package org.apache.drill.yarn.appMaster.http;

import com.typesafe.config.Config;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.common.scanner.persistence.ScanResult;
import org.apache.drill.exec.exception.DrillbitStartupException;
import org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
import org.apache.drill.exec.rpc.user.security.UserAuthenticator;
import org.apache.drill.exec.rpc.user.security.UserAuthenticatorFactory;
import org.apache.drill.exec.util.ImpersonationUtil;
import org.apache.drill.yarn.appMaster.AMWrapperException;
import org.apache.drill.yarn.core.DoYUtil;
import org.apache.drill.yarn.core.DrillOnYarnConfig;

/* loaded from: input_file:org/apache/drill/yarn/appMaster/http/AMSecurityManagerImpl.class */
public class AMSecurityManagerImpl implements AMSecurityManager {
    private static final Log LOG = LogFactory.getLog(AMSecurityManagerImpl.class);
    private static AMSecurityManagerImpl instance;
    private AMSecurityManager managerImpl;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/drill/yarn/appMaster/http/AMSecurityManagerImpl$DrillSecurityManager.class */
    public static class DrillSecurityManager implements AMSecurityManager {
        private UserAuthenticator authenticator;

        private DrillSecurityManager() {
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public void init() {
            try {
                DrillOnYarnConfig instance = DrillOnYarnConfig.instance();
                DrillConfig drillConfig = instance.getDrillConfig();
                ScanResult classPathScan = instance.getClassPathScan();
                if (drillConfig.getBoolean("drill.exec.security.user.auth.enabled")) {
                    this.authenticator = UserAuthenticatorFactory.createAuthenticator(drillConfig, classPathScan);
                } else {
                    this.authenticator = null;
                }
            } catch (DrillbitStartupException e) {
                AMSecurityManagerImpl.LOG.info("Authentication initialization failed", e);
                throw new AMWrapperException("Security init failed", e);
            }
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public boolean login(String str, String str2) {
            if (this.authenticator == null) {
                return true;
            }
            try {
                this.authenticator.authenticate(str, str2);
                return ImpersonationUtil.getProcessUserName().equals(str);
            } catch (UserAuthenticationException e) {
                AMSecurityManagerImpl.LOG.info("Authentication failed for user " + str, e);
                return false;
            }
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public void close() {
            try {
                if (this.authenticator != null) {
                    this.authenticator.close();
                }
            } catch (IOException e) {
                AMSecurityManagerImpl.LOG.info("Ignoring error on authenticator close", e);
            }
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public boolean requiresLogin() {
            return this.authenticator != null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/drill/yarn/appMaster/http/AMSecurityManagerImpl$SimpleSecurityManager.class */
    public static class SimpleSecurityManager implements AMSecurityManager {
        private String userName;
        private String password;

        private SimpleSecurityManager() {
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public void init() {
            Config config = DrillOnYarnConfig.config();
            this.userName = config.getString(DrillOnYarnConfig.HTTP_USER_NAME);
            this.password = config.getString(DrillOnYarnConfig.HTTP_PASSWORD);
            if (DoYUtil.isBlank(this.userName)) {
                AMSecurityManagerImpl.LOG.warn("Simple HTTP authentication is enabled, but " + DrillOnYarnConfig.HTTP_USER_NAME + " is blank.");
            }
            if (DoYUtil.isBlank(this.userName)) {
                AMSecurityManagerImpl.LOG.warn("Simple HTTP authentication is enabled, but " + DrillOnYarnConfig.HTTP_PASSWORD + " is blank.");
            }
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public boolean requiresLogin() {
            return !DoYUtil.isBlank(this.userName);
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public boolean login(String str, String str2) {
            if (!requiresLogin()) {
                return true;
            }
            boolean z = this.userName.equals(str) && this.password.equals(str2);
            if (!z) {
                AMSecurityManagerImpl.LOG.info("Failed login attempt with simple authorization for user " + str);
            }
            return z;
        }

        @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
        public void close() {
        }
    }

    private AMSecurityManagerImpl() {
    }

    public static void setup() {
        instance = new AMSecurityManagerImpl();
        instance.init();
    }

    @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
    public void init() {
        Config config = DrillOnYarnConfig.config();
        String string = config.getString(DrillOnYarnConfig.HTTP_AUTH_TYPE);
        if (DrillOnYarnConfig.AUTH_TYPE_DRILL.equals(string)) {
            if (config.getBoolean("drill.exec.security.user.auth.enabled")) {
                this.managerImpl = new DrillSecurityManager();
                this.managerImpl.init();
                return;
            }
            return;
        }
        if (DrillOnYarnConfig.AUTH_TYPE_SIMPLE.equals(string)) {
            this.managerImpl = new SimpleSecurityManager();
            this.managerImpl.init();
        } else {
            if (DoYUtil.isBlank(string) || DrillOnYarnConfig.AUTH_TYPE_NONE.equals(string)) {
                return;
            }
            LOG.error("Unrecognized authorization type for " + DrillOnYarnConfig.HTTP_AUTH_TYPE + ": " + string + " - assuming no auth.");
        }
    }

    @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
    public boolean login(String str, String str2) {
        if (this.managerImpl == null) {
            return true;
        }
        return this.managerImpl.login(str, str2);
    }

    @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
    public void close() {
        if (this.managerImpl != null) {
            this.managerImpl.close();
            this.managerImpl = null;
        }
    }

    @Override // org.apache.drill.yarn.appMaster.http.AMSecurityManager
    public boolean requiresLogin() {
        return this.managerImpl != null;
    }

    public static AMSecurityManager instance() {
        return instance;
    }

    public static boolean isEnabled() {
        return (instance == null || instance.managerImpl == null) ? false : true;
    }
}
