package org.apache.kyuubi.service.authentication;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.LoginException;
import org.apache.kyuubi.Logging;
import org.apache.kyuubi.config.KyuubiConf;
import org.apache.kyuubi.config.KyuubiConf$;
import org.apache.kyuubi.shaded.hive.service.rpc.thrift.TCLIService;
import org.apache.kyuubi.shaded.thrift.TProcessorFactory;
import org.apache.kyuubi.shaded.thrift.transport.TSaslServerTransport;
import org.apache.kyuubi.shaded.thrift.transport.TTransportException;
import org.apache.kyuubi.shaded.thrift.transport.TTransportFactory;
import org.slf4j.Logger;
import scala.Enumeration;
import scala.Function0;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: KyuubiAuthenticationFactory.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0015e\u0001B\f\u0019\u0001\rB\u0001B\f\u0001\u0003\u0002\u0003\u0006Ia\f\u0005\tk\u0001\u0011\t\u0011)A\u0005m!)\u0011\b\u0001C\u0001u!9q\b\u0001b\u0001\n\u0003\u0001\u0005B\u00020\u0001A\u0003%\u0011\tC\u0004`\u0001\t\u0007I\u0011\u00011\t\r\u0005\u0004\u0001\u0015!\u00037\u0011\u001d\u0011\u0007A1A\u0005\u0002\u0001Daa\u0019\u0001!\u0002\u00131\u0004b\u00023\u0001\u0005\u0004%\t!\u001a\u0005\u0007S\u0002\u0001\u000b\u0011\u00024\t\u000f)\u0004!\u0019!C\u0005W\"1\u0001\u000f\u0001Q\u0001\n1DQ!\u001d\u0001\u0005\nIDq!a\u0002\u0001\t\u0003\tI\u0001C\u0004\u0002 \u0001!\t!!\t\t\u000f\u0005u\u0003\u0001\"\u0001\u0002`!9\u00111\r\u0001\u0005\u0002\u0005}s!CA31\u0005\u0005\t\u0012AA4\r!9\u0002$!A\t\u0002\u0005%\u0004BB\u001d\u0015\t\u0003\tY\u0007C\u0005\u0002nQ\t\n\u0011\"\u0001\u0002p\tY2*_;vE&\fU\u000f\u001e5f]RL7-\u0019;j_:4\u0015m\u0019;pefT!!\u0007\u000e\u0002\u001d\u0005,H\u000f[3oi&\u001c\u0017\r^5p]*\u00111\u0004H\u0001\bg\u0016\u0014h/[2f\u0015\tib$\u0001\u0004lsV,(-\u001b\u0006\u0003?\u0001\na!\u00199bG\",'\"A\u0011\u0002\u0007=\u0014xm\u0001\u0001\u0014\u0007\u0001!#\u0006\u0005\u0002&Q5\taEC\u0001(\u0003\u0015\u00198-\u00197b\u0013\tIcE\u0001\u0004B]f\u0014VM\u001a\t\u0003W1j\u0011\u0001H\u0005\u0003[q\u0011q\u0001T8hO&tw-\u0001\u0003d_:4\u0007C\u0001\u00194\u001b\u0005\t$B\u0001\u001a\u001d\u0003\u0019\u0019wN\u001c4jO&\u0011A'\r\u0002\u000b\u0017f,XOY5D_:4\u0017\u0001C5t'\u0016\u0014h/\u001a:\u0011\u0005\u0015:\u0014B\u0001\u001d'\u0005\u001d\u0011un\u001c7fC:\fa\u0001P5oSRtDcA\u001e>}A\u0011A\bA\u0007\u00021!)af\u0001a\u0001_!9Qg\u0001I\u0001\u0002\u00041\u0014!C1vi\"$\u0016\u0010]3t+\u0005\t\u0005c\u0001\"K\u001b:\u00111\t\u0013\b\u0003\t\u001ek\u0011!\u0012\u0006\u0003\r\n\na\u0001\u0010:p_Rt\u0014\"A\u0014\n\u0005%3\u0013a\u00029bG.\fw-Z\u0005\u0003\u00172\u00131aU3r\u0015\tIe\u0005\u0005\u0002O7:\u0011q*\u0017\b\u0003!bs!!U,\u000f\u0005I3fBA*V\u001d\t!E+C\u0001\"\u0013\ty\u0002%\u0003\u0002\u001e=%\u00111\u0004H\u0005\u00033iI!A\u0017\r\u0002\u0013\u0005+H\u000f\u001b+za\u0016\u001c\u0018B\u0001/^\u0005!\tU\u000f\u001e5UsB,'B\u0001.