package org.apache.drill.exec.rpc.user;

import com.google.protobuf.MessageLite;
import io.netty.buffer.ByteBuf;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.concurrent.Future;
import java.io.IOException;
import java.net.SocketAddress;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.sasl.SaslException;
import org.apache.drill.common.exceptions.DrillException;
import org.apache.drill.exec.exception.DrillbitStartupException;
import org.apache.drill.exec.memory.BufferAllocator;
import org.apache.drill.exec.physical.impl.materialize.QueryDataPackage;
import org.apache.drill.exec.physical.impl.materialize.QueryWritableBatch;
import org.apache.drill.exec.proto.GeneralRPCProtos;
import org.apache.drill.exec.proto.UserBitShared;
import org.apache.drill.exec.proto.UserProtos;
import org.apache.drill.exec.rpc.AbstractServerConnection;
import org.apache.drill.exec.rpc.BasicServer;
import org.apache.drill.exec.rpc.OutOfMemoryHandler;
import org.apache.drill.exec.rpc.OutboundRpcMessage;
import org.apache.drill.exec.rpc.ProtobufLengthDecoder;
import org.apache.drill.exec.rpc.RpcException;
import org.apache.drill.exec.rpc.RpcOutcomeListener;
import org.apache.drill.exec.rpc.UserClientConnection;
import org.apache.drill.exec.rpc.security.ServerAuthenticationHandler;
import org.apache.drill.exec.rpc.security.plain.PlainFactory;
import org.apache.drill.exec.rpc.user.UserSession;
import org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
import org.apache.drill.exec.server.BootStrapContext;
import org.apache.drill.exec.ssl.SSLConfig;
import org.apache.drill.exec.ssl.SSLConfigBuilder;
import org.apache.drill.exec.store.ischema.InfoSchemaConstants;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
import org.apache.drill.exec.work.user.UserWorker;
import org.apache.hadoop.security.HadoopKerberosName;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

/* loaded from: input_file:org/apache/drill/exec/rpc/user/UserServer.class */
public class UserServer extends BasicServer<UserProtos.RpcType, BitToUserConnection> {
    private static final String SERVER_NAME = "Apache Drill Server";
    private final UserConnectionConfig config;
    private final SSLConfig sslConfig;
    private Channel sslChannel;
    private final UserWorker userWorker;
    private static final Logger logger = LoggerFactory.getLogger(UserServer.class);
    private static final ConcurrentHashMap<BitToUserConnection, BitToUserConnectionConfig> userConnectionMap = new ConcurrentHashMap<>();

    /* loaded from: input_file:org/apache/drill/exec/rpc/user/UserServer$BitToUserConnection.class */
    public class BitToUserConnection extends AbstractServerConnection<BitToUserConnection> implements UserClientConnection {
        private UserSession session;
        private UserProtos.UserToBitHandshake inbound;
        private String authenticatedUser;

        BitToUserConnection(SocketChannel socketChannel) {
            super(socketChannel, UserServer.this.config, !UserServer.this.config.isAuthEnabled() ? UserServer.this.config.getMessageHandler() : new ServerAuthenticationHandler<>(UserServer.this.config.getMessageHandler(), 24, UserProtos.RpcType.SASL_MESSAGE));
            incConnectionCounter();
        }

        void disableReadTimeout() {
            getChannel().pipeline().remove("timeout-handler");
        }

        void setHandshake(UserProtos.UserToBitHandshake userToBitHandshake) {
            this.inbound = userToBitHandshake;
        }

