package org.apache.hive.service.auth.saml;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.hive.conf.HiveConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/saml/HiveSamlHttpServlet.class */
public class HiveSamlHttpServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(HiveSamlHttpServlet.class);
    private final HiveConf conf;
    private final ISAMLAuthTokenGenerator tokenGenerator;
    private static final String LOOP_BACK_INTERFACE = "127.0.0.1";

    public HiveSamlHttpServlet(HiveConf hiveConf) {
        this.conf = (HiveConf) Preconditions.checkNotNull(hiveConf);
        this.tokenGenerator = HiveSamlAuthTokenGenerator.get(hiveConf);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String relayStateInfo = HiveSamlRelayStateStore.get().getRelayStateInfo(httpServletRequest, httpServletResponse);
            int port = HiveSamlRelayStateStore.get().getRelayStateInfo(relayStateInfo).getPort();
            try {
                LOG.info("RelayState = {}. Driver side port on localhost = {}", relayStateInfo, Integer.valueOf(port));
                String validate = HiveSaml2Client.get(this.conf).validate(httpServletRequest, httpServletResponse);
                Preconditions.checkState(validate != null);
                LOG.info("Successfully validated saml response for user {}. Forwarding the token to port {}", validate, Integer.valueOf(port));
                generateFormData(httpServletResponse, HiveSamlUtils.getLoopBackAddress(port), this.tokenGenerator.get(validate, relayStateInfo), true, "");
            } catch (HttpSamlAuthenticationException e) {
                if (e instanceof HttpSamlNoGroupsMatchedException) {
                    LOG.error("Could not authenticate user since the groups didn't match", e);
                } else {
                    LOG.error("SAML response could not be validated", e);
                }
                generateFormData(httpServletResponse, HiveSamlUtils.getLoopBackAddress(port), null, false, "SAML assertion could not be validated. Check server logs for more details.");
            }
        } catch (HttpSamlAuthenticationException e2) {
            LOG.error("Invalid relay state", e2);
            httpServletResponse.setStatus(401);
        }
    }

    private void generateFormData(HttpServletResponse httpServletResponse, String str, String str2, boolean z, String str3) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            Throwable th = null;
            try {
                try {
                    writer.write("<html><body onload='document.forms[\"form\"].submit()'>" + String.format("<form name='form' action='%s' method='POST'>", str) + String.format("<input type='hidden' name='%s' value='%s'>", HiveSamlUtils.TOKEN_KEY, str2) + String.format("<input type='hidden' name='%s' value='%s'>", HiveSamlUtils.STATUS_KEY, Boolean.valueOf(z)) + String.format("<input type='hidden' name='%s' value='%s'>", HiveSamlUtils.MESSAGE_KEY, str3) + "</form></body></html>");
                    if (writer != null) {
                        if (0 != 0) {
                            try {
                                writer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            writer.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e) {
            LOG.error("Could not generate the form data for sending a response to url " + str, e);
            httpServletResponse.setStatus(500);
        }
    }
}