\u0019\u0003)\tW\u000f\u001e5UsB,7\u000fI\u0001\rg\u0006\u001cH\u000eR5tC\ndW\rZ\u000b\u0002m\u0005i1/Y:m\t&\u001c\u0018M\u00197fI\u0002\nqb[3sE\u0016\u0014xn]#oC\ndW\rZ\u0001\u0011W\u0016\u0014(-\u001a:pg\u0016s\u0017M\u00197fI\u0002\na#\u001a4gK\u000e$\u0018N^3QY\u0006Lg.Q;uQRK\b/Z\u000b\u0002MB\u0019QeZ'\n\u0005!4#AB(qi&|g.A\ffM\u001a,7\r^5wKBc\u0017-\u001b8BkRDG+\u001f9fA\u0005\u0001\u0002.\u00193p_B\fU\u000f\u001e5TKJ4XM]\u000b\u0002YB\u0019QeZ7\u0011\u0005qr\u0017BA8\u0019\u0005qA\u0015\rZ8paRC'/\u001b4u\u0003V$\bN\u0011:jI\u001e,7+\u001a:wKJ\f\u0011\u0003[1e_>\u0004\u0018)\u001e;i'\u0016\u0014h/\u001a:!\u0003E9W\r^*bg2\u0004&o\u001c9feRLWm]\u000b\u0002gB!A/_>|\u001b\u0005)(B\u0001<x\u0003\u0011)H/\u001b7\u000b\u0003a\fAA[1wC&\u0011!0\u001e\u0002\u0004\u001b\u0006\u0004\bc\u0001?\u0002\u00029\u0011QP \t\u0003\t\u001aJ!a \u0014\u0002\rA\u0013X\rZ3g\u0013\u0011\t\u0019!!\u0002\u0003\rM#(/\u001b8h\u0015\tyh%\u0001\u000bhKR$FK]1ogB|'\u000f\u001e$bGR|'/_\u000b\u0003\u0003\u0017\u0001B!!\u0004\u0002\u001c5\u0011\u0011q\u0002\u0006\u0005\u0003#\t\u0019\"A\u0005ue\u0006t7\u000f]8si*!\u0011QCA\f\u0003\u0019!\bN]5gi*\u0019\u0011\u0011\u0004\u000f\u0002\rMD\u0017\rZ3e\u0013\u0011\ti\"a\u0004\u0003#Q#&/\u00198ta>\u0014HOR1di>\u0014\u00180\u0001\u000bhKR$\u0006K]8dKN\u001cxN\u001d$bGR|'/\u001f\u000b\u0005\u0003G\tY\u0003\u0005\u0003\u0002&\u0005\u001dRBAA\n\u0013\u0011\tI#a\u0005\u0003#Q\u0003&o\\2fgN|'OR1di>\u0014\u0018\u0010C\u0004\u0002.A\u0001\r!a\f\u0002\u0005\u0019,\u0007\u0003BA\u0019\u0003/rA!a\r\u0002R9!\u0011QGA'\u001d\u0011\t9$a\u0012\u000f\t\u0005e\u00121\t\b\u0005\u0003w\tyDD\u0002R\u0003{I1!!\u0007\u001d\u0013\u0011\t\t%a\u0006\u0002\t!Lg/Z\u0005\u00047\u0005\u0015#\u0002BA!\u0003/IA!!\u0013\u0002L\u0005\u0019!\u000f]2\u000b\u0007m\t)%\u0003\u0003\u0002\u0016\u0005=#\u0002BA%\u0003\u0017JA!a\u0015\u0002V\u0005YAk\u0011'J'\u0016\u0014h/[2f\u0015\u0011\t)\"a\u0014\n\t\u0005e\u00131\f\u0002\u0006\u0013\u001a\f7-\u001a\u0006\u0005\u0003'\n)&A\u0007hKR\u0014V-\\8uKV\u001bXM]\u000b\u0003\u0003C\u00022!J4|\u000319W\r^%q\u0003\u0012$'/Z:t\u0003mY\u00150^;cS\u0006+H\u000f[3oi&\u001c\u0017\r^5p]\u001a\u000b7\r^8ssB\u0011A\bF\n\u0003)\u0011\"\"!a\u001a\u00027\u0011bWm]:j]&$He\u001a:fCR,'\u000f\n3fM\u0006,H\u000e\u001e\u00133+\t\t\tHK\u00027\u0003gZ#!!\u001e\u0011\t\u0005]\u0014\u0011Q\u0007\u0003\u0003sRA!a\u001f\u0002~\u0005IQO\\2iK\u000e\\W\r\u001a\u0006\u0004\u0003\u007f2\u0013AC1o]>$\u0018\r^5p]&!\u00111QA=\u0005E)hn\u00195fG.,GMV1sS\u0006t7-\u001a")
/* loaded from: input_file:org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.class */
public class KyuubiAuthenticationFactory implements Logging {
    private final KyuubiConf conf;
    private final boolean isServer;
    private final Seq<Enumeration.Value> authTypes;
    private final boolean saslDisabled;
    private final boolean kerberosEnabled;
    private final Option<Enumeration.Value> effectivePlainAuthType;
    private final Option<HadoopThriftAuthBridgeServer> hadoopAuthServer;
    private transient Logger org$apache$kyuubi$Logging$$log_;

