public class org.apache.hive.service.cli.thrift.ThriftHttpServlet extends org.apache.thrift.server.TServlet { private static final long serialVersionUID; public static final org.slf4j.Logger LOG; private final org.apache.hive.service.auth.AuthType authType; private final org.apache.hadoop.security.UserGroupInformation serviceUGI; private final org.apache.hadoop.security.UserGroupInformation httpUGI; private final org.apache.hadoop.hive.conf.HiveConf hiveConf; private org.apache.hive.service.CookieSigner signer; public static final java.lang.String AUTH_COOKIE; private static final java.security.SecureRandom RAN; private boolean isCookieAuthEnabled; private java.lang.String cookieDomain; private java.lang.String cookiePath; private int cookieMaxAge; private boolean isCookieSecure; private boolean isHttpOnlyCookie; private final org.apache.hive.service.auth.HiveAuthFactory hiveAuthFactory; private static final java.lang.String HIVE_DELEGATION_TOKEN_HEADER; private static final java.lang.String X_FORWARDED_FOR; private static final java.lang.String AUTH_TYPE; private org.apache.hive.service.auth.jwt.JWTValidator jwtValidator; static final boolean $assertionsDisabled; public void (org.apache.thrift.TProcessor, org.apache.thrift.protocol.TProtocolFactory, org.apache.hadoop.security.UserGroupInformation, org.apache.hadoop.security.UserGroupInformation, org.apache.hive.service.auth.HiveAuthFactory, org.apache.hadoop.hive.conf.HiveConf) throws java.lang.Exception { byte[] v; java.security.SecureRandom v; boolean v, v, v, v, v; org.apache.thrift.TProcessor v; org.apache.hive.service.CookieSigner v; long v, v; org.apache.hive.service.auth.jwt.JWTValidator v; org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; org.apache.hive.service.auth.AuthType v, v; org.apache.hadoop.hive.conf.HiveConf$ConfVars v, v, v, v, v, v; org.apache.hadoop.security.UserGroupInformation v, v; java.lang.String v, v, v, v; org.slf4j.Logger v; org.apache.hadoop.hive.conf.HiveConf v; org.apache.hive.service.auth.HiveAuthFactory v; org.apache.thrift.protocol.TProtocolFactory v; java.util.concurrent.TimeUnit v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: org.apache.thrift.TProcessor; v := @parameter: org.apache.thrift.protocol.TProtocolFactory; v := @parameter: org.apache.hadoop.security.UserGroupInformation; v := @parameter: org.apache.hadoop.security.UserGroupInformation; v := @parameter: org.apache.hive.service.auth.HiveAuthFactory; v := @parameter: org.apache.hadoop.hive.conf.HiveConf; specialinvoke v.(org.apache.thrift.TProcessor,org.apache.thrift.protocol.TProtocolFactory)>(v, v); v. = v; v = staticinvoke (v, 1); v. = v; v. = v; v. = v; v. = v; v = ; v = virtualinvoke v.(v); v. = v; v = v.; if v == 0 goto label; v = ; v = virtualinvoke v.(); v = staticinvoke (v); v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Using the random number as the secret for cookie generation \u0001"); interfaceinvoke v.(v); v = new org.apache.hive.service.CookieSigner; v = virtualinvoke v.(); specialinvoke v.(byte[])>(v); v. = v; v = ; v = ; v = virtualinvoke v.(v, v); v. = v; v = ; v = virtualinvoke v.(v); v. = v; v = ; v = virtualinvoke v.(v); v. = v; v = ; v = virtualinvoke v.(v); v. = v; v = ; v = virtualinvoke v.(v); v. = v; label: v = v.; v = ; v = virtualinvoke v.(v); if v == 0 goto label; v = new org.apache.hive.service.auth.jwt.JWTValidator; specialinvoke v.(org.apache.hadoop.hive.conf.HiveConf)>(v); v. = v; label: return; } protected void doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws javax.servlet.ServletException, java.io.IOException { java.net.InetAddress v; java.io.PrintWriter v; java.lang.Exception v; java.lang.Throwable v; org.apache.hive.service.CookieSigner v; java.lang.AssertionError v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; org.apache.hive.service.auth.HttpAuthenticationException v; boolean v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; java.io.EOFException v; java.util.List v, v, v, v, v; javax.servlet.ServletInputStream v; java.lang.String[] v; org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v, v, v, v, v, v; org.apache.hive.service.auth.AuthType v, v, v; org.apache.hadoop.hive.conf.HiveConf$ConfVars v, v, v; int v; javax.servlet.http.Cookie v; org.slf4j.Logger v, v, v, v, v, v, v, v, v, v; javax.servlet.http.HttpServletResponse v; org.apache.hadoop.hive.conf.HiveConf v, v, v; java.lang.Object v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = null; v = 0; specialinvoke v.(v); label: v = interfaceinvoke v.(); v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Client IP Address: \u0001"); interfaceinvoke v.