public class org.apache.hive.service.auth.jwt.JWTValidator extends java.lang.Object
{
private static final org.slf4j.Logger LOG;
private static final com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory JWS_VERIFIER_FACTORY;
private final org.apache.hive.service.auth.jwt.URLBasedJWKSProvider jwksProvider;
public void <init>(org.apache.hadoop.hive.conf.HiveConf) throws java.io.IOException, java.text.ParseException, java.security.GeneralSecurityException
{
org.apache.hadoop.hive.conf.HiveConf v;
org.apache.hive.service.auth.jwt.URLBasedJWKSProvider v;
org.apache.hive.service.auth.jwt.JWTValidator v;
v := @this: org.apache.hive.service.auth.jwt.JWTValidator;
v := @parameter: org.apache.hadoop.hive.conf.HiveConf;
specialinvoke v.<java.lang.Object: void <init>()>();
v = new org.apache.hive.service.auth.jwt.URLBasedJWKSProvider;
specialinvoke v.<org.apache.hive.service.auth.jwt.URLBasedJWKSProvider: void <init>(org.apache.hadoop.hive.conf.HiveConf)>(v);
v.<org.apache.hive.service.auth.jwt.JWTValidator: org.apache.hive.service.auth.jwt.URLBasedJWKSProvider jwksProvider> = v;
return;
}
public java.lang.String validateJWTAndExtractUser(java.lang.String) throws java.text.ParseException, javax.security.sasl.AuthenticationException
{
java.util.Date v, v;
com.nimbusds.jose.JWSObject$State v, v;
boolean v, v, v, v;
com.nimbusds.jose.JWSHeader v, v, v;
com.nimbusds.jwt.SignedJWT v;
java.lang.Exception v, v;
com.nimbusds.jose.Payload v, v, v;
java.util.List v;
javax.security.sasl.AuthenticationException v, v, v;
org.apache.hive.service.auth.jwt.URLBasedJWKSProvider v, v;
java.lang.Object[] v;
com.nimbusds.jwt.JWTClaimsSet v;
org.apache.hive.service.auth.jwt.JWTValidator v;
int v, v, v;
java.lang.String v, v, v, v, v, v, v, v, v;
com.nimbusds.jose.JWSVerifier v;
org.slf4j.Logger v, v, v;
java.util.Iterator v;
java.lang.Object v;
v := @this: org.apache.hive.service.auth.jwt.JWTValidator;
v := @parameter: java.lang.String;
v = v.<org.apache.hive.service.auth.jwt.JWTValidator: org.apache.hive.service.auth.jwt.URLBasedJWKSProvider jwksProvider>;
staticinvoke <com.google.common.base.Preconditions: java.lang.Object checkNotNull(java.lang.Object)>(v);
staticinvoke <com.google.common.base.Preconditions: java.lang.Object checkNotNull(java.lang.Object,java.lang.Object)>(v, "No token found");
v = staticinvoke <com.nimbusds.jwt.SignedJWT: com.nimbusds.jwt.SignedJWT parse(java.lang.String)>(v);
v = v.<org.apache.hive.service.auth.jwt.JWTValidator: org.apache.hive.service.auth.jwt.URLBasedJWKSProvider jwksProvider>;
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.JWSHeader getHeader()>();
v = virtualinvoke v.<org.apache.hive.service.auth.jwt.URLBasedJWKSProvider: java.util.List getJWKs(com.nimbusds.jose.JWSHeader)>(v);
v = interfaceinvoke v.<java.util.List: boolean isEmpty()>();
if v == 0 goto label;
v = new javax.security.sasl.AuthenticationException;
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.JWSHeader getHeader()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (com.nimbusds.jose.JWSHeader)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Failed to find matched JWKs with the JWT header: \u0001");
specialinvoke v.<javax.security.sasl.AuthenticationException: void <init>(java.lang.String)>(v);
throw v;
label:
v = null;
v = interfaceinvoke v.<java.util.List: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
v = virtualinvoke v.<com.nimbusds.jose.jwk.JWK: java.lang.String getKeyID()>();
if v != null goto label;
v = "null";
goto label;
label:
v = virtualinvoke v.<com.nimbusds.jose.jwk.JWK: java.lang.String getKeyID()>();
label:
v = v;
label:
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.JWSHeader getHeader()>();
v = staticinvoke <org.apache.hive.service.auth.jwt.JWTValidator: com.nimbusds.jose.JWSVerifier getVerifier(com.nimbusds.jose.JWSHeader,com.nimbusds.jose.jwk.JWK)>(v, v);
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: boolean verify(com.nimbusds.jose.JWSVerifier)>(v);
if v == 0 goto label;
v = <org.apache.hive.service.auth.jwt.JWTValidator: org.slf4j.Logger LOG>;