    @Override // org.apache.kyuubi.Logging
    public String loggerName() {
        return loggerName();
    }

    @Override // org.apache.kyuubi.Logging
    public Logger logger() {
        return logger();
    }

    @Override // org.apache.kyuubi.Logging
    public void debug(Function0<Object> function0) {
        debug(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void debug(Function0<Object> function0, Throwable th) {
        debug(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void info(Function0<Object> function0) {
        info(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void info(Function0<Object> function0, Throwable th) {
        info(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0) {
        warn(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0, Throwable th) {
        warn(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0, Throwable th) {
        error(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0) {
        error(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void initializeLoggerIfNecessary(boolean z) {
        initializeLoggerIfNecessary(z);
    }

    @Override // org.apache.kyuubi.Logging
    public Logger org$apache$kyuubi$Logging$$log_() {
        return this.org$apache$kyuubi$Logging$$log_;
    }

    @Override // org.apache.kyuubi.Logging
    public void org$apache$kyuubi$Logging$$log__$eq(Logger logger) {
        this.org$apache$kyuubi$Logging$$log_ = logger;
    }

    public Seq<Enumeration.Value> authTypes() {
        return this.authTypes;
    }

    public boolean saslDisabled() {
        return this.saslDisabled;
    }

    public boolean kerberosEnabled() {
        return this.kerberosEnabled;
    }

    public Option<Enumeration.Value> effectivePlainAuthType() {
        return this.effectivePlainAuthType;
    }

    private Option<HadoopThriftAuthBridgeServer> hadoopAuthServer() {
        return this.hadoopAuthServer;
    }

