package org.apache.sentry.service.thrift.shim;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.util.Locale;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.rpcauth.RpcAuthMethod;
import org.apache.hadoop.security.rpcauth.RpcAuthRegistry;
import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge;
import org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge20;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;

/* loaded from: input_file:org/apache/sentry/service/thrift/shim/HadoopThriftAuthBridge25.class */
public class HadoopThriftAuthBridge25 extends HadoopThriftAuthBridge20 {

    /* loaded from: input_file:org/apache/sentry/service/thrift/shim/HadoopThriftAuthBridge25$Client.class */
    public static class Client extends HadoopThriftAuthBridge20.Client {
        @Override // org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge20.Client, org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge.Client
        public TTransport createClientTransport(String str, String str2, TTransport tTransport, boolean z) throws IOException {
            String property = System.getProperty(ServiceConstants.ServerConfig.SECURITY_MODE);
            if (property == null || property.equalsIgnoreCase(ServiceConstants.ServerConfig.SECURITY_MODE_OTHER)) {
                property = "MAPRSASL";
            }
            RpcAuthMethod authMethod = RpcAuthRegistry.getAuthMethod(property.toUpperCase(Locale.ENGLISH));
            if (authMethod == null) {
                throw new IOException("Unsupported authentication method: " + property);
            }
            if (property.equalsIgnoreCase(ServiceConstants.ServerConfig.SENTRY_WEB_SECURITY_TYPE_KERBEROS)) {
                return super.createClientTransport(str, str2, tTransport, z);
            }
            try {
                Preconditions.checkArgument(!authMethod.getMechanismName().equals(ServiceConstants.ServerConfig.SENTRY_WEB_SECURITY_TYPE_KERBEROS), "Your system is configured to use Kerberos authentication. You should set value of 'sentry.service.security.mode' property to 'kerberos'");
                return new SentryPolicyServiceClientDefaultImpl.UgiSaslClientTransport(authMethod.getMechanismName(), null, null, null, ServiceConstants.ClientConfig.SASL_PROPERTIES, null, tTransport, z);
            } catch (SaslException e) {
                throw new IOException("Could not instantiate SASL transport", e);
            }
        }
    }

    /* loaded from: input_file:org/apache/sentry/service/thrift/shim/HadoopThriftAuthBridge25$Server.class */
    public static class Server extends HadoopThriftAuthBridge20.Server {
        public Server() throws TTransportException {
        }

        protected Server(String str, String str2) throws TTransportException {
            super(str, str2);
        }

        @Override // org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge20.Server, org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge.Server
        public TTransportFactory createTransportFactory(Configuration configuration) throws TTransportException, IOException {
            TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
            RpcAuthMethod authMethod = RpcAuthRegistry.getAuthMethod(this.realUgi.getAuthenticationMethod());
            if (authMethod.getAuthenticationMethod().equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                return super.createTransportFactory(configuration);
            }
            factory.addServerDefinition(authMethod.getMechanismName(), (String) null, "default", ServiceConstants.ServerConfig.SASL_PROPERTIES, authMethod.createCallbackHandler());
            return new HadoopThriftAuthBridge.TUGIAssumingTransportFactory(factory, this.realUgi);
        }
    }

    @Override // org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge20, org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge
    public Server createServer(String str, String str2) throws TTransportException {
        return (str.isEmpty() || str2.isEmpty()) ? new Server() : new Server(str, str2);
    }

    @Override // org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge20, org.apache.sentry.service.thrift.shim.HadoopThriftAuthBridge
    public Client createClient() {
        return new Client();
    }
}
