public class org.apache.hive.service.auth.HiveAuthFactory extends java.lang.Object
{
private static final org.slf4j.Logger LOG;
private org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer;
private final org.apache.hadoop.hive.conf.HiveConf conf;
private final org.apache.hive.service.auth.AuthType authType;
private java.lang.String hadoopAuth;
private org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager;
public void <init>(org.apache.hadoop.hive.conf.HiveConf, boolean) throws org.apache.thrift.transport.TTransportException
{
org.apache.hadoop.hive.metastore.security.DelegationTokenSecretManager v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v, v;
org.apache.thrift.transport.TTransportException v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge v;
org.apache.hive.service.auth.AuthType v;
org.apache.hadoop.hive.conf.HiveConf$ConfVars v, v, v;
java.lang.String v, v, v, v, v, v;
boolean v, v, v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v, v;
org.apache.hadoop.hive.conf.HiveConf v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$ServerMode v;
java.lang.Class v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: org.apache.hadoop.hive.conf.HiveConf;
v := @parameter: boolean;
specialinvoke v.<java.lang.Object: void <init>()>();
v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager> = null;
v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.conf.HiveConf conf> = v;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String get(java.lang.String,java.lang.String)>("hadoop.security.authentication", "simple");
v.<org.apache.hive.service.auth.HiveAuthFactory: java.lang.String hadoopAuth> = v;
v = staticinvoke <org.apache.hive.service.auth.AuthType: org.apache.hive.service.auth.AuthType authTypeFromConf(org.apache.hadoop.conf.Configuration,boolean)>(v, v);
v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType> = v;
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: boolean isSASLWithKerberizedHadoop()>();
if v == 0 goto label;
v = staticinvoke <org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge getBridge()>();
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_KERBEROS_KEYTAB>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_KERBEROS_PRINCIPAL>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_CLIENT_KERBEROS_PRINCIPAL>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server createServer(java.lang.String,java.lang.String,java.lang.String)>(v, v, v);
v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer> = v;
v = new org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager;
specialinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: void <init>()>();
v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager> = v;
label:
v = null;
v = staticinvoke <org.apache.hadoop.hive.metastore.utils.MetaStoreServerUtils: java.lang.String getTokenStoreClassName(org.apache.hadoop.conf.Configuration)>(v);
v = class "Lorg/apache/hadoop/hive/metastore/security/DBTokenStore;";
v = virtualinvoke v.<java.lang.Class: java.lang.String getName()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = class "Lorg/apache/hadoop/hive/ql/metadata/Hive;";
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
v = <org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$ServerMode: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$ServerMode HIVESERVER2>;
virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: void startDelegationTokenSecretManager(org.apache.hadoop.conf.Configuration,java.lang.Object,org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$ServerMode)>(v, v, v);
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: org.apache.hadoop.hive.metastore.security.DelegationTokenSecretManager getSecretManager()>();
virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: void setSecretManager(org.apache.hadoop.hive.metastore.security.DelegationTokenSecretManager)>(v);
label:
goto label;
label:
v := @caughtexception;
v = new org.apache.thrift.transport.TTransportException;
specialinvoke v.<org.apache.thrift.transport.TTransportException: void <init>(java.lang.String,java.lang.Throwable)>("Failed to start token manager", v);
throw v;
label:
return;
catch java.io.IOException from label to label with label;
}
public java.util.Map getSaslProperties()
{
org.apache.hadoop.hive.conf.HiveConf$ConfVars v;
org.apache.hadoop.hive.conf.HiveConf v;
java.util.HashMap v;
java.lang.String v, v;
org.apache.hive.service.auth.HiveAuthFactory v;
org.apache.hive.service.auth.SaslQOP v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.conf.HiveConf conf>;
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_THRIFT_SASL_QOP>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = staticinvoke <org.apache.hive.service.auth.SaslQOP: org.apache.hive.service.auth.SaslQOP fromString(java.lang.String)>(v);
v = virtualinvoke v.<org.apache.hive.service.auth.SaslQOP: java.lang.String toString()>();