    private Map<String, String> getSaslProperties() {
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", SaslQOP$.MODULE$.withName((String) this.conf.get(KyuubiConf$.MODULE$.SASL_QOP())).toString());
        hashMap.put("javax.security.sasl.server.authentication", "true");
        return hashMap;
    }

    public TTransportFactory getTTransportFactory() {
        if (saslDisabled()) {
            return new TTransportFactory();
        }
        TSaslServerTransport.Factory factory = null;
        Some hadoopAuthServer = hadoopAuthServer();
        if (hadoopAuthServer instanceof Some) {
            factory = liftedTree2$1((HadoopThriftAuthBridgeServer) hadoopAuthServer.value());
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        Some effectivePlainAuthType = effectivePlainAuthType();
        if (effectivePlainAuthType instanceof Some) {
            factory = (TSaslServerTransport.Factory) PlainSASLHelper$.MODULE$.getTransportFactory(((Enumeration.Value) effectivePlainAuthType.value()).toString(), this.conf, Option$.MODULE$.apply(factory), this.isServer);
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
        }
        Some hadoopAuthServer2 = hadoopAuthServer();
        return hadoopAuthServer2 instanceof Some ? ((HadoopThriftAuthBridgeServer) hadoopAuthServer2.value()).wrapTransportFactory(factory) : factory;
    }

    public TProcessorFactory getTProcessorFactory(TCLIService.Iface iface) {
        Some hadoopAuthServer = hadoopAuthServer();
        return hadoopAuthServer instanceof Some ? new FEServiceProcessorFactory((HadoopThriftAuthBridgeServer) hadoopAuthServer.value(), iface) : PlainSASLHelper$.MODULE$.getProcessFactory(iface);
    }

    public Option<String> getRemoteUser() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteUser();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserName());
        });
    }

    public Option<String> getIpAddress() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteAddress();
        }).map(inetAddress -> {
            return inetAddress.getHostAddress();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserIpAddress());
        });
    }

    private static final /* synthetic */ void liftedTree1$1(KyuubiDelegationTokenManager kyuubiDelegationTokenManager) {
        try {
            kyuubiDelegationTokenManager.startThreads();
        } catch (IOException e) {
            throw new TTransportException("Failed to start token manager", e);
        }
    }

    private final /* synthetic */ TSaslServerTransport.Factory liftedTree2$1(HadoopThriftAuthBridgeServer hadoopThriftAuthBridgeServer) {
        try {
            return hadoopThriftAuthBridgeServer.createSaslServerTransportFactory(getSaslProperties());
        } catch (TTransportException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public KyuubiAuthenticationFactory(KyuubiConf kyuubiConf, boolean z) {
        Some some;
        this.conf = kyuubiConf;
        this.isServer = z;
        Logging.$init$(this);
        this.authTypes = (Seq) ((TraversableLike) kyuubiConf.get(KyuubiConf$.MODULE$.AUTHENTICATION_METHOD())).map(str -> {
            return AuthTypes$.MODULE$.withName(str);
        }, Seq$.MODULE$.canBuildFrom());
        this.saslDisabled = AuthUtils$.MODULE$.saslDisabled(authTypes());
        this.kerberosEnabled = AuthUtils$.MODULE$.kerberosEnabled(authTypes());
        this.effectivePlainAuthType = AuthUtils$.MODULE$.effectivePlainAuthType(authTypes());
        if (kerberosEnabled()) {
            KyuubiDelegationTokenManager apply = KyuubiDelegationTokenManager$.MODULE$.apply(kyuubiConf);
            liftedTree1$1(apply);
            some = new Some(new HadoopThriftAuthBridgeServer(apply));
        } else {
            some = None$.MODULE$;
        }
        this.hadoopAuthServer = some;
        if (BoxesRunTime.unboxToBoolean(kyuubiConf.get(KyuubiConf$.MODULE$.ENGINE_SECURITY_ENABLED()))) {
            InternalSecurityAccessor$.MODULE$.initialize(kyuubiConf, z);
        }
    }
}
