public class org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime extends org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy
{
private static final org.slf4j.Logger LOGGER;
public java.lang.String serverPrincipal;
public java.lang.String kerberosRemoteServiceName;
public java.lang.Boolean kerberosUseCanonicalHostname;
public void <init>(java.lang.String, java.lang.String, java.lang.Boolean)
{
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
java.lang.Boolean v;
java.lang.String v, v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.Boolean;
specialinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy: void <init>()>();
v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String serverPrincipal> = v;
v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String kerberosRemoteServiceName> = v;
v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.Boolean kerberosUseCanonicalHostname> = v;
return;
}
public java.sql.Connection getConnectionImpl(org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics, org.finos.legend.engine.shared.core.identity.Identity) throws org.finos.legend.engine.plan.execution.stores.relational.connection.ConnectionException
{
java.lang.UnsupportedOperationException v;
org.finos.legend.engine.shared.core.identity.Identity v;
java.sql.Connection v;
java.util.Properties v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
javax.security.auth.Subject v;
org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics v;
javax.sql.DataSource v;
java.util.Optional v;
org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential v;
boolean v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics;
v := @parameter: org.finos.legend.engine.shared.core.identity.Identity;
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.Identity: java.util.Optional getCredential(java.lang.Class)>(class "Lorg/finos/legend/engine/shared/core/identity/credential/LegendKerberosCredential;");
v = virtualinvoke v.<java.util.Optional: boolean isPresent()>();
if v != 0 goto label;
v = new java.lang.UnsupportedOperationException;
specialinvoke v.<java.lang.UnsupportedOperationException: void <init>(java.lang.String)>("Expected Kerberos credential was not found");
throw v;
label:
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics: java.util.Properties getProperties()>();
v = specialinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential resolveCredential(java.util.Properties)>(v);
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics: javax.sql.DataSource getDataSource()>();
v = specialinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: javax.security.auth.Subject getSubjectWithSinglePrivateCredential(org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential)>(v);
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.sql.Connection getConnectionUsingKerberos(javax.sql.DataSource,javax.security.auth.Subject)>(v, v);
return v;
}
private javax.security.auth.Subject getSubjectWithSinglePrivateCredential(org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential)
{
int v;
java.util.stream.Collector v;
org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential v;
boolean v, v;
org.slf4j.Logger v;
java.util.function.Predicate v, v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
java.util.Set v, v, v, v;
javax.security.auth.Subject v, v, v, v, v, v, v;
java.util.stream.Stream v, v, v, v;
java.util.Optional v;
java.lang.Object v, v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential;
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrivateCredentials(java.lang.Class)>(class "Ljavax/security/auth/kerberos/KerberosTicket;");
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: boolean isValid()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Set: int size()>();
if v > 1 goto label;
label:
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
return v;
label:
v = <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: org.slf4j.Logger LOGGER>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>("Kerberos Subject with multiple private credentials found");
staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: void logMultipleKerberosEntries(java.util.Set)>(v);
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrivateCredentials()>();
v = interfaceinvoke v.<java.util.Set: java.util.stream.Stream stream()>();
v = staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime$lambda_getSubjectWithSinglePrivateCredential_0__1: java.util.function.Predicate bootstrap$()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream filter(java.util.function.Predicate)>(v);
v = staticinvoke <java.util.stream.Collectors: java.util.stream.Collector toSet()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.lang.Object collect(java.util.stream.Collector)>(v);
v = interfaceinvoke v.<java.util.Set: java.util.stream.Stream stream()>();
v = staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime$lambda_getSubjectWithSinglePrivateCredential_1__2: java.util.function.Predicate bootstrap$(org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime)>(v);
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream filter(java.util.function.Predicate)>(v);
v = interfaceinvoke v.<java.util.stream.Stream: java.util.Optional findFirst()>();
v = virtualinvoke v.<java.util.Optional: java.lang.Object get()>();
interfaceinvoke v.<java.util.Set: boolean add(java.lang.Object)>(v);
v = new javax.security.auth.Subject;
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
v = virtualinvoke v.<javax.security.auth.Subject: boolean isReadOnly()>();
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPrincipals()>();
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential: javax.security.auth.Subject getSubject()>();
v = virtualinvoke v.<javax.security.auth.Subject: java.util.Set getPublicCredentials()>();
specialinvoke v.<javax.security.auth.Subject: void <init>(boolean,java.util.Set,java.util.Set,java.util.Set)>(v, v, v, v);
return v;
}
private boolean isValidKerberosTGTPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
{
javax.security.auth.kerberos.KerberosPrincipal v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
java.lang.String v, v, v, v;
boolean v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: javax.security.auth.kerberos.KerberosPrincipal;
if v != null goto label;
return 0;
label:
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getName()>();