        @Override // org.apache.drill.exec.rpc.AbstractServerConnection
        public void finalizeSaslSession() throws IOException {
            finalizeSession(new HadoopKerberosName(getSaslServer().getAuthorizationID()).getShortName());
            UserServer.logger.info("User {} logged in from {}", this.authenticatedUser, getRemoteAddress());
        }

        void finalizeSession(String str) {
            MDC.put("drill.userName", str);
            this.session = UserSession.Builder.newBuilder().withCredentials(UserBitShared.UserCredentials.newBuilder().setUserName(str).build()).withOptionManager(UserServer.this.userWorker.getSystemOptions()).withUserProperties(this.inbound.getProperties()).setSupportComplexTypes(this.inbound.getSupportComplexTypes()).build();
            this.authenticatedUser = str;
            String targetUserName = this.session.getTargetUserName();
            if (UserServer.this.config.getImpersonationManager() != null && targetUserName != null) {
                UserServer.this.config.getImpersonationManager().replaceUserOnSession(targetUserName, this.session);
            }
            if (this.inbound.hasEnableMultiplex() && this.inbound.getEnableMultiplex()) {
                changeHandlerTo(new MultiUserServerRequestHandler(UserServer.this.userWorker, UserServer.this.config));
                this.session.unsetTargetUserName();
            }
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection
        public UserSession getSession() {
            return this.session;
        }

        @Override // org.apache.drill.exec.rpc.AbstractServerConnection
        protected Logger getLogger() {
            return UserServer.logger;
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection
        public void sendResult(RpcOutcomeListener<GeneralRPCProtos.Ack> rpcOutcomeListener, UserBitShared.QueryResult queryResult) {
            UserServer.logger.trace("Sending result to client with {}", queryResult);
            UserServer.this.send(rpcOutcomeListener, this, UserProtos.RpcType.QUERY_RESULT, queryResult, GeneralRPCProtos.Ack.class, true, new ByteBuf[0]);
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection
        public void sendData(RpcOutcomeListener<GeneralRPCProtos.Ack> rpcOutcomeListener, QueryDataPackage queryDataPackage) {
            QueryWritableBatch writableBatch = queryDataPackage.toWritableBatch();
            UserServer.logger.trace("Sending data to client with {}", writableBatch);
            UserServer.this.send(rpcOutcomeListener, this, UserProtos.RpcType.QUERY_DATA, writableBatch.getHeader(), GeneralRPCProtos.Ack.class, false, writableBatch.getBuffers());
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection
        public Future<Void> getClosureFuture() {
            return getChannel().closeFuture().addListener(future -> {
                cleanup();
            });
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection
        public SocketAddress getRemoteAddress() {
            return getChannel().remoteAddress();
        }

        @Override // org.apache.drill.exec.rpc.AbstractServerConnection
        public void channelClosed(RpcException rpcException) {
            if (UserServer.this.config.isAuthEnabled()) {
                UserServer.logger.info("User {} logged out from {}", this.authenticatedUser, getRemoteAddress());
            }
            super.channelClosed(rpcException);
        }

        private void cleanup() {
            MDC.clear();
            if (this.session != null) {
                this.session.close();
            }
        }

        @Override // org.apache.drill.exec.rpc.UserClientConnection, java.lang.AutoCloseable
        public void close() {
            cleanup();
            super.close();
        }

        public void incConnectionCounter() {
            UserRpcMetrics.getInstance().addConnectionCount();
        }

        public void decConnectionCounter() {
            UserRpcMetrics.getInstance().decConnectionCount();
            UserServer.userConnectionMap.remove(this);
        }
    }

    /* loaded from: input_file:org/apache/drill/exec/rpc/user/UserServer$BitToUserConnectionConfig.class */
    public class BitToUserConnectionConfig {
        private final DateTime established = new DateTime();
        private final boolean isAuthEnabled;
        private final boolean isEncryptionEnabled;
        private final boolean isSSLEnabled;

        public BitToUserConnectionConfig() {
            this.isAuthEnabled = UserServer.this.config.isAuthEnabled();
            this.isEncryptionEnabled = UserServer.this.config.isEncryptionEnabled();
            this.isSSLEnabled = UserServer.this.config.isSSLEnabled();
        }

