package org.apache.hive.service.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.EnumUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveServer2TransportMode;
import org.apache.hive.service.auth.HiveAuthConstants;

/* loaded from: input_file:org/apache/hive/service/auth/AuthType.class */
public class AuthType {
    static final Set<HiveAuthConstants.AuthTypes> PASSWORD_BASED_TYPES = ImmutableSet.of(HiveAuthConstants.AuthTypes.LDAP, HiveAuthConstants.AuthTypes.CUSTOM, HiveAuthConstants.AuthTypes.PAM, HiveAuthConstants.AuthTypes.NONE);
    private final HiveServer2TransportMode mode;
    private final List<HiveAuthConstants.AuthTypes> authTypes = new ArrayList();
    private final BitSet typeBits = new BitSet();

    @VisibleForTesting
    public AuthType(String str, HiveServer2TransportMode hiveServer2TransportMode) {
        this.mode = hiveServer2TransportMode;
        parseTypes(str);
        verifyTypes(str);
    }

    private void parseTypes(String str) {
        for (String str2 : str.split(",")) {
            if (!EnumUtils.isValidEnumIgnoreCase(HiveAuthConstants.AuthTypes.class, str2)) {
                throw new IllegalArgumentException(str2 + " is not a valid authentication type.");
            }
            HiveAuthConstants.AuthTypes authTypes = (HiveAuthConstants.AuthTypes) EnumUtils.getEnumIgnoreCase(HiveAuthConstants.AuthTypes.class, str2);
            this.authTypes.add(authTypes);
            this.typeBits.set(authTypes.ordinal());
        }
    }

    private void verifyTypes(String str) {
        if (this.typeBits.cardinality() == 1) {
            return;
        }
        if (this.typeBits.get(HiveAuthConstants.AuthTypes.NOSASL.ordinal())) {
            throw new UnsupportedOperationException("NOSASL can't be along with other auth methods: " + str);
        }
        if (this.typeBits.get(HiveAuthConstants.AuthTypes.NONE.ordinal())) {
            throw new UnsupportedOperationException("None can't be along with other auth methods: " + str);
        }
        if (areAnyEnabled(PASSWORD_BASED_TYPES) && !isExactlyOneEnabled(PASSWORD_BASED_TYPES)) {
            throw new RuntimeException("Multiple password based auth methods found: " + str);
        }
        if (this.typeBits.get(HiveAuthConstants.AuthTypes.SAML.ordinal()) || this.typeBits.get(HiveAuthConstants.AuthTypes.JWT.ordinal())) {
            if (this.mode == HiveServer2TransportMode.all || this.mode == HiveServer2TransportMode.binary) {
                throw new UnsupportedOperationException("HiveServer2 binary mode doesn't support JWT and SAML, please consider using http mode only");
            }
        }
    }

    private boolean isExactlyOneEnabled(Collection<HiveAuthConstants.AuthTypes> collection) {
        boolean z = false;
        boolean z2 = false;
        Iterator<HiveAuthConstants.AuthTypes> it = collection.iterator();
        while (!z2 && it.hasNext()) {
            boolean isEnabled = isEnabled(it.next());
            z2 = z && isEnabled;
            z |= isEnabled;
        }
        return z && !z2;
    }

    private boolean areAnyEnabled(Collection<HiveAuthConstants.AuthTypes> collection) {
        boolean z = false;
        Iterator<HiveAuthConstants.AuthTypes> it = collection.iterator();
        while (!z && it.hasNext()) {
            z = isEnabled(it.next());
        }
        return z;
    }

    public boolean isEnabled(HiveAuthConstants.AuthTypes authTypes) {
        return this.typeBits.get(authTypes.ordinal());
    }

    public boolean isPasswordBasedAuthEnabled() {
        return areAnyEnabled(PASSWORD_BASED_TYPES);
    }

    public String getAuthTypes() {
        return (String) this.authTypes.stream().map(authTypes -> {
            return authTypes.getAuthName();
        }).collect(Collectors.joining(","));
    }

    public String getPasswordBasedAuthStr() {
        if (isEnabled(HiveAuthConstants.AuthTypes.NOSASL)) {
            return HiveAuthConstants.AuthTypes.NOSASL.getAuthName();
        }
        for (HiveAuthConstants.AuthTypes authTypes : PASSWORD_BASED_TYPES) {
            if (isEnabled(authTypes)) {
                return authTypes.getAuthName();
            }
        }
        return "";
    }

    public boolean isPasswordBasedAuth(HiveAuthConstants.AuthTypes authTypes) {
        return PASSWORD_BASED_TYPES.contains(authTypes);
    }

    public static boolean isKerberosAuthMode(Configuration configuration) {
        return authTypeFromConf(configuration, true).isEnabled(HiveAuthConstants.AuthTypes.KERBEROS);
    }

    public static boolean isSamlAuthMode(Configuration configuration) {
        return authTypeFromConf(configuration, true).isEnabled(HiveAuthConstants.AuthTypes.SAML);
    }

    public static AuthType authTypeFromConf(Configuration configuration, boolean z) {
        HiveServer2TransportMode hiveServer2TransportMode;
        String var = HiveConf.getVar(configuration, HiveConf.ConfVars.HIVE_SERVER2_AUTHENTICATION);
        boolean isEmpty = StringUtils.isEmpty(var);
        if (z) {
            hiveServer2TransportMode = HiveServer2TransportMode.http;
            if (isEmpty) {
                var = HiveAuthConstants.AuthTypes.NOSASL.getAuthName();
            }
        } else {
            hiveServer2TransportMode = HiveServer2TransportMode.binary;
            if (isEmpty) {
                var = HiveAuthConstants.AuthTypes.NONE.getAuthName();
            }
        }
        return new AuthType(var, hiveServer2TransportMode);
    }
}