(v); v = v.; if v == 0 goto label; v = specialinvoke v.(v); if v != null goto label; v = 1; goto label; label: v = 0; label: v = v; if v == 0 goto label; v = ; interfaceinvoke v.("Could not validate cookie sent, will try to generate a new cookie"); label: staticinvoke (v); v = interfaceinvoke v.("X-Forwarded-For"); if v == null goto label; v = ; interfaceinvoke v.("{}:{}", "X-Forwarded-For", v); v = virtualinvoke v.(","); v = staticinvoke (v); staticinvoke (v); goto label; label: v = staticinvoke (); staticinvoke (v); label: if v != null goto label; v = v.; v = ; v = staticinvoke (v, v); v = virtualinvoke v.(); v = v.; v = ; v = staticinvoke (v, v); if v == 0 goto label; v = virtualinvoke v.(); if v != 0 goto label; v = staticinvoke (); if v == null goto label; v = staticinvoke (); v = interfaceinvoke v.(); if v != 0 goto label; v = staticinvoke (); v = interfaceinvoke v.(0); v = ; interfaceinvoke v.("Trusted domain authN is enabled. clientIp from X-Forwarded-For header: {}", v); label: v = staticinvoke (v); v = virtualinvoke v.(); v = virtualinvoke v.(); if v != 0 goto label; v = staticinvoke (v, v); if v == 0 goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v, v) ("No authentication performed because the connecting host \u is from the trusted domain \u0001"); interfaceinvoke v.(v); v = ; v = virtualinvoke v.(); v = specialinvoke v.(v, v); goto label; label: v = ; v = specialinvoke v.(v, v); if v == 0 goto label; v = interfaceinvoke v.("X-Hive-Delegation-Token"); if v == null goto label; v = virtualinvoke v.(); if v != 0 goto label; v = specialinvoke v.(v); goto label; label: v = virtualinvoke v.(v); goto label; label: v = ; v = specialinvoke v.(v, v); if v == 0 goto label; v = specialinvoke v.(v, v); goto label; label: v = ; v = specialinvoke v.(v, v); if v == 0 goto label; v = interfaceinvoke v.("Authorization"); if v == null goto label; v = virtualinvoke v.(); if v == 0 goto label; label: v = specialinvoke v.(v, v); if v == 0 goto label; specialinvoke v.(v, v); label: staticinvoke (); staticinvoke (); staticinvoke (); staticinvoke (); return; label: v = virtualinvoke v.(); v = "Basic"; v = virtualinvoke v.(); v = virtualinvoke v.(v); if v == 0 goto label; v = v.; v = virtualinvoke v.(); v = specialinvoke v.(v, v); goto label; label: v = specialinvoke v.(v, v); goto label; label: v = v.; v = ; v = staticinvoke (v, v); v = virtualinvoke v.(); v = virtualinvoke v.(""); if v != 0 goto label; v = interfaceinvoke v.(v); if v == null goto label; v = specialinvoke v.(v); goto label; label: v = v.; v = virtualinvoke v.(); v = specialinvoke v.(v, v); label: v = ; if v != 0 goto label; if v != null goto label; v = new java.lang.AssertionError; specialinvoke v.()>(); throw v; label: v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Client username: \u0001"); interfaceinvoke v.(v); staticinvoke (v); v = interfaceinvoke v.(); v = staticinvoke (v); if v == null goto label; staticinvoke (v); label: if v == 0 goto label; v = v.; v = ; v = virtualinvoke v.(v); if v != 0 goto label; v = staticinvoke (v); v = v.; v = virtualinvoke v.(v); v = specialinvoke v.(v); v = v.; if v == 0 goto label; v = staticinvoke (v); interfaceinvoke v.("SET-COOKIE", v); goto label; label: interfaceinvoke v.(v); label: v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Cookie added for clientUserName \u0001"); interfaceinvoke v.(v); label: specialinvoke v.(v, v); label: staticinvoke (); staticinvoke (); staticinvoke (); staticinvoke (); goto label; label: v := @caughtexception; v = v instanceof org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException; if v != 0 goto label; v = ; interfaceinvoke v.("Error: ", v); label: v = interfaceinvoke v.(); if v >= 0 goto label; label: v = interfaceinvoke v.(); staticinvoke (v, 2147483647L); label: goto label; label: v := @caughtexception; v = ; v = virtualinvoke v.(); interfaceinvoke v.(v); label: interfaceinvoke v.(401); v = ; v = specialinvoke v.(v, v); if v == 0 goto label; interfaceinvoke v.("WWW-Authenticate", "Negotiate"); goto label; label: v = ; v = specialinvoke v.(v); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v, v) ("Login attempt is failed for user : \u. Error Messsage :\u0001"); interfaceinvoke v.(v); label: goto label; label: v := @caughtexception; label: v = interfaceinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Authentication Error: \u0001"); virtualinvoke v.