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getRealm()>();
v = virtualinvoke v.<javax.security.auth.kerberos.KerberosPrincipal: java.lang.String getRealm()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("krbtgt/\u0001@\u0001");
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
return 1;
label:
return 0;
}
private static void logMultipleKerberosEntries(java.util.Set)
{
java.util.function.Consumer v;
java.util.stream.Stream v, v;
java.util.function.Predicate v;
java.util.Set v;
v := @parameter: java.util.Set;
v = interfaceinvoke v.<java.util.Set: java.util.stream.Stream stream()>();
v = staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime$lambda_logMultipleKerberosEntries_2__3: java.util.function.Predicate bootstrap$()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream filter(java.util.function.Predicate)>(v);
v = staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime$lambda_logMultipleKerberosEntries_3__4: java.util.function.Consumer bootstrap$()>();
interfaceinvoke v.<java.util.stream.Stream: void forEach(java.util.function.Consumer)>(v);
return;
}
private org.finos.legend.engine.shared.core.identity.credential.LegendKerberosCredential resolveCredential(java.util.Properties)
{
org.finos.legend.engine.shared.core.identity.Identity v;
java.util.Properties v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.ConnectionStateManager v;
org.finos.legend.engine.shared.core.identity.Credential v;
java.util.Optional v, v;
java.lang.Object v;
org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState v;
boolean v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: java.util.Properties;
v = staticinvoke <org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.ConnectionStateManager: org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.ConnectionStateManager getInstance()>();
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.ConnectionStateManager: org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState getIdentityStateUsing(java.util.Properties)>(v);
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState: java.util.Optional getCredentialSupplier()>();
v = virtualinvoke v.<java.util.Optional: boolean isPresent()>();
if v == 0 goto label;
v = specialinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy: org.finos.legend.engine.shared.core.identity.Credential getDatabaseCredential(org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState)>(v);
return v;
label:
v = virtualinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState: org.finos.legend.engine.shared.core.identity.Identity getIdentity()>();
v = virtualinvoke v.<org.finos.legend.engine.shared.core.identity.Identity: java.util.Optional getCredential(java.lang.Class)>(class "Lorg/finos/legend/engine/shared/core/identity/credential/LegendKerberosCredential;");
v = virtualinvoke v.<java.util.Optional: java.lang.Object get()>();
return v;
}
public org.eclipse.collections.api.tuple.Pair handleConnection(java.lang.String, java.util.Properties, org.finos.legend.engine.plan.execution.stores.relational.connection.driver.DatabaseManager)
{
org.finos.legend.engine.plan.execution.stores.relational.connection.driver.DatabaseManager v;
java.util.Properties v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
java.lang.Boolean v;
java.lang.String v, v, v;
org.eclipse.collections.api.tuple.Pair v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v := @parameter: java.lang.String;
v := @parameter: java.util.Properties;
v := @parameter: org.finos.legend.engine.plan.execution.stores.relational.connection.driver.DatabaseManager;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String kerberosRemoteServiceName>;
virtualinvoke v.<java.util.Properties: java.lang.Object setProperty(java.lang.String,java.lang.String)>("KerberosRemoteServiceName", v);
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.Boolean kerberosUseCanonicalHostname>;
v = staticinvoke <java.lang.String: java.lang.String valueOf(java.lang.Object)>(v);
virtualinvoke v.<java.util.Properties: java.lang.Object setProperty(java.lang.String,java.lang.String)>("KerberosUseCanonicalHostname", v);
virtualinvoke v.<java.util.Properties: java.lang.Object setProperty(java.lang.String,java.lang.String)>("KerberosDelegation", "true");
v = staticinvoke <org.eclipse.collections.impl.tuple.Tuples: org.eclipse.collections.api.tuple.Pair pair(java.lang.Object,java.lang.Object)>(v, v);
return v;
}
public org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.AuthenticationStrategyKey getKey()
{
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
java.lang.Boolean v;
java.lang.String v, v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.TrinoDelegatedKerberosAuthenticationStrategyKey v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v = new org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.TrinoDelegatedKerberosAuthenticationStrategyKey;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String serverPrincipal>;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String kerberosRemoteServiceName>;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.Boolean kerberosUseCanonicalHostname>;
specialinvoke v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.TrinoDelegatedKerberosAuthenticationStrategyKey: void <init>(java.lang.String,java.lang.String,java.lang.Boolean)>(v, v, v);
return v;
}
public java.lang.String getServerPrincipal()
{
java.lang.String v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String serverPrincipal>;
return v;
}
public java.lang.String getKerberosRemoteServiceName()
{
java.lang.String v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.String kerberosRemoteServiceName>;
return v;
}
public java.lang.Boolean getKerberosUseCanonicalHostname()
{
java.lang.Boolean v;
org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime v;
v := @this: org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime;
v = v.<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: java.lang.Boolean kerberosUseCanonicalHostname>;
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/finos/legend/engine/plan/execution/stores/relational/connection/authentication/strategy/TrinoDelegatedKerberosAuthenticationStrategyRuntime;");
<org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.TrinoDelegatedKerberosAuthenticationStrategyRuntime: org.slf4j.Logger LOGGER> = v;
return;
}
}