package org.apache.hadoop.hive.thrift;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.security.sasl.SaslException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S;
import org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.rpcauth.RpcAuthMethod;
import org.apache.hadoop.security.rpcauth.RpcAuthRegistry;
import org.apache.hadoop.security.token.Token;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;

/* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge25Sasl.class */
public class HadoopThriftAuthBridge25Sasl extends HadoopThriftAuthBridge23 {
    static final Log LOG = LogFactory.getLog(HadoopThriftAuthBridge25Sasl.class);

    /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge25Sasl$Client.class */
    public static class Client extends HadoopThriftAuthBridge20S.Client {
        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Client, org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Client
        public TTransport createClientTransport(String str, String str2, String str3, String str4, TTransport tTransport, Map<String, String> map) throws IOException {
            SaslRpcServer.AuthMethod valueOf;
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            UserGroupInformation.AuthenticationMethod authenticationMethod = currentUser.getAuthenticationMethod();
            HadoopThriftAuthBridge25Sasl.LOG.info("Sasl client AuthenticationMethod: " + authenticationMethod.toString());
            if (authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.PROXY)) {
                if (str3 == null || (valueOf = SaslRpcServer.AuthMethod.valueOf(SaslRpcServer.AuthMethod.class, str3)) != SaslRpcServer.AuthMethod.DIGEST) {
                    throw new IOException("Unsupported authentication method: PROXY-" + str3);
                }
                Token token = new Token();
                token.decodeFromUrlString(str4);
                return new TUGIAssumingTransport(new TSaslClientTransport(valueOf.getMechanismName(), null, null, "default", map, new HadoopThriftAuthBridge20S.Client.SaslClientCallbackHandler(token), tTransport), UserGroupInformation.getCurrentUser());
            }
            RpcAuthMethod authMethod = RpcAuthRegistry.getAuthMethod(currentUser.getAuthenticationMethod());
            if (authMethod == null) {
                throw new IOException("Unsupported authentication method: " + currentUser.getAuthenticationMethod());
            }
            if (authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.TOKEN)) {
                Token token2 = new Token();
                token2.decodeFromUrlString(str4);
                return new TUGIAssumingTransport(new TSaslClientTransport(authMethod.getMechanismName(), null, null, "default", map, new HadoopThriftAuthBridge20S.Client.SaslClientCallbackHandler(token2), tTransport), UserGroupInformation.getCurrentUser());
            }
            if (!authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                try {
                    return new TUGIAssumingTransport(new TSaslClientTransport(authMethod.getMechanismName(), null, null, "default", map, null, tTransport), UserGroupInformation.getCurrentUser());
                } catch (SaslException e) {
                    throw new IOException("Could not instantiate SASL transport", e);
                }
            }
            String serverPrincipal = SecurityUtil.getServerPrincipal(str, str2);
            String[] splitKerberosName = SaslRpcServer.splitKerberosName(serverPrincipal);
            if (splitKerberosName.length != 3) {
                throw new IOException("Kerberos principal name does NOT have the expected hostname part: " + serverPrincipal);
            }
            try {
                return new TUGIAssumingTransport(new TSaslClientTransport(authMethod.getMechanismName(), null, splitKerberosName[0], splitKerberosName[1], map, null, tTransport), UserGroupInformation.getCurrentUser());
            } catch (SaslException e2) {
                throw new IOException("Could not instantiate SASL transport", e2);
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge25Sasl$Server.class */
    public static class Server extends HadoopThriftAuthBridge20S.Server {
        public Server() throws TTransportException {
        }

        protected Server(String str, String str2) throws TTransportException {
            super(str, str2);
        }

        @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S.Server, org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server
        public TTransportFactory createTransportFactory(Map<String, String> map) throws TTransportException {
            List<RpcAuthMethod> rpcAuthMethodList = this.realUgi.getRpcAuthMethodList();
            TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
            for (RpcAuthMethod rpcAuthMethod : rpcAuthMethodList) {
                if (rpcAuthMethod.getAuthenticationMethod().equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                    String[] splitKerberosName = SaslRpcServer.splitKerberosName(this.realUgi.getUserName());
                    if (splitKerberosName.length == 3) {
                        factory.addServerDefinition(rpcAuthMethod.getMechanismName(), splitKerberosName[0], splitKerberosName[1], map, rpcAuthMethod.createCallbackHandler());
                    }
                } else {
                    factory.addServerDefinition(rpcAuthMethod.getMechanismName(), null, "default", map, rpcAuthMethod.createCallbackHandler());
                }
            }
            factory.addServerDefinition(SaslRpcServer.AuthMethod.DIGEST.getMechanismName(), null, "default", map, new HadoopThriftAuthBridge20S.Server.SaslDigestCallbackHandler(this.secretManager));
            return new HadoopThriftAuthBridge20S.Server.TUGIAssumingTransportFactory(factory, this.realUgi);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S, org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Server createServer(String str, String str2) throws TTransportException {
        return (str.isEmpty() || str2.isEmpty()) ? new Server() : new Server(str, str2);
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S, org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Client createClientWithConf(String str) {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", str);
        UserGroupInformation.setConfiguration(configuration);
        return new Client();
    }

    @Override // org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S, org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge
    public Client createClient() {
        return new Client();
    }
}