(v); label: staticinvoke (); staticinvoke (); staticinvoke (); staticinvoke (); goto label; label: v := @caughtexception; staticinvoke (); staticinvoke (); staticinvoke (); staticinvoke (); throw v; label: return; catch org.apache.hive.service.auth.HttpAuthenticationException from label to label with label; catch org.apache.hive.service.auth.HttpAuthenticationException from label to label with label; catch java.io.EOFException from label to label with label; catch java.lang.Exception from label to label with label; catch java.lang.Throwable from label to label with label; catch java.lang.Throwable from label to label with label; catch java.lang.Throwable from label to label with label; } private void logTrackingHeaderIfAny(javax.servlet.http.HttpServletRequest) { javax.servlet.http.HttpServletRequest v; org.slf4j.Logger v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.("X-Request-ID"); if v == null goto label; v = interfaceinvoke v.("X-Request-ID"); v = ; interfaceinvoke v.("{}:{}", "X-Request-ID", v); label: return; } private java.lang.String validateJWT(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws org.apache.hive.service.auth.HttpAuthenticationException { org.slf4j.Logger v, v; javax.servlet.http.HttpServletResponse v; org.apache.hive.service.auth.jwt.JWTValidator v, v; org.apache.hive.service.auth.HttpAuthenticationException v; java.lang.Exception v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v; boolean v, v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = v.; if v == null goto label; v = 1; goto label; label: v = 0; label: staticinvoke (v, "JWT validator should have been set"); v = specialinvoke v.(v, v); label: v = v.; v = virtualinvoke v.(v); staticinvoke (v, "JWT needs to contain the user name as subject"); v = virtualinvoke v.(); if v != 0 goto label; v = 1; goto label; label: v = 0; label: staticinvoke (v, "User name should not be empty"); v = ; interfaceinvoke v.("JWT verification successful for user {}", v); label: goto label; label: v := @caughtexception; v = ; interfaceinvoke v.("JWT verification failed", v); v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.Throwable)>(v); throw v; label: return v; catch java.lang.Exception from label to label with label; } private boolean needsRedirect(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) { org.slf4j.Logger v; javax.servlet.http.HttpServletResponse v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.auth.saml.HttpSamlAuthenticationException v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = specialinvoke v.(v, v); if v == null goto label; return 0; label: staticinvoke (v); label: return 1; label: v := @caughtexception; v = ; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Response port could not be validated: \u0001"); interfaceinvoke v.(v); return 0; catch org.apache.hive.service.auth.saml.HttpSamlAuthenticationException from label to label with label; } private void doSamlRedirect(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws org.apache.hive.service.auth.saml.HttpSamlAuthenticationException { javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; org.apache.hive.service.auth.saml.HiveSaml2Client v; javax.servlet.http.HttpServletResponse v; org.apache.hadoop.hive.conf.HiveConf v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = v.; v = staticinvoke (v); virtualinvoke v.(v, v); return; } private java.lang.String doSamlAuth(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws org.apache.hive.service.auth.HttpAuthenticationException { org.apache.hive.service.auth.saml.HiveSamlRelayStateStore v; java.util.HashMap v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v; boolean v, v; org.slf4j.Logger v; javax.servlet.http.HttpServletResponse v; org.apache.hadoop.hive.conf.HiveConf v; org.apache.hive.service.auth.saml.HttpSamlAuthenticationException v, v, v; java.lang.Object v; org.apache.hive.service.auth.saml.ISAMLAuthTokenGenerator v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = specialinvoke v.(v, v); if v != null goto label; v = new org.apache.hive.service.auth.saml.HttpSamlAuthenticationException; specialinvoke v.(java.lang.String)>("Token not found."); throw v; label: v = interfaceinvoke v.("X-Hive-Client-Identifier"); if v != null goto label; v = new org.apache.hive.service.auth.saml.HttpSamlAuthenticationException; specialinvoke v.(java.lang.String)>("Client identifier not found."); throw v; label: v = v.; v = staticinvoke (v); v = interfaceinvoke v.(v); v = ; interfaceinvoke v.("Successfully validated the token for user {}", v); v = new java.util.HashMap; specialinvoke v.()>(); v = staticinvoke (v, v); if v == 0 goto label; v = interfaceinvoke v.("rs"); v = staticinvoke (); v = virtualinvoke v.(v, v); if v != 0 goto label; v = new org.apache.hive.service.auth.saml.HttpSamlAuthenticationException; specialinvoke v.