final class org.apache.hive.hcatalog.templeton.ProxyUserSupport extends java.lang.Object
{
private static final org.slf4j.Logger LOG;
private static final java.lang.String CONF_PROXYUSER_PREFIX;
private static final java.lang.String CONF_GROUPS_SUFFIX;
private static final java.lang.String CONF_HOSTS_SUFFIX;
private static final java.util.Set WILD_CARD;
private static final java.util.Map proxyUserGroups;
private static final java.util.Map proxyUserHosts;
void <init>()
{
org.apache.hive.hcatalog.templeton.ProxyUserSupport v;
v := @this: org.apache.hive.hcatalog.templeton.ProxyUserSupport;
specialinvoke v.<java.lang.Object: void <init>()>();
return;
}
static void processProxyuserConfig(org.apache.hive.hcatalog.templeton.AppConfig)
{
java.util.Map v, v;
java.util.Set v, v;
org.apache.hive.hcatalog.templeton.AppConfig v;
java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v;
boolean v, v, v, v, v, v, v, v, v;
java.util.List v;
java.lang.String[] v, v;
java.util.HashSet v, v;
int v, v, v, v, v, v, v, v;
org.slf4j.Logger v, v, v, v, v, v, v, v;
java.util.Iterator v;
java.lang.Object v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v;
v := @parameter: org.apache.hive.hcatalog.templeton.AppConfig;
v = virtualinvoke v.<org.apache.hive.hcatalog.templeton.AppConfig: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>("webhcat.proxyuser.");
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: boolean endsWith(java.lang.String)>(".groups");
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = "webhcat.proxyuser.";
v = virtualinvoke v.<java.lang.String: int length()>();
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: int lastIndexOf(java.lang.String)>(".groups");
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int,int)>(v, v);
v = "*";
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Set WILD_CARD>;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("User [{}] is authorized to do doAs any user.", v);
goto label;
label:
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
if v == null goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = virtualinvoke v.<java.lang.String: int length()>();
if v <= 0 goto label;
v = new java.util.HashSet;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = virtualinvoke v.<java.lang.String: java.lang.String[] split(java.lang.String)>(",");
v = staticinvoke <java.util.Arrays: java.util.List asList(java.lang.Object[])>(v);
specialinvoke v.<java.util.HashSet: void <init>(java.util.Collection)>(v);
v = v;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = interfaceinvoke v.<org.slf4j.Logger: boolean isDebugEnabled()>();
if v == 0 goto label;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("User [\u] is authorized to do doAs for users in the following groups: [\u]");
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String)>(v);
goto label;
label:
v = staticinvoke <java.util.Collections: java.util.Set emptySet()>();
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("User [{}] is authorized to do doAs for users in the following groups: []", v);
label:
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserGroups>;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
goto label;
label:
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: boolean startsWith(java.lang.String)>("webhcat.proxyuser.");
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: boolean endsWith(java.lang.String)>(".hosts");
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = "webhcat.proxyuser.";
v = virtualinvoke v.<java.lang.String: int length()>();
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getKey()>();
v = virtualinvoke v.<java.lang.String: int lastIndexOf(java.lang.String)>(".hosts");
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int,int)>(v, v);
v = "*";
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Set WILD_CARD>;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("User [{}] is authorized to do doAs from any host.", v);
goto label;
label:
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
if v == null goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = virtualinvoke v.<java.lang.String: int length()>();
if v <= 0 goto label;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = virtualinvoke v.<java.lang.String: java.lang.String[] split(java.lang.String)>(",");
v = new java.util.HashSet;
specialinvoke v.<java.util.HashSet: void <init>()>();
v = v;
v = lengthof v;
v = 0;
label:
if v >= v goto label;
v = v[v];
v = staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String normalizeHostname(java.lang.String)>(v);
if v == null goto label;
interfaceinvoke v.<java.util.Set: boolean add(java.lang.Object)>(v);
label:
v = v + 1;
goto label;
label:
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = interfaceinvoke v.<org.slf4j.Logger: boolean isDebugEnabled()>();
