang.String, java.lang.String) throws oadd.org.apache.hadoop.security.authentication.client.AuthenticationException
{
org.slf4j.Logger v;
oadd.org.apache.hadoop.security.authentication.client.AuthenticationException v;
javax.naming.NamingException v;
oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler v;
javax.naming.directory.InitialDirContext v;
java.lang.String v, v, v;
java.util.Hashtable v;
v := @this: oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = new java.util.Hashtable;
specialinvoke v.<java.util.Hashtable: void <init>()>();
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
v = v.<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: java.lang.String providerUrl>;
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.provider.url", v);
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.security.authentication", "simple");
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.security.principal", v);
virtualinvoke v.<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>("java.naming.security.credentials", v);
label:
v = new javax.naming.directory.InitialDirContext;
specialinvoke v.<javax.naming.directory.InitialDirContext: void <init>(java.util.Hashtable)>(v);
interfaceinvoke v.<javax.naming.Context: void close()>();
v = <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("Authentication successful for {}", v);
label:
goto label;
label:
v := @caughtexception;
v = new oadd.org.apache.hadoop.security.authentication.client.AuthenticationException;
specialinvoke v.<oadd.org.apache.hadoop.security.authentication.client.AuthenticationException: void <init>(java.lang.String,java.lang.Throwable)>("Error validating LDAP user", v);
throw v;
label:
return;
catch javax.naming.NamingException from label to label with label;
}
private static boolean hasDomain(java.lang.String)
{
int v;
java.lang.String v;
boolean v;
v := @parameter: java.lang.String;
v = staticinvoke <oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: int indexOfDomainMatch(java.lang.String)>(v);
if v <= 0 goto label;
v = 1;
goto label;
label:
v = 0;
label:
return v;
}
private static int indexOfDomainMatch(java.lang.String)
{
int v, v, v, v, v;
java.lang.String v;
v := @parameter: java.lang.String;
if v != null goto label;
v = (int) -1;
return v;
label:
v = virtualinvoke v.<java.lang.String: int indexOf(int)>(47);
v = virtualinvoke v.<java.lang.String: int indexOf(int)>(64);
v = staticinvoke <java.lang.Math: int min(int,int)>(v, v);
v = (int) -1;
if v != v goto label;
v = staticinvoke <java.lang.Math: int max(int,int)>(v, v);
label:
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Loadd/org/apache/hadoop/security/authentication/server/LdapAuthenticationHandler;");
<oadd.org.apache.hadoop.security.authentication.server.LdapAuthenticationHandler: org.slf4j.Logger logger> = v;
return;
}
}