(java.lang.String)>("Client identifier could not be validated"); throw v; label: return v; } private java.lang.String extractBearerToken(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) { javax.servlet.http.HttpServletResponse v; java.util.function.Function v; org.pac4j.core.credentials.extractor.BearerAuthExtractor v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.util.Optional v, v; java.lang.Object v; org.pac4j.core.context.JEEContext v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = new org.pac4j.core.credentials.extractor.BearerAuthExtractor; specialinvoke v.()>(); v = new org.pac4j.core.context.JEEContext; specialinvoke v.(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)>(v, v); v = virtualinvoke v.(v); v = staticinvoke (); v = virtualinvoke v.(v); v = virtualinvoke v.(null); return v; } private java.lang.String getClientNameFromCookie(javax.servlet.http.Cookie[]) { org.apache.hive.service.CookieSigner v; javax.servlet.http.Cookie[] v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v, v; java.lang.String v, v, v, v, v, v; javax.servlet.http.Cookie v; boolean v, v, v; org.slf4j.Logger v, v, v, v, v; java.lang.IllegalArgumentException v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.Cookie[]; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(); v = virtualinvoke v.("hive.server.auth"); if v == 0 goto label; v = virtualinvoke v.(); label: v = v.; v = virtualinvoke v.(v); label: goto label; label: v := @caughtexception; v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; interfaceinvoke v.("Invalid cookie", v); label: v = null; label: if v == null goto label; v = staticinvoke (v); if v != null goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Invalid cookie token \u0001"); interfaceinvoke v.(v); goto label; label: v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Validated the cookie for user \u0001"); interfaceinvoke v.(v); label: return v; label: v = v + 1; goto label; label: return null; catch java.lang.IllegalArgumentException from label to label with label; } private java.lang.String toCookieStr(javax.servlet.http.Cookie[]) { javax.servlet.http.Cookie[] v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v, v; java.lang.StringBuilder v, v, v, v; java.lang.String v, v, v; javax.servlet.http.Cookie v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.Cookie[]; v = new java.lang.StringBuilder; specialinvoke v.()>(); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(); v = virtualinvoke v.(v); v = virtualinvoke v.(61); v = virtualinvoke v.(); v = virtualinvoke v.(v); virtualinvoke v.(" ;\n"); v = v + 1; goto label; label: v = virtualinvoke v.(); return v; } private java.lang.String validateCookie(javax.servlet.http.HttpServletRequest) { org.slf4j.Logger v, v, v, v; javax.servlet.http.Cookie[] v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v, v; boolean v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != null goto label; v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("No valid cookies associated with the request \u0001"); interfaceinvoke v.(v); label: return null; label: v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; v = specialinvoke v.(v); v = dynamicinvoke "makeConcatWithConstants" (v) ("Received cookies: \u0001"); interfaceinvoke v.(v); label: v = specialinvoke v.(v); return v; } private javax.servlet.http.Cookie createCookie(java.lang.String) { org.slf4j.Logger v, v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v; java.lang.String v, v, v, v, v, v; javax.servlet.http.Cookie v; boolean v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: java.lang.String; v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Cookie name = hive.server.auth value = \u0001"); interfaceinvoke v.(v); label: v = new javax.servlet.http.Cookie; specialinvoke v.(java.lang.String,java.lang.String)>("hive.server.auth", v); v = v.; virtualinvoke v.(v); v = v.; if v == null goto label; v = v.; virtualinvoke v.(v); label: v = v.; if v == null goto label; v = v.; virtualinvoke v.(v); label: v = v.; virtualinvoke v.(v); return v; } private static java.lang.String getHttpOnlyCookieHeader(javax.servlet.http.Cookie) { javax.ws.rs.core.NewCookie v; int v, v; java.lang.String v, v, v, v, v, v; javax.servlet.http.Cookie v; boolean v; v := @parameter: javax.servlet.http.Cookie; v = new javax.ws.rs.core.NewCookie; v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(); specialinvoke v.