public abstract class org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil extends java.lang.Object
{
private static final org.slf4j.Logger LOG;
public static final java.lang.String KUDU_TICKETCACHE_PROPERTY;
private static final org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap CERT_DIGEST_TO_MESSAGE_DIGEST;
private static final long REFRESH_BEFORE_EXPIRATION_SECS;
public void <init>()
{
org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil v;
v := @this: org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil;
specialinvoke v.<java.lang.Object: void <init>()>();
return;
}
public static javax.security.auth.Subject getSubjectFromTicketCacheOrNull()
{
javax.security.auth.login.LoginException v, v;
org.slf4j.Logger v, v, v;
java.util.Set v;
org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil$1 v;
javax.security.auth.Subject v, v;
javax.security.auth.login.LoginContext v;
org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner v;
java.lang.String v, v, v;
boolean v;
v = new org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil$1;
specialinvoke v.<org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil$1: void <init>()>();
label:
v = new javax.security.auth.login.LoginContext;
v = new javax.security.auth.Subject;
specialinvoke v.<javax.security.auth.Subject: void <init>()>();
specialinvoke v.<javax.security.auth.login.LoginContext: void <init>(java.lang.String,javax.security.auth.Subject,javax.security.auth.callback.CallbackHandler,javax.security.auth.login.Configuration)>("kudu", v, null, v);
virtualinvoke v.<javax.security.auth.login.LoginContext: void login()>();
v = virtualinvoke v.<javax.security.auth.login.LoginContext: javax.security.auth.Subject getSubject()>();
v = <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.slf4j.Logger LOG>;
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner on(java.lang.String)>(",");
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrincipals()>();
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner: java.lang.String join(java.lang.Iterable)>(v);
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("Logged in as subject: {}", v);
label:
return v;
label:
v := @caughtexception;
v = <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.slf4j.Logger LOG>;
v = virtualinvoke v.<javax.security.auth.login.LoginException: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Could not login via JAAS. Using no credentials: \u0001");
v = <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.slf4j.Logger LOG>;
v = interfaceinvoke v.<org.slf4j.Logger: boolean isTraceEnabled()>();
if v == 0 goto label;
v = v;
goto label;
label:
v = null;
label:
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Throwable)>(v, v);
return null;
catch javax.security.auth.login.LoginException from label to label with label;
}
public static byte[] getEndpointChannelBindings(java.security.cert.Certificate)
{
byte[] v, v;
org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap v;
java.security.MessageDigest v;
java.lang.String[] v;
java.util.Locale v;
java.lang.String v, v, v, v;
boolean v;
java.lang.RuntimeException v, v;
java.lang.Exception v;
java.security.cert.Certificate v;
java.lang.Object v;
v := @parameter: java.security.cert.Certificate;
v = v instanceof java.security.cert.X509Certificate;
staticinvoke <org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Preconditions: void checkArgument(boolean,java.lang.Object)>(v, "can only handle X509 certs");
v = virtualinvoke v.<java.security.cert.X509Certificate: java.lang.String getSigAlgName()>();
v = <java.util.Locale: java.util.Locale ENGLISH>;
v = virtualinvoke v.<java.lang.String: java.lang.String toUpperCase(java.util.Locale)>(v);
v = virtualinvoke v.<java.lang.String: java.lang.String[] split(java.lang.String,int)>("WITH", 2);
v = <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap CERT_DIGEST_TO_MESSAGE_DIGEST>;
v = v[0];
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap: java.lang.Object get(java.lang.Object)>(v);
if v != null goto label;
v = new java.lang.RuntimeException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("cert uses unknown signature algorithm: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
label:
v = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(v);
v = virtualinvoke v.<java.security.cert.Certificate: byte[] getEncoded()>();
v = virtualinvoke v.<java.security.MessageDigest: byte[] digest(byte[])>(v);
label:
return v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.Throwable)>(v);
throw v;
catch java.lang.Exception from label to label with label;
}
public static boolean needsRefresh(javax.security.auth.Subject)
{
long v, v;
javax.security.auth.Subject v;
boolean v;
v := @parameter: javax.security.auth.Subject;
v = staticinvoke <java.lang.System: long currentTimeMillis()>();
v = v + 10000L;
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: boolean tgtExpiresBefore(javax.security.auth.Subject,long)>(v, v);
return v;
}
public static boolean isTgtExpired(javax.security.auth.Subject)
{
long v;
javax.security.auth.Subject v;
boolean v;
v := @parameter: javax.security.auth.Subject;