if v == 0 goto label;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = interfaceinvoke v.<java.util.Map$Entry: java.lang.Object getValue()>();
v = virtualinvoke v.<java.lang.String: java.lang.String trim()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("User [\u] is authorized to do doAs from the following hosts: [\u]");
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String)>(v);
goto label;
label:
v = staticinvoke <java.util.Collections: java.util.Set emptySet()>();
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>("User [{}] is authorized to do doAs from the following hosts: []", v);
label:
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserHosts>;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
goto label;
label:
return;
}
static void validate(java.lang.String, java.lang.String, java.lang.String) throws org.apache.hive.hcatalog.templeton.NotAuthorizedException
{
java.lang.Object[] v, v;
org.slf4j.Logger v;
org.apache.hive.hcatalog.templeton.NotAuthorizedException v;
java.util.Map v;
java.lang.String v, v, v, v, v, v, v;
boolean v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String assertNotEmpty(java.lang.String,java.lang.String,java.lang.String)>(v, "proxyUser", "If you\'re attempting to use user-impersonation via a proxy user, please make sure that webhcat.proxyuser.#USER#.hosts and webhcat.proxyuser.#USER#.groups are configured correctly");
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("If you\'re attempting to use user-impersonation via a proxy user, please make sure that webhcat.proxyuser.\u.hosts and webhcat.proxyuser.\u.groups are configured correctly");
staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String assertNotEmpty(java.lang.String,java.lang.String,java.lang.String)>(v, "proxyHost", v);
staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String assertNotEmpty(java.lang.String,java.lang.String)>(v, "doAs");
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = newarray (java.lang.Object)[3];
v[0] = v;
v[1] = v;
v[2] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Authorization check proxyuser [{0}] host [{1}] doAs [{2}]", v);
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String)>(v);
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserHosts>;
v = interfaceinvoke v.<java.util.Map: boolean containsKey(java.lang.Object)>(v);
if v == 0 goto label;
v = staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String normalizeHostname(java.lang.String)>(v);
staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: void validateRequestorHost(java.lang.String,java.lang.String)>(v, v);
staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: void validateGroup(java.lang.String,java.lang.String)>(v, v);
goto label;
label:
v = new org.apache.hive.hcatalog.templeton.NotAuthorizedException;
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("User [{0}] not defined as proxyuser", v);
specialinvoke v.<org.apache.hive.hcatalog.templeton.NotAuthorizedException: void <init>(java.lang.String)>(v);
throw v;
label:
return;
}
private static void validateRequestorHost(java.lang.String, java.lang.String) throws org.apache.hive.hcatalog.templeton.NotAuthorizedException
{
java.lang.Object[] v;
java.util.Set v;
org.apache.hive.hcatalog.templeton.NotAuthorizedException v;
java.util.Map v;
java.lang.Object v;
java.lang.String v, v, v;
boolean v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserHosts>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Set WILD_CARD>;
if v != v goto label;
return;
label:
if v == null goto label;
v = interfaceinvoke v.<java.util.Set: boolean contains(java.lang.Object)>(v);
if v != 0 goto label;
label:
v = new org.apache.hive.hcatalog.templeton.NotAuthorizedException;
v = newarray (java.lang.Object)[2];
v[0] = v;
v[1] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Unauthorized host [{0}] for proxyuser [{1}]", v);
specialinvoke v.<org.apache.hive.hcatalog.templeton.NotAuthorizedException: void <init>(java.lang.String)>(v);
throw v;
label:
return;
}
private static void validateGroup(java.lang.String, java.lang.String) throws org.apache.hive.hcatalog.templeton.NotAuthorizedException
{
java.lang.Object[] v, v, v;
org.apache.hive.hcatalog.templeton.NotAuthorizedException v, v;
java.util.Map v;
java.lang.String v, v, v, v, v;
boolean v, v, v;
org.slf4j.Logger v;
java.util.Iterator v;
java.util.Set v;
java.io.IOException v;
java.util.List v;
org.apache.hive.hcatalog.templeton.AppConfig v;
org.apache.hadoop.security.Groups v;
java.lang.Object v, v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserGroups>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Set WILD_CARD>;
if v != v goto label;
return;
label:
if v == null goto label;
v = interfaceinvoke v.<java.util.Set: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new org.apache.hive.hcatalog.templeton.NotAuthorizedException;