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>("javax.security.sasl.qop", v);
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>("javax.security.sasl.server.authentication", "true");
return v;
}
public org.apache.thrift.transport.TTransportFactory getAuthTransFactory() throws javax.security.auth.login.LoginException
{
javax.security.auth.login.LoginException v, v, v;
java.util.Map v;
boolean v, v, v, v, v;
javax.security.sasl.AuthenticationException v;
org.apache.thrift.transport.TTransportFactory v, v;
java.lang.Throwable v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v, v;
java.util.HashMap v;
org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v;
org.apache.hive.service.auth.AuthType v, v, v, v, v, v;
org.apache.hadoop.hive.conf.HiveConf$ConfVars v;
java.lang.String v, v, v, v, v, v, v, v;
org.apache.hadoop.hive.conf.HiveConf v;
org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler v;
org.apache.hive.service.auth.HiveAuthFactory v;
org.apache.thrift.transport.TSaslServerTransport$Factory v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: boolean isSASLWithKerberizedHadoop()>();
if v == 0 goto label;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: java.util.Map getSaslProperties()>();
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: org.apache.thrift.transport.TSaslServerTransport$Factory createSaslServerTransportFactory(java.util.Map)>(v);
label:
goto label;
label:
v := @caughtexception;
v = new javax.security.auth.login.LoginException;
v = virtualinvoke v.<org.apache.thrift.transport.TTransportException: java.lang.String getMessage()>();
specialinvoke v.<javax.security.auth.login.LoginException: void <init>(java.lang.String)>(v);
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: boolean isPasswordBasedAuthEnabled()>();
if v == 0 goto label;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: java.lang.String getPasswordBasedAuthStr()>();
label:
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
v = new org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler;
specialinvoke v.<org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler: void <init>(java.lang.String)>(v);
virtualinvoke v.<org.apache.thrift.transport.TSaslServerTransport$Factory: void addServerDefinition(java.lang.String,java.lang.String,java.lang.String,java.util.Map,javax.security.auth.callback.CallbackHandler)>("PLAIN", v, null, v, v);
label:
goto label;
label:
v := @caughtexception;
v = new javax.security.auth.login.LoginException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (javax.security.sasl.AuthenticationException)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error setting callback handler\u0001");
specialinvoke v.<javax.security.auth.login.LoginException: void <init>(java.lang.String)>(v);
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: org.apache.thrift.transport.TTransportFactory wrapTransportFactory(org.apache.thrift.transport.TTransportFactory)>(v);
goto label;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: boolean isPasswordBasedAuthEnabled()>();
if v == 0 goto label;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: java.lang.String getPasswordBasedAuthStr()>();
v = staticinvoke <org.apache.hive.service.auth.PlainSaslHelper: org.apache.thrift.transport.TTransportFactory getPlainTransportFactory(java.lang.String)>(v);
goto label;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = <org.apache.hive.service.auth.HiveAuthConstants$AuthTypes: org.apache.hive.service.auth.HiveAuthConstants$AuthTypes NOSASL>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: boolean isEnabled(org.apache.hive.service.auth.HiveAuthConstants$AuthTypes)>(v);
if v == 0 goto label;
v = new org.apache.thrift.transport.TTransportFactory;
specialinvoke v.<org.apache.thrift.transport.TTransportFactory: void <init>()>();
v = v;
goto label;
label:
v = new javax.security.auth.login.LoginException;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: java.lang.String getAuthTypes()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unsupported authentication type \u0001");
specialinvoke v.<javax.security.auth.login.LoginException: void <init>(java.lang.String)>(v);
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.conf.HiveConf conf>;
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_TRUSTED_DOMAIN>;
v = staticinvoke <org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.conf.Configuration,org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v, v);
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v != 0 goto label;
v = staticinvoke <org.apache.hive.service.auth.PlainSaslHelper: org.apache.thrift.transport.TTransportFactory getDualPlainTransportFactory(org.apache.thrift.transport.TTransportFactory,java.lang.String)>(v, v);
label:
return v;
catch org.apache.thrift.transport.TTransportException from label to label with label;
catch javax.security.sasl.AuthenticationException from label to label with label;
}