v = staticinvoke <java.lang.System: long currentTimeMillis()>();
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: boolean tgtExpiresBefore(javax.security.auth.Subject,long)>(v, v);
return v;
}
private static boolean tgtExpiresBefore(javax.security.auth.Subject, long)
{
byte v;
java.util.Date v;
long v, v;
javax.security.auth.kerberos.KerberosTicket v;
javax.security.auth.Subject v;
boolean v;
v := @parameter: javax.security.auth.Subject;
v := @parameter: long;
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: javax.security.auth.kerberos.KerberosTicket findTgt(javax.security.auth.Subject)>(v);
if v == null goto label;
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosTicket: java.util.Date getEndTime()>();
v = virtualinvoke v.<java.util.Date: long getTime()>();
v = v cmp v;
if v >= 0 goto label;
v = 1;
goto label;
label:
v = 0;
label:
return v;
label:
return 1;
}
private static javax.security.auth.kerberos.KerberosTicket findTgt(javax.security.auth.Subject)
{
java.lang.Throwable v;
java.util.Iterator v;
javax.security.auth.kerberos.KerberosPrincipal v;
java.util.Set v;
javax.security.auth.Subject v;
java.lang.Object v;
boolean v, v;
v := @parameter: javax.security.auth.Subject;
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrivateCredentials(java.lang.Class)>(class "Ljavax/security/auth/kerberos/KerberosTicket;");
entermonitor v;
label:
v = interfaceinvoke v.<java.util.Set: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosTicket: javax.security.auth.kerberos.KerberosPrincipal getServer()>();
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: boolean isTGSPrincipal(javax.security.auth.kerberos.KerberosPrincipal)>(v);
if v == 0 goto label;
exitmonitor v;
label:
return v;
label:
exitmonitor v;
label:
goto label;
label:
v := @caughtexception;
exitmonitor v;
throw v;
label:
return null;
catch java.lang.Throwable from label to label with label;
catch java.lang.Throwable from label to label with label;
}
private static boolean isTGSPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
{
javax.security.auth.kerberos.KerberosPrincipal v;
java.lang.String v, v, v, v;
boolean v, v;
v := @parameter: javax.security.auth.kerberos.KerberosPrincipal;
if v == null goto label;
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getName()>();
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getRealm()>();
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getRealm()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("krbtgt/\u0001@\u0001");
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = 1;
goto label;
label:
v = 0;
label:
return v;
}
public static javax.security.auth.kerberos.KerberosPrincipal getKerberosPrincipalOrNull(javax.security.auth.Subject)
{
org.slf4j.Logger v;
java.util.Iterator v;
java.util.Set v;
javax.security.auth.Subject v;
org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner v;
int v;
java.lang.Object v;
java.lang.String v;
boolean v;
v := @parameter: javax.security.auth.Subject;
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrincipals(java.lang.Class)>(class "Ljavax/security/auth/kerberos/KerberosPrincipal;");
v = interfaceinvoke v.<java.util.Set: int size()>();
if v <= 1 goto label;
v = <org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.slf4j.Logger LOG>;
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner on(java.lang.String)>(", ");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.base.Joiner: java.lang.String join(java.lang.Iterable)>(v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>("JAAS Subject unexpectedly includes more than one principal: {}", v);
return null;
label:
v = interfaceinvoke v.<java.util.Set: boolean isEmpty()>();
if v == 0 goto label;
return null;
label:
v = interfaceinvoke v.<java.util.Set: java.util.Iterator iterator()>();
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
return v;
}
static void <clinit>()
{
org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap v;
org.slf4j.Logger v;
org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder v, v, v, v, v, v, v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/hive/kudu/org/apache/kudu/util/SecurityUtil;");
<org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.slf4j.Logger LOG> = v;
v = staticinvoke <org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder builder()>();
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("MD5", "SHA-256");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("SHA1", "SHA-256");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("SHA224", "SHA-224");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("SHA256", "SHA-256");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("SHA384", "SHA-384");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder put(java.lang.Object,java.lang.Object)>("SHA512", "SHA-512");
v = virtualinvoke v.<org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap$Builder: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap build()>();
<org.apache.hive.kudu.org.apache.kudu.util.SecurityUtil: org.apache.hive.kudu.org.apache.kudu.shaded.com.google.common.collect.ImmutableMap CERT_DIGEST_TO_MESSAGE_DIGEST> = v;
return;
}
}