package org.apache.hive.service.auth.ldap;

import com.google.common.base.Strings;
import java.util.List;
import javax.naming.NamingException;
import javax.security.sasl.AuthenticationException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/ldap/UserGroupSearchFilterFactory.class */
public class UserGroupSearchFilterFactory implements FilterFactory {

    /* loaded from: input_file:org/apache/hive/service/auth/ldap/UserGroupSearchFilterFactory$UserGroupSearchFilter.class */
    private static final class UserGroupSearchFilter implements Filter {
        private static final Logger LOG = LoggerFactory.getLogger(UserGroupSearchFilter.class);
        private final String userSearchFilter;
        private final String userBaseDN;
        private final String groupSearchFilter;
        private final String groupBaseDN;

        UserGroupSearchFilter(String str, String str2, String str3, String str4) {
            this.userSearchFilter = str;
            this.userBaseDN = str2;
            this.groupSearchFilter = str3;
            this.groupBaseDN = str4;
        }

        @Override // org.apache.hive.service.auth.ldap.Filter
        public void apply(DirSearch dirSearch, String str) throws AuthenticationException {
            String str2 = null;
            try {
                if (!Strings.isNullOrEmpty(this.userSearchFilter) && !Strings.isNullOrEmpty(this.userBaseDN)) {
                    str2 = dirSearch.findUserDn(str, this.userSearchFilter, this.userBaseDN);
                    if (str2 == null) {
                        throw new AuthenticationException("Authentication failed: User search found no matching user");
                    }
                }
                if (!Strings.isNullOrEmpty(this.groupSearchFilter) && !Strings.isNullOrEmpty(this.groupBaseDN)) {
                    List<String> executeUserAndGroupFilterQuery = dirSearch.executeUserAndGroupFilterQuery(str, str2, this.groupSearchFilter, this.groupBaseDN);
                    if (executeUserAndGroupFilterQuery != null && executeUserAndGroupFilterQuery.size() > 0) {
                        return;
                    }
                } else if (str2 != null) {
                    return;
                }
                throw new AuthenticationException("Authentication failed: User search does not satisfy filter condition");
            } catch (NamingException e) {
                throw new AuthenticationException("LDAP Authentication failed for user", e);
            }
        }
    }

    @Override // org.apache.hive.service.auth.ldap.FilterFactory
    public Filter getInstance(HiveConf hiveConf) {
        String str = hiveConf.get(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERSEARCHFILTER.varname);
        String str2 = hiveConf.get(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN.varname);
        String str3 = hiveConf.get(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPSEARCHFILTER.varname);
        String str4 = hiveConf.get(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPBASEDN.varname);
        if (Strings.isNullOrEmpty(str) && Strings.isNullOrEmpty(str3) && Strings.isNullOrEmpty(str4)) {
            return null;
        }
        return new UserGroupSearchFilter(str, str2, str3, str4);
    }
}