public org.apache.thrift.TProcessorFactory getAuthProcFactory(org.apache.hive.service.rpc.thrift.TCLIService$Iface) throws javax.security.auth.login.LoginException
{
org.apache.thrift.TProcessorFactory v, v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v;
org.apache.hive.service.rpc.thrift.TCLIService$Iface v;
org.apache.hive.service.auth.HiveAuthFactory v;
boolean v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: org.apache.hive.service.rpc.thrift.TCLIService$Iface;
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: boolean isSASLWithKerberizedHadoop()>();
if v == 0 goto label;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = staticinvoke <org.apache.hive.service.auth.KerberosSaslHelper: org.apache.thrift.TProcessorFactory getKerberosProcessorFactory(org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server,org.apache.hive.service.rpc.thrift.TCLIService$Iface)>(v, v);
return v;
label:
v = staticinvoke <org.apache.hive.service.auth.PlainSaslHelper: org.apache.thrift.TProcessorFactory getPlainProcessorFactory(org.apache.hive.service.rpc.thrift.TCLIService$Iface)>(v);
return v;
}
public java.lang.String getRemoteUser()
{
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v, v;
java.lang.String v;
org.apache.hive.service.auth.HiveAuthFactory v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
if v != null goto label;
v = null;
goto label;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: java.lang.String getRemoteUser()>();
label:
return v;
}
public java.lang.String getIpAddress()
{
java.net.InetAddress v, v;
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v, v, v;
java.lang.String v;
org.apache.hive.service.auth.HiveAuthFactory v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
if v == null goto label;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: java.net.InetAddress getRemoteAddress()>();
if v != null goto label;
label:
return null;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: java.net.InetAddress getRemoteAddress()>();
v = virtualinvoke v.<java.net.InetAddress: java.lang.String getHostAddress()>();
return v;
}
public java.lang.String getUserAuthMechanism()
{
org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server v, v;
java.lang.String v;
org.apache.hive.service.auth.HiveAuthFactory v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
if v != null goto label;
v = null;
goto label;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server saslServer>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server: java.lang.String getUserAuthMechanism()>();
label:
return v;
}
public boolean isSASLWithKerberizedHadoop()
{
org.apache.hive.service.auth.HiveAuthFactory v;
org.apache.hive.service.auth.HiveAuthConstants$AuthTypes v;
org.apache.hive.service.auth.AuthType v;
java.lang.String v, v;
boolean v, v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = "kerberos";
v = v.<org.apache.hive.service.auth.HiveAuthFactory: java.lang.String hadoopAuth>;
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v == 0 goto label;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hive.service.auth.AuthType authType>;
v = <org.apache.hive.service.auth.HiveAuthConstants$AuthTypes: org.apache.hive.service.auth.HiveAuthConstants$AuthTypes NOSASL>;
v = virtualinvoke v.<org.apache.hive.service.auth.AuthType: boolean isEnabled(org.apache.hive.service.auth.HiveAuthConstants$AuthTypes)>(v);
if v != 0 goto label;
v = 1;
goto label;
label:
v = 0;
label:
return v;
}
public boolean isSASLKerberosUser()
{
org.apache.hive.service.auth.HiveAuthFactory v;
org.apache.hadoop.security.SaslRpcServer$AuthMethod v, v;
java.lang.String v, v, v, v;
boolean v, v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v = <org.apache.hadoop.security.SaslRpcServer$AuthMethod: org.apache.hadoop.security.SaslRpcServer$AuthMethod KERBEROS>;
v = virtualinvoke v.<org.apache.hadoop.security.SaslRpcServer$AuthMethod: java.lang.String getMechanismName()>();
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: java.lang.String getUserAuthMechanism()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v != 0 goto label;
v = <org.apache.hadoop.security.SaslRpcServer$AuthMethod: org.apache.hadoop.security.SaslRpcServer$AuthMethod TOKEN>;
v = virtualinvoke v.<org.apache.hadoop.security.SaslRpcServer$AuthMethod: java.lang.String getMechanismName()>();
v = virtualinvoke v.<org.apache.hive.service.auth.HiveAuthFactory: java.lang.String getUserAuthMechanism()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
label:
v = 1;
goto label;
label:
v = 0;
label:
return v;
}
public static void loginFromKeytab(org.apache.hadoop.hive.conf.HiveConf) throws java.io.IOException
{
org.apache.hadoop.hive.conf.HiveConf v;
java.io.IOException v;
org.apache.hadoop.hive.conf.HiveConf$ConfVars v, v;
java.lang.String v, v, v;
boolean v, v;
v := @parameter: org.apache.hadoop.hive.conf.HiveConf;
