package org.apache.hadoop.hive.thrift;

import java.io.IOException;
import java.net.InetAddress;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
import org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.thrift.TException;
import org.apache.thrift.TProcessor;
import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;

/* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.class */
public class HadoopThriftAuthBridge20S extends HadoopThriftAuthBridge {
    static final Log LOG = LogFactory.getLog(HadoopThriftAuthBridge.class);

    /* renamed from: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod = new int[SaslRpcServer.AuthMethod.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[SaslRpcServer.AuthMethod.DIGEST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[SaslRpcServer.AuthMethod.KERBEROS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Client.class */
    public static class Client extends HadoopThriftAuthBridge.Client {

        /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Client$SaslClientCallbackHandler.class */
        private static class SaslClientCallbackHandler implements CallbackHandler {
            private final String userName;
            private final char[] userPassword;

            public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) {
                this.userName = encodeIdentifier(token.getIdentifier());
                this.userPassword = encodePassword(token.getPassword());
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                RealmCallback realmCallback = null;
                for (Callback callback : callbackArr) {
                    if (!(callback instanceof RealmChoiceCallback)) {
                        if (callback instanceof NameCallback) {
                            nameCallback = (NameCallback) callback;
                        } else if (callback instanceof PasswordCallback) {
                            passwordCallback = (PasswordCallback) callback;
                        } else {
                            if (!(callback instanceof RealmCallback)) {
                                throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
                            }
                            realmCallback = (RealmCallback) callback;
                        }
                    }
                }
                if (nameCallback != null) {
                    if (HadoopThriftAuthBridge20S.LOG.isDebugEnabled()) {
                        HadoopThriftAuthBridge20S.LOG.debug("SASL client callback: setting username: " + this.userName);
                    }
                    nameCallback.setName(this.userName);
                }
                if (passwordCallback != null) {
                    if (HadoopThriftAuthBridge20S.LOG.isDebugEnabled()) {
                        HadoopThriftAuthBridge20S.LOG.debug("SASL client callback: setting userPassword");
                    }
                    passwordCallback.setPassword(this.userPassword);
                }
                if (realmCallback != null) {
                    if (HadoopThriftAuthBridge20S.LOG.isDebugEnabled()) {
                        HadoopThriftAuthBridge20S.LOG.debug("SASL client callback: setting realm: " + realmCallback.getDefaultText());
                    }
                    realmCallback.setText(realmCallback.getDefaultText());
                }
            }

            static String encodeIdentifier(byte[] bArr) {
                return new String(Base64.encodeBase64(bArr));
            }

            static char[] encodePassword(byte[] bArr) {
                return new String(Base64.encodeBase64(bArr)).toCharArray();
            }
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Client
        public TTransport createClientTransport(String str, String str2, String str3, String str4, TTransport tTransport, Map<String, String> map) throws IOException {
            SaslRpcServer.AuthMethod valueOf = SaslRpcServer.AuthMethod.valueOf(SaslRpcServer.AuthMethod.class, str3);
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[valueOf.ordinal()]) {
                case 1:
                    Token token = new Token();
                    token.decodeFromUrlString(str4);
                    return new TUGIAssumingTransport(new TSaslClientTransport(valueOf.getMechanismName(), null, null, "default", map, new SaslClientCallbackHandler(token), tTransport), UserGroupInformation.getCurrentUser());
                case 2:
                    String serverPrincipal = SecurityUtil.getServerPrincipal(str, str2);
                    String[] splitKerberosName = SaslRpcServer.splitKerberosName(serverPrincipal);
                    if (splitKerberosName.length != 3) {
                        throw new IOException("Kerberos principal name does NOT have the expected hostname part: " + serverPrincipal);
                    }
                    try {
                        return new TUGIAssumingTransport(new TSaslClientTransport(valueOf.getMechanismName(), null, splitKerberosName[0], splitKerberosName[1], map, null, tTransport), UserGroupInformation.getCurrentUser());
                    } catch (SaslException e) {
                        throw new IOException("Could not instantiate SASL transport", e);
                    }
                default:
                    throw new IOException("Unsupported authentication method: " + valueOf);
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Server.class */
    public static class Server extends HadoopThriftAuthBridge.Server {
        final UserGroupInformation realUgi;
        DelegationTokenSecretManager secretManager;
        private static final long DELEGATION_TOKEN_GC_INTERVAL = 3600000;
        public static final String DELEGATION_KEY_UPDATE_INTERVAL_KEY = "hive.cluster.delegation.key.update-interval";
        public static final long DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT = 86400000;
        public static final String DELEGATION_TOKEN_RENEW_INTERVAL_KEY = "hive.cluster.delegation.token.renew-interval";
        public static final long DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT = 86400000;
        public static final String DELEGATION_TOKEN_MAX_LIFETIME_KEY = "hive.cluster.delegation.token.max-lifetime";
        public static final long DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT = 604800000;
        public static final String DELEGATION_TOKEN_STORE_CLS = "hive.cluster.delegation.token.store.class";
        public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_STR = "hive.cluster.delegation.token.store.zookeeper.connectString";
        public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_TIMEOUTMILLIS = "hive.cluster.delegation.token.store.zookeeper.connectTimeoutMillis";
        public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE = "hive.cluster.delegation.token.store.zookeeper.znode";
        public static final String DELEGATION_TOKEN_STORE_ZK_ACL = "hive.cluster.delegation.token.store.zookeeper.acl";
        public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE_DEFAULT = "/hive/cluster/delegation";
        static final ThreadLocal<InetAddress> remoteAddress;
        static final ThreadLocal<UserGroupInformation.AuthenticationMethod> authenticationMethod;
        private static ThreadLocal<String> remoteUser;
        static final /* synthetic */ boolean $assertionsDisabled;