(java.lang.String,java.lang.String,java.lang.String,java.lang.String,int,java.lang.String,int,boolean)>(v, v, v, v, v, v, v, v); v = dynamicinvoke "makeConcatWithConstants" (v) ("\u; HttpOnly"); return v; } private java.lang.String doPasswdAuth(javax.servlet.http.HttpServletRequest, java.lang.String) throws org.apache.hive.service.auth.HttpAuthenticationException { org.apache.hadoop.hive.conf.HiveConf v; org.apache.hive.service.auth.HttpAuthenticationException v; java.lang.Exception v; org.apache.hive.service.auth.AuthenticationProviderFactory$AuthMethods v; org.apache.hive.service.auth.PasswdAuthenticationProvider v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v, v, v, v; boolean v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: java.lang.String; v = specialinvoke v.(v); v = virtualinvoke v.(); v = ; v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(v); if v != 0 goto label; label: v = staticinvoke (v); v = v.; v = staticinvoke (v, v); v = specialinvoke v.(v); interfaceinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.Throwable)>(v); throw v; label: return v; catch java.lang.Exception from label to label with label; } private java.lang.String doTokenAuth(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { org.apache.hive.service.cli.HiveSQLException v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v; org.apache.hive.service.auth.HiveAuthFactory v; org.apache.hive.service.auth.HttpAuthenticationException v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.("X-Hive-Delegation-Token"); label: v = v.; v = virtualinvoke v.(v); label: return v; label: v := @caughtexception; v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.Throwable)>(v); throw v; catch org.apache.hive.service.cli.HiveSQLException from label to label with label; } java.lang.String doKerberosAuth(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { org.apache.hive.service.auth.HttpAuthenticationException v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; org.apache.hadoop.security.UserGroupInformation v, v, v, v, v; org.slf4j.Logger v, v; java.lang.Exception v, v; java.lang.Object v, v; org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; specialinvoke v.(v); v = v.; if v == null goto label; label: v = v.; v = new org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction; v = v.; specialinvoke v.(org.apache.hive.service.cli.thrift.ThriftHttpServlet,javax.servlet.http.HttpServletRequest,org.apache.hadoop.security.UserGroupInformation)>(v, v, v); v = virtualinvoke v.(v); label: return v; label: v := @caughtexception; v = ; interfaceinvoke v.("Failed to authenticate with HTTP/_HOST kerberos principal, trying with hive/_HOST kerberos principal"); label: v = v.; v = new org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction; v = v.; specialinvoke v.(org.apache.hive.service.cli.thrift.ThriftHttpServlet,javax.servlet.http.HttpServletRequest,org.apache.hadoop.security.UserGroupInformation)>(v, v, v); v = virtualinvoke v.(v); label: return v; label: v := @caughtexception; v = ; interfaceinvoke v.("Failed to authenticate with hive/_HOST kerberos principal"); v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.Throwable)>(v); throw v; catch java.lang.Exception from label to label with label; catch java.lang.Exception from label to label with label; } private java.lang.String getUsername(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { java.lang.String[] v; org.apache.hive.service.auth.HttpAuthenticationException v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v, v, v; boolean v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = specialinvoke v.(v); v = virtualinvoke v.(":", 2); v = v[0]; if v == null goto label; v = v[0]; v = virtualinvoke v.(); if v == 0 goto label; label: v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.String)>("Authorization header received from the client does not contain username."); throw v; label: v = v[0]; return v; } private java.lang.String getPassword(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { java.lang.String[] v; org.apache.hive.service.auth.HttpAuthenticationException v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v; java.lang.String v, v, v, v; boolean v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = specialinvoke v.(v); v = virtualinvoke v.(":", 2); v = lengthof v; if v < 2 goto label; v = v[1]; if v == null goto label; v = v[1]; v = virtualinvoke v.(); if v == 0 goto label; label: v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.String)>("Authorization header received from the client does not contain password."); throw v; label: v = v[1]; return v; } private java.lang.String getAuthHeaderDecodedString(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { byte[] v; javax.servlet.http.HttpServletRequest v; java.nio.charset.Charset v; java.util.Base64$Decoder v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; java.lang.String v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = specialinvoke v.