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_KERBEROS_PRINCIPAL>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_KERBEROS_KEYTAB>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v != 0 goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new java.io.IOException;
specialinvoke v.<java.io.IOException: void <init>(java.lang.String)>("HiveServer Kerberos principal or keytab is not correctly configured");
throw v;
label:
v = staticinvoke <org.apache.hadoop.security.SecurityUtil: java.lang.String getServerPrincipal(java.lang.String,java.lang.String)>(v, "0.0.0.0");
staticinvoke <org.apache.hadoop.security.UserGroupInformation: void loginUserFromKeytab(java.lang.String,java.lang.String)>(v, v);
return;
}
public static org.apache.hadoop.security.UserGroupInformation loginFromSpnegoKeytabAndReturnUGI(org.apache.hadoop.hive.conf.HiveConf) throws java.io.IOException
{
org.apache.hadoop.hive.conf.HiveConf v;
java.io.IOException v;
org.apache.hadoop.hive.conf.HiveConf$ConfVars v, v;
org.apache.hadoop.security.UserGroupInformation v;
java.lang.String v, v, v;
boolean v, v;
v := @parameter: org.apache.hadoop.hive.conf.HiveConf;
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_SPNEGO_PRINCIPAL>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = <org.apache.hadoop.hive.conf.HiveConf$ConfVars: org.apache.hadoop.hive.conf.HiveConf$ConfVars HIVE_SERVER2_SPNEGO_KEYTAB>;
v = virtualinvoke v.<org.apache.hadoop.hive.conf.HiveConf: java.lang.String getVar(org.apache.hadoop.hive.conf.HiveConf$ConfVars)>(v);
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v != 0 goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new java.io.IOException;
specialinvoke v.<java.io.IOException: void <init>(java.lang.String)>("HiveServer SPNEGO principal or keytab is not correctly configured");
throw v;
label:
v = staticinvoke <org.apache.hadoop.security.SecurityUtil: java.lang.String getServerPrincipal(java.lang.String,java.lang.String)>(v, "0.0.0.0");
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: org.apache.hadoop.security.UserGroupInformation loginUserFromKeytabAndReturnUGI(java.lang.String,java.lang.String)>(v, v);
return v;
}
public java.lang.String getDelegationToken(java.lang.String, java.lang.String, java.lang.String) throws org.apache.hive.service.cli.HiveSQLException
{
java.lang.String v, v, v, v, v, v;
boolean v;
org.apache.hive.service.cli.HiveSQLException v, v, v, v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
java.lang.InterruptedException v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
if v != null goto label;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>("Delegation token only supported over kerberos authentication", "08S01");
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: java.lang.String getDelegationTokenWithService(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>(v, v, "hiveserver2ClientToken", v);
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Received empty retrieving delegation token for user \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>(v, "08S01");
throw v;
label:
return v;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error retrieving delegation token for user \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>("delegation token retrieval interrupted", "08S01", v);
throw v;
catch java.io.IOException from label to label with label;
catch java.lang.InterruptedException from label to label with label;
}
public void cancelDelegationToken(java.lang.String) throws org.apache.hive.service.cli.HiveSQLException
{
org.apache.hive.service.cli.HiveSQLException v, v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
java.lang.String v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
if v != null goto label;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>("Delegation token only supported over kerberos authentication", "08S01");
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: void cancelDelegationToken(java.lang.String)>(v);
label:
goto label;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error canceling delegation token \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
label:
return;
catch java.io.IOException from label to label with label;
}
public void renewDelegationToken(java.lang.String) throws org.apache.hive.service.cli.HiveSQLException
{
org.apache.hive.service.cli.HiveSQLException v, v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
java.lang.String v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
if v != null goto label;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>("Delegation token only supported over kerberos authentication", "08S01");
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: long renewDelegationToken(java.lang.String)>(v);
label:
goto label;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error renewing delegation token \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
label:
return;
catch java.io.IOException from label to label with label;
}
public java.lang.String verifyDelegationToken(java.lang.String) throws org.apache.hive.service.cli.HiveSQLException
