package org.apache.hive.service.auth.jwt;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import javax.security.sasl.AuthenticationException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/service/auth/jwt/URLBasedJWKSProvider.class */
public class URLBasedJWKSProvider {
    private static final Logger LOG = LoggerFactory.getLogger(URLBasedJWKSProvider.class.getName());
    private final HiveConf conf;
    private List<JWKSet> jwkSets = new ArrayList();

    public URLBasedJWKSProvider(HiveConf hiveConf) throws IOException, ParseException, GeneralSecurityException {
        this.conf = hiveConf;
        loadJWKSets();
    }

    private void loadJWKSets() throws IOException, ParseException, GeneralSecurityException {
        String var = HiveConf.getVar(this.conf, HiveConf.ConfVars.HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_URL);
        if (var == null || var.isEmpty()) {
            throw new IOException("Invalid value of property: " + HiveConf.ConfVars.HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_URL.varname);
        }
        for (String str : var.split(",")) {
            SSLContext sSLContext = null;
            if (HiveConf.getBoolVar(this.conf, HiveConf.ConfVars.HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_SKIP_SSL_CERT, false)) {
                sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new X509TrustManager[]{new X509TrustManager() { // from class: org.apache.hive.service.auth.jwt.URLBasedJWKSProvider.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }
                }}, new SecureRandom());
            }
            HttpGet httpGet = new HttpGet(str);
            CloseableHttpClient createDefault = sSLContext == null ? HttpClients.createDefault() : HttpClients.custom().setSSLContext(sSLContext).build();
            Throwable th = null;
            try {
                try {
                    CloseableHttpResponse execute = createDefault.execute(httpGet);
                    Throwable th2 = null;
                    try {
                        try {
                            HttpEntity entity = execute.getEntity();
                            if (entity != null) {
                                this.jwkSets.add(JWKSet.load(entity.getContent()));
                            }
                            if (execute != null) {
                                if (0 != 0) {
                                    try {
                                        execute.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    execute.close();
                                }
                            }
                            if (createDefault != null) {
                                if (0 != 0) {
                                    try {
                                        createDefault.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    createDefault.close();
                                }
                            }
                            LOG.info("Loaded JWKS from " + str);
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th5) {
                if (createDefault != null) {
                    if (th != null) {
                        try {
                            createDefault.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        createDefault.close();
                    }
                }
                throw th5;
            }
        }
    }

    public List<JWK> getJWKs(JWSHeader jWSHeader) throws AuthenticationException {
        JWKMatcher forJWSHeader = JWKMatcher.forJWSHeader(jWSHeader);
        if (forJWSHeader == null) {
            throw new AuthenticationException("Unsupported algorithm: " + jWSHeader.getAlgorithm());
        }
        ArrayList arrayList = new ArrayList();
        JWKSelector jWKSelector = new JWKSelector(forJWSHeader);
        Iterator<JWKSet> it = this.jwkSets.iterator();
        while (it.hasNext()) {
            arrayList.addAll(jWKSelector.select(it.next()));
        }
        return arrayList;
    }
}