        /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Server$SaslDigestCallbackHandler.class */
        static class SaslDigestCallbackHandler implements CallbackHandler {
            private final DelegationTokenSecretManager secretManager;

            public SaslDigestCallbackHandler(DelegationTokenSecretManager delegationTokenSecretManager) {
                this.secretManager = delegationTokenSecretManager;
            }

            private char[] getPassword(DelegationTokenIdentifier delegationTokenIdentifier) throws SecretManager.InvalidToken {
                return encodePassword(this.secretManager.retrievePassword(delegationTokenIdentifier));
            }

            private char[] encodePassword(byte[] bArr) {
                return new String(Base64.encodeBase64(bArr)).toCharArray();
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws SecretManager.InvalidToken, UnsupportedCallbackException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                AuthorizeCallback authorizeCallback = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof AuthorizeCallback) {
                        authorizeCallback = (AuthorizeCallback) callback;
                    } else if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                    } else if (!(callback instanceof RealmCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback");
                    }
                }
                if (passwordCallback != null) {
                    DelegationTokenIdentifier delegationTokenIdentifier = (DelegationTokenIdentifier) SaslRpcServer.getIdentifier(nameCallback.getDefaultName(), this.secretManager);
                    char[] password = getPassword(delegationTokenIdentifier);
                    if (HadoopThriftAuthBridge20S.LOG.isDebugEnabled()) {
                        HadoopThriftAuthBridge20S.LOG.debug("SASL server DIGEST-MD5 callback: setting password for client: " + delegationTokenIdentifier.getUser());
                    }
                    passwordCallback.setPassword(password);
                }
                if (authorizeCallback != null) {
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        if (HadoopThriftAuthBridge20S.LOG.isDebugEnabled()) {
                            HadoopThriftAuthBridge20S.LOG.debug("SASL server DIGEST-MD5 callback: setting canonicalized client ID: " + SaslRpcServer.getIdentifier(authorizationID, this.secretManager).getUser().getUserName());
                        }
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Server$TUGIAssumingProcessor.class */
        public class TUGIAssumingProcessor implements TProcessor {
            final TProcessor wrapped;
            DelegationTokenSecretManager secretManager;
            boolean useProxy;

            TUGIAssumingProcessor(TProcessor tProcessor, DelegationTokenSecretManager delegationTokenSecretManager, boolean z) {
                this.wrapped = tProcessor;
                this.secretManager = delegationTokenSecretManager;
                this.useProxy = z;
            }