{
org.apache.hive.service.cli.HiveSQLException v, v;
org.slf4j.Logger v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
java.lang.String v, v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
if v != null goto label;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>("Delegation token only supported over kerberos authentication", "08S01");
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: java.lang.String verifyDelegationToken(java.lang.String)>(v);
label:
return v;
label:
v := @caughtexception;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error verifying delegation token \u0001");
v = <org.apache.hive.service.auth.HiveAuthFactory: org.slf4j.Logger LOG>;
interfaceinvoke v.<org.slf4j.Logger: void error(java.lang.String,java.lang.Throwable)>(v, v);
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
catch java.io.IOException from label to label with label;
}
public java.lang.String getUserFromToken(java.lang.String) throws org.apache.hive.service.cli.HiveSQLException
{
org.apache.hive.service.cli.HiveSQLException v, v;
org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager v, v;
java.io.IOException v;
org.apache.hive.service.auth.HiveAuthFactory v;
java.lang.String v, v, v;
v := @this: org.apache.hive.service.auth.HiveAuthFactory;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
if v != null goto label;
v = new org.apache.hive.service.cli.HiveSQLException;
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String)>("Delegation token only supported over kerberos authentication", "08S01");
throw v;
label:
v = v.<org.apache.hive.service.auth.HiveAuthFactory: org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager delegationTokenManager>;
v = virtualinvoke v.<org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager: java.lang.String getUserFromToken(java.lang.String)>(v);
label:
return v;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Error extracting user from delegation token \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
catch java.io.IOException from label to label with label;
}
public static void verifyProxyAccess(java.lang.String, java.lang.String, java.lang.String, org.apache.hadoop.hive.conf.HiveConf) throws org.apache.hive.service.cli.HiveSQLException
{
org.apache.hive.service.cli.HiveSQLException v;
org.apache.hadoop.hive.shims.HadoopShims v;
org.apache.hadoop.hive.conf.HiveConf v;
org.apache.hadoop.hive.shims.HadoopShims$KerberosNameShim v;
java.io.IOException v;
org.apache.hadoop.security.UserGroupInformation v, v, v;
java.lang.String v, v, v, v, v;
boolean v, v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: org.apache.hadoop.hive.conf.HiveConf;
label:
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: boolean isSecurityEnabled()>();
if v == 0 goto label;
v = staticinvoke <org.apache.hadoop.hive.shims.ShimLoader: org.apache.hadoop.hive.shims.HadoopShims getHadoopShims()>();
v = interfaceinvoke v.<org.apache.hadoop.hive.shims.HadoopShims: org.apache.hadoop.hive.shims.HadoopShims$KerberosNameShim getKerberosNameShim(java.lang.String)>(v);
v = interfaceinvoke v.<org.apache.hadoop.hive.shims.HadoopShims$KerberosNameShim: java.lang.String getServiceName()>();
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: org.apache.hadoop.security.UserGroupInformation getLoginUser()>();
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: org.apache.hadoop.security.UserGroupInformation createProxyUser(java.lang.String,org.apache.hadoop.security.UserGroupInformation)>(v, v);
goto label;
label:
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: org.apache.hadoop.security.UserGroupInformation createRemoteUser(java.lang.String)>(v);
label:
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v != 0 goto label;
staticinvoke <org.apache.hadoop.security.authorize.ProxyUsers: void refreshSuperUserGroupsConfiguration(org.apache.hadoop.conf.Configuration)>(v);
v = staticinvoke <org.apache.hadoop.security.UserGroupInformation: org.apache.hadoop.security.UserGroupInformation createProxyUser(java.lang.String,org.apache.hadoop.security.UserGroupInformation)>(v, v);
staticinvoke <org.apache.hadoop.security.authorize.ProxyUsers: void authorize(org.apache.hadoop.security.UserGroupInformation,java.lang.String,org.apache.hadoop.conf.Configuration)>(v, v, v);
label:
goto label;
label:
v := @caughtexception;
v = new org.apache.hive.service.cli.HiveSQLException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Failed to validate proxy privilege of \u for \u0001");
specialinvoke v.<org.apache.hive.service.cli.HiveSQLException: void <init>(java.lang.String,java.lang.String,java.lang.Throwable)>(v, "08S01", v);
throw v;
label:
return;
catch java.io.IOException from label to label with label;
}
static void <clinit>()
{
org.slf4j.Logger v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/hive/service/auth/HiveAuthFactory;");
<org.apache.hive.service.auth.HiveAuthFactory: org.slf4j.Logger LOG> = v;
return;
}
}