(v); v = new java.lang.String; v = staticinvoke (); v = virtualinvoke v.(v); v = ; specialinvoke v.(byte[],java.nio.charset.Charset)>(v, v); return v; } private java.lang.String getAuthHeader(javax.servlet.http.HttpServletRequest) throws org.apache.hive.service.auth.HttpAuthenticationException { org.slf4j.Logger v; java.lang.String[] v; org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException v; org.apache.hive.service.auth.HttpAuthenticationException v; javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v, v; java.lang.String v, v; boolean v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.("Authorization"); if v == null goto label; v = virtualinvoke v.(); if v == 0 goto label; label: v = new org.apache.hive.service.auth.ldap.HttpEmptyAuthenticationException; specialinvoke v.(java.lang.String)>("Authorization header received from the client is empty."); throw v; label: v = ; interfaceinvoke v.("HTTP Auth Header [{}]", v); v = virtualinvoke v.(" "); v = lengthof v; v = v - 1; v = v[v]; v = virtualinvoke v.(); if v == 0 goto label; v = new org.apache.hive.service.auth.HttpAuthenticationException; specialinvoke v.(java.lang.String)>("Authorization header received from the client does not contain any data."); throw v; label: return v; } private boolean isAuthTypeEnabled(javax.servlet.http.HttpServletRequest, org.apache.hive.service.auth.HiveAuthConstants$AuthTypes) { javax.servlet.http.HttpServletRequest v; org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v, v, v, v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; org.apache.hive.service.auth.AuthType v, v, v, v, v; java.lang.String v, v, v; boolean v, v, v, v, v, v, v, v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: org.apache.hive.service.auth.HiveAuthConstants$AuthTypes; v = interfaceinvoke v.("auth"); v = virtualinvoke v.(); v = virtualinvoke v.(v); if v == 0 goto label; v = v.; v = virtualinvoke v.(v); if v != 0 goto label; label: v = "UIDPWD"; v = virtualinvoke v.(v); if v == 0 goto label; v = v.; v = virtualinvoke v.(v); if v == 0 goto label; label: return 1; label: if v != null goto label; v = v.; v = ; v = virtualinvoke v.(v); if v == 0 goto label; v = ; if v != v goto label; v = specialinvoke v.(v); return v; label: v = ; if v == v goto label; v = v.; v = virtualinvoke v.(v); return v; label: v = v.; v = virtualinvoke v.(v); if v == 0 goto label; return 1; label: return 0; } private boolean hasJWT(javax.servlet.http.HttpServletRequest) { javax.servlet.http.HttpServletRequest v; org.apache.hive.service.cli.thrift.ThriftHttpServlet v; int v; java.lang.String[] v; java.lang.String v; org.apache.hive.service.auth.HttpAuthenticationException v; boolean v; v := @this: org.apache.hive.service.cli.thrift.ThriftHttpServlet; v := @parameter: javax.servlet.http.HttpServletRequest; label: v = specialinvoke v.(v); label: goto label; label: v := @caughtexception; return 0; label: v = virtualinvoke v.("\\."); v = lengthof v; if v != 3 goto label; v = 1; goto label; label: v = 0; label: return v; catch org.apache.hive.service.auth.HttpAuthenticationException from label to label with label; } private static java.lang.String getDoAsQueryParam(java.lang.String) { org.slf4j.Logger v, v; java.util.Iterator v; java.util.Set v; java.lang.Object v, v; java.lang.String v, v, v; java.util.Hashtable v; boolean v, v, v; v := @parameter: java.lang.String; v = ; v = interfaceinvoke v.(); if v == 0 goto label; v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("URL query string:\u0001"); interfaceinvoke v.(v); label: if v != null goto label; return null; label: v = staticinvoke (v); v = interfaceinvoke v.(); v = interfaceinvoke v.(); label: v = interfaceinvoke v.(); if v == 0 goto label; v = interfaceinvoke v.(); v = virtualinvoke v.("doAs"); if v == 0 goto label; v = interfaceinvoke v.(v); v = v[0]; return v; label: return null; } static void () { java.security.SecureRandom v; org.slf4j.Logger v; java.lang.Class v, v; java.lang.String v; boolean v, v; v = class "Lorg/apache/hive/service/cli/thrift/ThriftHttpServlet;"; v = virtualinvoke v.(); if v != 0 goto label; v = 1; goto label; label: v = 0; label: = v; v = class "Lorg/apache/hive/service/cli/thrift/ThriftHttpServlet;"; v = virtualinvoke v.(); v = staticinvoke (v); = v; v = new java.security.SecureRandom; specialinvoke v.()>(); = v; return; } }