package org.apache.drill.exec.rpc;

import com.google.common.base.Preconditions;
import io.netty.channel.socket.SocketChannel;
import java.io.IOException;
import javax.security.auth.login.LoginException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.drill.exec.memory.BufferAllocator;
import org.apache.drill.exec.rpc.ServerConnection;
import org.apache.drill.exec.rpc.security.SaslProperties;
import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/drill/exec/rpc/AbstractServerConnection.class */
public abstract class AbstractServerConnection<S extends ServerConnection<S>> extends AbstractRemoteConnection implements ServerConnection<S> {
    private final ConnectionConfig config;
    private RequestHandler<S> currentHandler;
    private SaslServer saslServer;

    public AbstractServerConnection(SocketChannel socketChannel, String str, ConnectionConfig connectionConfig, RequestHandler<S> requestHandler) {
        super(socketChannel, str, connectionConfig.getEncryptionCtxt());
        this.config = connectionConfig;
        this.currentHandler = requestHandler;
    }

    public AbstractServerConnection(SocketChannel socketChannel, ConnectionConfig connectionConfig, RequestHandler<S> requestHandler) {
        this(socketChannel, connectionConfig.getName(), connectionConfig, requestHandler);
    }

    @Override // org.apache.drill.exec.rpc.RemoteConnection
    public BufferAllocator getAllocator() {
        return this.config.getAllocator();
    }

    protected abstract Logger getLogger();

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public void initSaslServer(String str) throws SaslException {
        Preconditions.checkState(this.saslServer == null);
        try {
            this.saslServer = this.config.getAuthProvider().getAuthenticatorFactory(str).createSaslServer(UserGroupInformation.getLoginUser(), SaslProperties.getSaslProperties(isEncryptionEnabled(), getMaxWrappedSize()));
            if (this.saslServer == null) {
                throw new SaslException(String.format("Server cannot initiate authentication using %s mechanism. Insufficient parameters or selected mechanism doesn't support configured security layers ?", str));
            }
            if (isEncryptionEnabled()) {
                this.saslCodec = new SaslCodec() { // from class: org.apache.drill.exec.rpc.AbstractServerConnection.1
                    @Override // org.apache.drill.exec.rpc.SaslCodec
                    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
                        Preconditions.checkState(AbstractServerConnection.this.saslServer != null);
                        return AbstractServerConnection.this.saslServer.wrap(bArr, i, i2);
                    }

                    @Override // org.apache.drill.exec.rpc.SaslCodec
                    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
                        Preconditions.checkState(AbstractServerConnection.this.saslServer != null);
                        return AbstractServerConnection.this.saslServer.unwrap(bArr, i, i2);
                    }
                };
            }
        } catch (IOException e) {
            getLogger().debug("Login failed.", (Throwable) e);
            Throwable cause = e.getCause();
            if (!(cause instanceof LoginException)) {
                throw new SaslException("Unexpected failure trying to login.", cause);
            }
            throw new SaslException("Failed to login.", cause);
        }
    }

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public SaslServer getSaslServer() {
        Preconditions.checkState(this.saslServer != null);
        return this.saslServer;
    }

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public void finalizeSaslSession() throws IOException {
        String authorizationID = getSaslServer().getAuthorizationID();
        String shortName = new HadoopKerberosName(authorizationID).getShortName();
        String shortUserName = UserGroupInformation.getLoginUser().getShortUserName();
        if (!shortUserName.equals(shortName)) {
            throw new SaslException(String.format("'primary' part of remote drillbit's service principal does not match with this drillbit's. Expected: '%s' Actual: '%s'", shortUserName, shortName));
        }
        getLogger().debug("Authenticated connection for {}", authorizationID);
    }

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public RequestHandler<S> getCurrentHandler() {
        return this.currentHandler;
    }

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public void changeHandlerTo(RequestHandler<S> requestHandler) {
        Preconditions.checkNotNull(requestHandler);
        this.currentHandler = requestHandler;
    }

    @Override // org.apache.drill.exec.rpc.AbstractRemoteConnection, org.apache.drill.exec.rpc.EncryptionContext
    public void setEncryption(boolean z) {
        throw new UnsupportedOperationException("Changing encryption setting on server connection is not permitted.");
    }

    @Override // org.apache.drill.exec.rpc.AbstractRemoteConnection, org.apache.drill.exec.rpc.EncryptionContext
    public void setMaxWrappedSize(int i) {
        throw new UnsupportedOperationException("Changing maxWrappedSize setting on server connection is not permitted.");
    }

    @Override // org.apache.drill.exec.rpc.ServerConnection
    public void disposeSaslServer() {
        try {
            if (this.saslServer != null) {
                this.saslServer.dispose();
                this.saslServer = null;
            }
        } catch (SaslException e) {
            getLogger().warn("Unclean disposal.", e);
        }
    }

    @Override // org.apache.drill.exec.rpc.AbstractRemoteConnection, org.apache.drill.exec.rpc.RemoteConnection
    public void channelClosed(RpcException rpcException) {
        disposeSaslServer();
        decConnectionCounter();
        super.channelClosed(rpcException);
    }
}