            @Override // org.apache.thrift.TProcessor
            public boolean process(final TProtocol tProtocol, final TProtocol tProtocol2) throws TException {
                TTransport transport = tProtocol.getTransport();
                if (!(transport instanceof TSaslServerTransport)) {
                    throw new TException("Unexpected non-SASL transport " + transport.getClass());
                }
                TSaslServerTransport tSaslServerTransport = (TSaslServerTransport) transport;
                SaslServer saslServer = tSaslServerTransport.getSaslServer();
                String authorizationID = saslServer.getAuthorizationID();
                Server.authenticationMethod.set(UserGroupInformation.AuthenticationMethod.KERBEROS);
                HadoopThriftAuthBridge20S.LOG.debug("AUTH ID ======>" + authorizationID);
                String str = authorizationID;
                if (saslServer.getMechanismName().equals("DIGEST-MD5")) {
                    try {
                        str = SaslRpcServer.getIdentifier(authorizationID, this.secretManager).getUser().getUserName();
                        Server.authenticationMethod.set(UserGroupInformation.AuthenticationMethod.TOKEN);
                    } catch (SecretManager.InvalidToken e) {
                        throw new TException(e.getMessage());
                    }
                }
                Server.remoteAddress.set(((TSocket) tSaslServerTransport.getUnderlyingTransport()).getSocket().getInetAddress());
                try {
                    try {
                        try {
                            if (!this.useProxy) {
                                Server.remoteUser.set(str);
                                boolean process = this.wrapped.process(tProtocol, tProtocol2);
                                if (0 != 0) {
                                    try {
                                        FileSystem.closeAllForUGI((UserGroupInformation) null);
                                    } catch (IOException e2) {
                                        HadoopThriftAuthBridge20S.LOG.error("Could not clean up file-system handles for UGI: " + ((Object) null), e2);
                                    }
                                }
                                return process;
                            }
                            UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser(str, UserGroupInformation.getLoginUser());
                            Server.remoteUser.set(createProxyUser.getShortUserName());
                            boolean booleanValue = ((Boolean) createProxyUser.doAs(new PrivilegedExceptionAction<Boolean>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.TUGIAssumingProcessor.1
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.security.PrivilegedExceptionAction
                                public Boolean run() {
                                    try {
                                        return Boolean.valueOf(TUGIAssumingProcessor.this.wrapped.process(tProtocol, tProtocol2));
                                    } catch (TException e3) {
                                        throw new RuntimeException(e3);
                                    }
                                }
                            })).booleanValue();
                            if (createProxyUser != null) {
                                try {
                                    FileSystem.closeAllForUGI(createProxyUser);
                                } catch (IOException e3) {
                                    HadoopThriftAuthBridge20S.LOG.error("Could not clean up file-system handles for UGI: " + createProxyUser, e3);
                                }
                            }
                            return booleanValue;
                        } catch (InterruptedException e4) {
                            throw new RuntimeException(e4);
                        }
                    } catch (IOException e5) {
                        throw new RuntimeException(e5);
                    } catch (RuntimeException e6) {
                        if (e6.getCause() instanceof TException) {
                            throw ((TException) e6.getCause());
                        }
                        throw e6;
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            FileSystem.closeAllForUGI((UserGroupInformation) null);
                        } catch (IOException e7) {
                            HadoopThriftAuthBridge20S.LOG.error("Could not clean up file-system handles for UGI: " + ((Object) null), e7);
                        }
                    }
                    throw th;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.class */
        public static class TUGIAssumingTransportFactory extends TTransportFactory {
            private final UserGroupInformation ugi;
            private final TTransportFactory wrapped;
            static final /* synthetic */ boolean $assertionsDisabled;

            public TUGIAssumingTransportFactory(TTransportFactory tTransportFactory, UserGroupInformation userGroupInformation) {
                if (!$assertionsDisabled && tTransportFactory == null) {
                    throw new AssertionError();
                }
                if (!$assertionsDisabled && userGroupInformation == null) {
                    throw new AssertionError();
                }
                this.wrapped = tTransportFactory;
                this.ugi = userGroupInformation;
            }

            @Override // org.apache.thrift.transport.TTransportFactory
            public TTransport getTransport(final TTransport tTransport) {
                return (TTransport) this.ugi.doAs(new PrivilegedAction<TTransport>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.TUGIAssumingTransportFactory.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public TTransport run() {
                        return TUGIAssumingTransportFactory.this.wrapped.getTransport(tTransport);
                    }
                });
            }

            static {
                $assertionsDisabled = !HadoopThriftAuthBridge20S.class.desiredAssertionStatus();
            }
        }

        public Server() throws TTransportException {
            try {
                this.realUgi = UserGroupInformation.getCurrentUser();
            } catch (IOException e) {
                throw new TTransportException(e);
            }
        }