        public boolean isAuthEnabled() {
            return this.isAuthEnabled;
        }

        public boolean isEncryptionEnabled() {
            return this.isEncryptionEnabled;
        }

        public boolean isSSLEnabled() {
            return this.isSSLEnabled;
        }

        public DateTime getEstablished() {
            return this.established;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String serializeUserToBitHandshakeWithoutPassword(UserProtos.UserToBitHandshake userToBitHandshake) {
        StringBuilder sb = new StringBuilder();
        sb.append("rpc_version: ");
        sb.append(userToBitHandshake.getRpcVersion());
        sb.append("\ncredentials:\n\t");
        sb.append(userToBitHandshake.getCredentials());
        sb.append("properties:");
        for (UserProtos.Property property : userToBitHandshake.getProperties().getPropertiesList()) {
            if (!property.getKey().equalsIgnoreCase(UsernamePasswordCredentials.PASSWORD)) {
                sb.append("\n\tproperty:\n\t\t");
                sb.append("key: \"");
                sb.append(property.getKey());
                sb.append("\"\n\t\tvalue: \"");
                sb.append(property.getValue());
                sb.append("\"");
            }
        }
        sb.append("\nsupport_complex_types: ");
        sb.append(userToBitHandshake.getSupportComplexTypes());
        sb.append("\nsupport_timeout: ");
        sb.append(userToBitHandshake.getSupportTimeout());
        sb.append("sasl_support: ");
        sb.append(userToBitHandshake.getSaslSupport());
        sb.append("\nclient_infos:\n\t");
        sb.append(userToBitHandshake.getClientInfos().toString().replace("\n", "\n\t"));
        return sb.toString();
    }

    public UserServer(BootStrapContext bootStrapContext, BufferAllocator bufferAllocator, EventLoopGroup eventLoopGroup, UserWorker userWorker) throws DrillbitStartupException {
        super(UserRpcConfig.getMapping(bootStrapContext.getConfig(), bootStrapContext.getExecutor()), bufferAllocator.getAsByteBufAllocator(), eventLoopGroup);
        this.config = new UserConnectionConfig(bufferAllocator, bootStrapContext, new UserServerRequestHandler(userWorker));
        this.sslChannel = null;
        try {
            this.sslConfig = new SSLConfigBuilder().config(bootStrapContext.getConfig()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(true).validateKeyStore(true).build();
            logger.info("Rpc server configured to use TLS protocol '{}'", this.sslConfig.getProtocol());
            this.userWorker = userWorker;
            ((UserRpcMetrics) UserRpcMetrics.getInstance()).initialize(this.config.isEncryptionEnabled(), bufferAllocator);
        } catch (DrillException e) {
            throw new DrillbitStartupException(e.getMessage(), e.getCause());
        }
    }

    protected void setupSSL(ChannelPipeline channelPipeline) {
        channelPipeline.addFirst("ssl-handler", new SslHandler(this.sslConfig.createSSLEngine(this.config.getAllocator(), null, 0)));
        logger.debug("SSL communication between client and server is enabled.");
        logger.debug(this.sslConfig.toString());
    }

    protected boolean isSslEnabled() {
        return this.sslConfig.isUserSslEnabled();
    }

    public void setSslChannel(Channel channel) {
        this.sslChannel = channel;
    }

    protected void closeSSL() {
        if (!isSslEnabled() || this.sslChannel == null) {
            return;
        }
        this.sslChannel.close();
    }

    protected MessageLite getResponseDefaultInstance(int i) throws RpcException {
        switch (i) {
            case 1:
                return GeneralRPCProtos.Ack.getDefaultInstance();
            default:
                throw new UnsupportedOperationException();
        }
    }

    public static Set<Map.Entry<BitToUserConnection, BitToUserConnectionConfig>> getUserConnections() {
        return userConnectionMap.entrySet();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: initRemoteConnection, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public BitToUserConnection m1171initRemoteConnection(SocketChannel socketChannel) {
        super.initRemoteConnection(socketChannel);
        return registerAndGetConnection(socketChannel);
    }

