package org.apache.hive.service.auth.ldap;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Stream;
import javax.naming.NamingException;
import javax.security.sasl.AuthenticationException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/ldap/GroupFilterFactory.class */
public final class GroupFilterFactory implements FilterFactory {

    /* loaded from: input_file:org/apache/hive/service/auth/ldap/GroupFilterFactory$GroupFilter.class */
    private static final class GroupFilter implements Filter {
        private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GroupFilter.class);
        private final Set<String> groupFilter = new HashSet();

        GroupFilter(Collection<String> collection) {
            this.groupFilter.addAll(collection);
        }

        @Override // org.apache.hive.service.auth.ldap.Filter
        public void apply(DirSearch dirSearch, String str) throws AuthenticationException {
            LOG.info("Authenticating user '{}' using group membership", str);
            try {
                String findUserDn = dirSearch.findUserDn(str);
                List<String> findGroupsForUser = dirSearch.findGroupsForUser(findUserDn);
                LOG.debug("User {} member of : {}", findUserDn, findGroupsForUser);
                Iterator<String> it2 = findGroupsForUser.iterator();
                while (it2.hasNext()) {
                    String shortName = LdapUtils.getShortName(it2.next());
                    Stream<String> stream = this.groupFilter.stream();
                    shortName.getClass();
                    if (stream.anyMatch(shortName::equalsIgnoreCase)) {
                        LOG.info("Authentication succeeded based on group membership");
                        return;
                    }
                }
                LOG.info("Authentication failed based on user membership");
                throw new AuthenticationException("Authentication failed: User not a member of specified list");
            } catch (NamingException e) {
                throw new AuthenticationException("LDAP Authentication failed for user", e);
            }
        }
    }

    @Override // org.apache.hive.service.auth.ldap.FilterFactory
    public Filter getInstance(HiveConf hiveConf) {
        Collection stringCollection = hiveConf.getStringCollection(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER.varname);
        if (stringCollection.isEmpty()) {
            return null;
        }
        return new GroupFilter(stringCollection);
    }
}