v = newarray (java.lang.Object)[2];
v[0] = v;
v[1] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Unauthorized proxyuser [{0}] for doAsUser [{1}], not in proxyuser groups", v);
specialinvoke v.<org.apache.hive.hcatalog.templeton.NotAuthorizedException: void <init>(java.lang.String)>(v);
throw v;
label:
v = new org.apache.hadoop.security.Groups;
v = staticinvoke <org.apache.hive.hcatalog.templeton.Main: org.apache.hive.hcatalog.templeton.AppConfig getAppConfigInstance()>();
specialinvoke v.<org.apache.hadoop.security.Groups: void <init>(org.apache.hadoop.conf.Configuration)>(v);
label:
v = virtualinvoke v.<org.apache.hadoop.security.Groups: java.util.List getGroups(java.lang.String)>(v);
v = interfaceinvoke v.<java.util.Set: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
v = interfaceinvoke v.<java.util.List: boolean contains(java.lang.Object)>(v);
if v == 0 goto label;
label:
return;
label:
v := @caughtexception;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Unable to get list of groups for doAsUser [{0}].", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Throwable)>(v, v);
label:
v = new org.apache.hive.hcatalog.templeton.NotAuthorizedException;
v = newarray (java.lang.Object)[2];
v[0] = v;
v[1] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Unauthorized proxyuser [{0}] for doAsUser [{1}], not in proxyuser groups", v);
specialinvoke v.<org.apache.hive.hcatalog.templeton.NotAuthorizedException: void <init>(java.lang.String)>(v);
throw v;
catch java.io.IOException from label to label with label;
catch java.io.IOException from label to label with label;
}
private static java.lang.String normalizeHostname(java.lang.String)
{
java.lang.Object[] v;
org.slf4j.Logger v;
java.net.UnknownHostException v;
java.net.InetAddress v;
java.lang.String v, v, v, v, v;
boolean v;
v := @parameter: java.lang.String;
label:
v = "localhost";
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v == 0 goto label;
v = null;
goto label;
label:
v = v;
label:
v = staticinvoke <java.net.InetAddress: java.net.InetAddress getByName(java.lang.String)>(v);
v = virtualinvoke v.<java.net.InetAddress: java.lang.String getCanonicalHostName()>();
label:
return v;
label:
v := @caughtexception;
v = <org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG>;
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.text.MessageFormat: java.lang.String format(java.lang.String,java.lang.Object[])>("Unable to normalize hostname [{0}]", v);
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
return null;
catch java.net.UnknownHostException from label to label with label;
}
private static java.lang.String assertNotEmpty(java.lang.String, java.lang.String)
{
java.lang.String v, v, v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = staticinvoke <org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.lang.String assertNotEmpty(java.lang.String,java.lang.String,java.lang.String)>(v, v, null);
return v;
}
private static java.lang.String assertNotEmpty(java.lang.String, java.lang.String, java.lang.String)
{
java.lang.IllegalArgumentException v, v;
int v;
java.lang.String v, v, v, v, v, v, v;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
if v != null goto label;
v = new java.lang.IllegalArgumentException;
if v != null goto label;
v = "";
goto label;
label:
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>(", \u0001");
label:
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u cannot be null\u0001");
specialinvoke v.<java.lang.IllegalArgumentException: void <init>(java.lang.String)>(v);
throw v;
label:
v = virtualinvoke v.<java.lang.String: int length()>();
if v != 0 goto label;
v = new java.lang.IllegalArgumentException;
if v != null goto label;
v = "";
goto label;
label:
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>(", \u0001");
label:
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u cannot be empty\u0001");
specialinvoke v.<java.lang.IllegalArgumentException: void <init>(java.lang.String)>(v);
throw v;
label:
return v;
}
static void <clinit>()
{
java.util.HashSet v;
org.slf4j.Logger v;
java.util.Set v;
java.util.HashMap v, v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/hive/hcatalog/templeton/ProxyUserSupport;");
<org.apache.hive.hcatalog.templeton.ProxyUserSupport: org.slf4j.Logger LOG> = v;
v = new java.util.HashSet;
specialinvoke v.<java.util.HashSet: void <init>(int)>(0);
v = staticinvoke <java.util.Collections: java.util.Set unmodifiableSet(java.util.Set)>(v);
<org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Set WILD_CARD> = v;
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
<org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserGroups> = v;
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
<org.apache.hive.hcatalog.templeton.ProxyUserSupport: java.util.Map proxyUserHosts> = v;
return;
}
}