    private BitToUserConnection registerAndGetConnection(SocketChannel socketChannel) {
        BitToUserConnection bitToUserConnection = new BitToUserConnection(socketChannel);
        if (bitToUserConnection != null) {
            userConnectionMap.put(bitToUserConnection, new BitToUserConnectionConfig());
        }
        return bitToUserConnection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BasicServer.ServerHandshakeHandler<UserProtos.UserToBitHandshake> getHandshakeHandler(final BitToUserConnection bitToUserConnection) {
        return new BasicServer.ServerHandshakeHandler<UserProtos.UserToBitHandshake>(UserProtos.RpcType.HANDSHAKE, UserProtos.UserToBitHandshake.PARSER) { // from class: org.apache.drill.exec.rpc.user.UserServer.1
            /* JADX INFO: Access modifiers changed from: protected */
            public void consumeHandshake(ChannelHandlerContext channelHandlerContext, UserProtos.UserToBitHandshake userToBitHandshake) throws Exception {
                UserProtos.BitToUserHandshake handshakeResponse = getHandshakeResponse(userToBitHandshake);
                channelHandlerContext.writeAndFlush(new OutboundRpcMessage(GeneralRPCProtos.RpcMode.RESPONSE, this.handshakeType, this.coordinationId, handshakeResponse, new ByteBuf[0]));
                if (handshakeResponse.getStatus() != UserProtos.HandshakeStatus.SUCCESS && handshakeResponse.getStatus() != UserProtos.HandshakeStatus.AUTH_REQUIRED) {
                    throw new RpcException("Handshake request failed: " + handshakeResponse.getErrorMessage());
                }
            }