        protected Server(String str, String str2) throws TTransportException {
            if (str == null || str.isEmpty()) {
                throw new TTransportException("No keytab specified");
            }
            if (str2 == null || str2.isEmpty()) {
                throw new TTransportException("No principal specified");
            }
            try {
                UserGroupInformation.loginUserFromKeytab(SecurityUtil.getServerPrincipal(str2, "0.0.0.0"), str);
                this.realUgi = UserGroupInformation.getLoginUser();
                if ($assertionsDisabled || this.realUgi.isFromKeytab()) {
                } else {
                    throw new AssertionError();
                }
            } catch (IOException e) {
                throw new TTransportException(e);
            }
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public TTransportFactory createTransportFactory(Map<String, String> map) throws TTransportException {
            String userName = this.realUgi.getUserName();
            String[] splitKerberosName = SaslRpcServer.splitKerberosName(userName);
            if (splitKerberosName.length != 3) {
                throw new TTransportException("Kerberos principal should have 3 parts: " + userName);
            }
            TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
            factory.addServerDefinition(SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), splitKerberosName[0], splitKerberosName[1], map, new SaslRpcServer.SaslGssCallbackHandler());
            factory.addServerDefinition(SaslRpcServer.AuthMethod.DIGEST.getMechanismName(), null, "default", map, new SaslDigestCallbackHandler(this.secretManager));
            return new TUGIAssumingTransportFactory(factory, this.realUgi);
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public TProcessor wrapProcessor(TProcessor tProcessor) {
            return new TUGIAssumingProcessor(tProcessor, this.secretManager, true);
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public TProcessor wrapNonAssumingProcessor(TProcessor tProcessor) {
            return new TUGIAssumingProcessor(tProcessor, this.secretManager, false);
        }

        protected DelegationTokenStore getTokenStore(Configuration configuration) throws IOException {
            String str = configuration.get(DELEGATION_TOKEN_STORE_CLS, "");
            if (StringUtils.isBlank(str)) {
                return new MemoryTokenStore();
            }
            try {
                return (DelegationTokenStore) ReflectionUtils.newInstance(Class.forName(str).asSubclass(DelegationTokenStore.class), configuration);
            } catch (ClassNotFoundException e) {
                throw new IOException("Error initializing delegation token store: " + str, e);
            }
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public void startDelegationTokenSecretManager(Configuration configuration, Object obj) throws IOException {
            long j = configuration.getLong(DELEGATION_KEY_UPDATE_INTERVAL_KEY, 86400000L);
            long j2 = configuration.getLong(DELEGATION_TOKEN_MAX_LIFETIME_KEY, DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT);
            long j3 = configuration.getLong(DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 86400000L);
            DelegationTokenStore tokenStore = getTokenStore(configuration);
            tokenStore.setStore(obj);
            this.secretManager = new TokenStoreDelegationTokenSecretManager(j, j2, j3, DELEGATION_TOKEN_GC_INTERVAL, tokenStore);
            this.secretManager.startThreads();
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public String getDelegationToken(String str, final String str2) throws IOException, InterruptedException {
            if (!authenticationMethod.get().equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                throw new AuthorizationException("Delegation Token can be issued only with kerberos authentication. Current AuthenticationMethod: " + authenticationMethod.get());
            }
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str);
            if (!createRemoteUser.getShortUserName().equals(currentUser.getShortUserName())) {
                createRemoteUser = UserGroupInformation.createProxyUser(str, UserGroupInformation.getCurrentUser());
                ProxyUsers.authorize(createRemoteUser, getRemoteAddress().getHostAddress(), (Configuration) null);
            }
            return (String) createRemoteUser.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() throws IOException {
                    return Server.this.secretManager.getDelegationToken(str2);
                }
            });
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public long renewDelegationToken(String str) throws IOException {
            if (authenticationMethod.get().equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                return this.secretManager.renewDelegationToken(str);
            }
            throw new AuthorizationException("Delegation Token can be issued only with kerberos authentication. Current AuthenticationMethod: " + authenticationMethod.get());
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public void cancelDelegationToken(String str) throws IOException {
            this.secretManager.cancelDelegationToken(str);
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public InetAddress getRemoteAddress() {
            return remoteAddress.get();
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public String getRemoteUser() {
            return remoteUser.get();
        }

        static {
            $assertionsDisabled = !HadoopThriftAuthBridge20S.class.desiredAssertionStatus();
            remoteAddress = new ThreadLocal<InetAddress>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.2
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.lang.ThreadLocal
                public synchronized InetAddress initialValue() {
                    return null;
                }
            };
            authenticationMethod = new ThreadLocal<UserGroupInformation.AuthenticationMethod>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.3
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.lang.ThreadLocal
                public synchronized UserGroupInformation.AuthenticationMethod initialValue() {
                    return UserGroupInformation.AuthenticationMethod.TOKEN;
                }
            };
            remoteUser = new ThreadLocal<String>() { // from class: org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server.4
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.lang.ThreadLocal
                public synchronized String initialValue() {
                    return null;
                }
            };
        }
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Client createClient() {
        return new Client();
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Client createClientWithConf(String str) {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", str);
        UserGroupInformation.setConfiguration(configuration);
        return new Client();
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Server createServer(String str, String str2) throws TTransportException {
        return new Server(str, str2);
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Map<String, String> getHadoopSaslProperties(Configuration configuration) {
        SaslRpcServer.init(configuration);
        return SaslRpcServer.SASL_PROPS;
    }
}