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.Payload getPayload()>();
interfaceinvoke v.<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>("Verified JWT {} by JWK {}", v, v);
label:
goto label;
label:
v := @caughtexception;
v = v;
v = <org.apache.hive.service.auth.jwt.JWTValidator: org.slf4j.Logger LOG>;
v = newarray (java.lang.Object)[3];
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.Payload getPayload()>();
v[0] = v;
v[1] = v;
v[2] = v;
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>("Failed to verify JWT {} by JWK {}", v);
goto label;
label:
v = virtualinvoke v.<java.lang.String: int length()>();
v = v - 7;
v = staticinvoke <java.lang.Math: int max(int,int)>(0, v);
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int)>(v);
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.JWSObject$State getState()>();
v = <com.nimbusds.jose.JWSObject$State: com.nimbusds.jose.JWSObject$State VERIFIED>;
if v == v goto label;
v = new javax.security.sasl.AuthenticationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Failed to verify the JWT signature (ends with \u)");
specialinvoke v.<javax.security.sasl.AuthenticationException: void <init>(java.lang.String,java.lang.Throwable)>(v, v);
throw v;
label:
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jwt.JWTClaimsSet getJWTClaimsSet()>();
v = virtualinvoke v.<com.nimbusds.jwt.JWTClaimsSet: java.util.Date getExpirationTime()>();
if v == null goto label;
v = new java.util.Date;
specialinvoke v.<java.util.Date: void <init>()>();
v = virtualinvoke v.<java.util.Date: boolean after(java.util.Date)>(v);
if v == 0 goto label;
v = <org.apache.hive.service.auth.jwt.JWTValidator: org.slf4j.Logger LOG>;
v = virtualinvoke v.<com.nimbusds.jwt.SignedJWT: com.nimbusds.jose.Payload getPayload()>();
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>("Rejecting an expired JWT: {}", v);
v = new javax.security.sasl.AuthenticationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("JWT (ends with \u) has been expired");
specialinvoke v.<javax.security.sasl.AuthenticationException: void <init>(java.lang.String)>(v);
throw v;
label:
v = virtualinvoke v.<com.nimbusds.jwt.JWTClaimsSet: java.lang.String getSubject()>();
return v;
catch java.lang.Exception from label to label with label;
}
private static com.nimbusds.jose.JWSVerifier getVerifier(com.nimbusds.jose.JWSHeader, com.nimbusds.jose.jwk.JWK) throws com.nimbusds.jose.JOSEException
{
com.nimbusds.jose.JWSVerifier v;
java.security.PublicKey v;
com.nimbusds.jose.JWSHeader v;
com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory v;
com.nimbusds.jose.jwk.JWK v;
boolean v;
v := @parameter: com.nimbusds.jose.JWSHeader;
v := @parameter: com.nimbusds.jose.jwk.JWK;
v = v instanceof com.nimbusds.jose.jwk.AsymmetricJWK;
staticinvoke <com.google.common.base.Preconditions: void checkArgument(boolean,java.lang.Object)>(v, "JWT signature verification with symmetric key is not allowed.");
v = interfaceinvoke v.<com.nimbusds.jose.jwk.AsymmetricJWK: java.security.PublicKey toPublicKey()>();
v = <org.apache.hive.service.auth.jwt.JWTValidator: com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory JWS_VERIFIER_FACTORY>;
v = virtualinvoke v.<com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory: com.nimbusds.jose.JWSVerifier createJWSVerifier(com.nimbusds.jose.JWSHeader,java.security.Key)>(v, v);
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
java.lang.Class v;
java.lang.String v;
com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory v;
v = class "Lorg/apache/hive/service/auth/jwt/JWTValidator;";
v = virtualinvoke v.<java.lang.Class: java.lang.String getName()>();
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.String)>(v);
<org.apache.hive.service.auth.jwt.JWTValidator: org.slf4j.Logger LOG> = v;
v = new com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
specialinvoke v.<com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory: void <init>()>();
<org.apache.hive.service.auth.jwt.JWTValidator: com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory JWS_VERIFIER_FACTORY> = v;
return;
}
}