            /* JADX WARN: Type inference failed for: r12v0, types: [org.apache.drill.exec.rpc.user.security.UserAuthenticationException, java.lang.Exception] */
            public UserProtos.BitToUserHandshake getHandshakeResponse(UserProtos.UserToBitHandshake userToBitHandshake) throws Exception {
                if (UserServer.logger.isTraceEnabled()) {
                    UserServer.logger.trace("Handling handshake from user to bit. {}", UserServer.this.serializeUserToBitHandshakeWithoutPassword(userToBitHandshake));
                }
                if (!userToBitHandshake.hasSupportTimeout() || !userToBitHandshake.getSupportTimeout()) {
                    bitToUserConnection.disableReadTimeout();
                    UserServer.logger.warn("Timeout Disabled as client {} doesn't support it.", bitToUserConnection.getName());
                }
                UserProtos.BitToUserHandshake.Builder addAllSupportedMethods = UserProtos.BitToUserHandshake.newBuilder().setRpcVersion(5).setServerInfos(UserRpcUtils.getRpcEndpointInfos(UserServer.SERVER_NAME)).addAllSupportedMethods(UserRpcConfig.SUPPORTED_SERVER_METHODS);
                try {
                    if (userToBitHandshake.getRpcVersion() != 5) {
                        return UserServer.handleFailure(addAllSupportedMethods, UserProtos.HandshakeStatus.RPC_VERSION_MISMATCH, String.format("Invalid rpc version. Expected %d, actual %d.", 5, Integer.valueOf(userToBitHandshake.getRpcVersion())), null);
                    }
                    bitToUserConnection.setHandshake(userToBitHandshake);
                    if (!UserServer.this.config.isAuthEnabled()) {
                        bitToUserConnection.finalizeSession(userToBitHandshake.getCredentials().getUserName());
                        addAllSupportedMethods.setStatus(UserProtos.HandshakeStatus.SUCCESS);
                        return addAllSupportedMethods.build();
                    }
                    boolean hasSaslSupport = userToBitHandshake.hasSaslSupport();
                    int ordinal = hasSaslSupport ? userToBitHandshake.getSaslSupport().ordinal() : UserProtos.SaslSupport.UNKNOWN_SASL_SUPPORT.ordinal();
                    if ((!hasSaslSupport || ordinal == UserProtos.SaslSupport.SASL_AUTH.ordinal()) && UserServer.this.config.isEncryptionEnabled()) {
                        throw new UserAuthenticationException("The server doesn't allow client without encryption support. Please upgrade your client or talk to your system administrator.");
                    }
                    if (hasSaslSupport) {
                        addAllSupportedMethods.addAllAuthenticationMechanisms(UserServer.this.config.getAuthProvider().getAllFactoryNames());
                        addAllSupportedMethods.setEncrypted(bitToUserConnection.isEncryptionEnabled());
                        addAllSupportedMethods.setMaxWrappedSize(bitToUserConnection.getMaxWrappedSize());
                        addAllSupportedMethods.setStatus(UserProtos.HandshakeStatus.AUTH_REQUIRED);
                        return addAllSupportedMethods.build();
                    }
                    String userName = userToBitHandshake.getCredentials().getUserName();
                    if (UserServer.logger.isTraceEnabled()) {
                        UserServer.logger.trace("User {} on connection {} is likely using an older client.", userName, bitToUserConnection.getRemoteAddress());
                    }
                    try {
                        String str = InfoSchemaConstants.IS_CATALOG_CONNECT;
                        UserProtos.UserProperties properties = userToBitHandshake.getProperties();
                        for (int i = 0; i < properties.getPropertiesCount(); i++) {
                            UserProtos.Property properties2 = properties.getProperties(i);
                            if (UsernamePasswordCredentials.PASSWORD.equalsIgnoreCase(properties2.getKey())) {
                                str = properties2.getValue();
                                break;
                            }
                        }
                        try {
                            ((PlainFactory) UserServer.this.config.getAuthProvider().getAuthenticatorFactory("PLAIN")).getAuthenticator().authenticate(userName, str);
                            bitToUserConnection.changeHandlerTo(UserServer.this.config.getMessageHandler());
                            bitToUserConnection.finalizeSession(userName);
                            addAllSupportedMethods.setStatus(UserProtos.HandshakeStatus.SUCCESS);
                            UserServer.logger.info("Authenticated {} from {} successfully using PLAIN", userName, bitToUserConnection.getRemoteAddress());
                            return addAllSupportedMethods.build();
                        } catch (SaslException e) {
                            throw new UserAuthenticationException("The server no longer supports username/password based authentication. Please talk to your system administrator.");
                        }
                    } catch (UserAuthenticationException e2) {
                        return UserServer.handleFailure(addAllSupportedMethods, UserProtos.HandshakeStatus.AUTH_FAILED, e2.getMessage(), e2);
                    }
                } catch (Exception e3) {
                    return UserServer.handleFailure(addAllSupportedMethods, UserProtos.HandshakeStatus.UNKNOWN_FAILURE, e3.getMessage(), e3);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static UserProtos.BitToUserHandshake handleFailure(UserProtos.BitToUserHandshake.Builder builder, UserProtos.HandshakeStatus handshakeStatus, String str, Exception exc) {
        String uuid = UUID.randomUUID().toString();
        if (exc != null) {
            logger.error("Error {} in Handling handshake request: {}, {}", new Object[]{uuid, handshakeStatus, str, exc});
        } else {
            logger.error("Error {} in Handling handshake request: {}, {}", new Object[]{uuid, handshakeStatus, str});
        }
        return builder.setStatus(handshakeStatus).setErrorId(uuid).setErrorMessage(str).build();
    }

    protected ProtobufLengthDecoder getDecoder(BufferAllocator bufferAllocator, OutOfMemoryHandler outOfMemoryHandler) {
        return new UserProtobufLengthDecoder(bufferAllocator, outOfMemoryHandler);
    }
}
