package org.apache.sentry.service.thrift;

import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.ThreadFactory;
import javax.security.auth.Subject;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FsShell;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.sentry.Command;
import org.apache.sentry.provider.db.service.thrift.SentryHealthCheckServletContextListener;
import org.apache.sentry.provider.db.service.thrift.SentryMetricsServletContextListener;
import org.apache.sentry.provider.db.service.thrift.SentryWebServer;
import org.apache.sentry.service.thrift.ServiceConstants;
import org.apache.thrift.TMultiplexedProcessor;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.server.TServer;
import org.apache.thrift.server.TServerEventHandler;
import org.apache.thrift.server.TThreadPoolServer;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TTransportFactory;
import org.eclipse.jetty.util.MultiException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/sentry-provider-db-1.7.0.jar:org/apache/sentry/service/thrift/SentryService.class */
public class SentryService implements Callable {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryService.class);
    private final Configuration conf;
    private final InetSocketAddress address;
    private final int maxThreads;
    private final int minThreads;
    private boolean kerberos;
    private final String principal;
    private final String[] principalParts;
    private final String keytab;
    private final ExecutorService serviceExecutor;
    private Future serviceStatus;
    private TServer thriftServer;
    private Status status;
    private int webServerPort;
    private SentryWebServer sentryWebServer;
    private long maxMessageSize;

    /* loaded from: input_file:lib/sentry-provider-db-1.7.0.jar:org/apache/sentry/service/thrift/SentryService$CommandImpl.class */
    public static class CommandImpl implements Command {
        @Override // org.apache.sentry.Command
        public void run(String[] strArr) throws Exception {
            GnuParser gnuParser = new GnuParser();
            Options options = new Options();
            options.addOption(ServiceConstants.ServiceArgs.CONFIG_FILE_SHORT, ServiceConstants.ServiceArgs.CONFIG_FILE_LONG, true, "Sentry Service configuration file");
            CommandLine parse = gnuParser.parse(options, strArr);
            String optionValue = parse.getOptionValue(ServiceConstants.ServiceArgs.CONFIG_FILE_LONG);
            if (optionValue == null || parse.hasOption("h") || parse.hasOption(FsShell.Help.NAME)) {
                new HelpFormatter().printHelp("sentry --command service", options);
                System.exit(-1);
            } else {
                File file = new File(optionValue);
                if (!file.isFile() || !file.canRead()) {
                    throw new IllegalArgumentException("Cannot read configuration file " + file);
                }
            }
            final SentryService sentryService = new SentryService(SentryService.loadConfig(optionValue));
            sentryService.start();
            Runtime.getRuntime().addShutdownHook(new Thread() { // from class: org.apache.sentry.service.thrift.SentryService.CommandImpl.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    SentryService.LOGGER.info("ShutdownHook shutting down server");
                    try {
                        sentryService.stop();
                    } catch (Throwable th) {
                        SentryService.LOGGER.error("Error stopping SentryService", th);
                    }
                }
            });
            try {
                sentryService.waitOnFuture();
                sentryService.serviceExecutor.shutdown();
            } catch (Throwable th) {
                sentryService.serviceExecutor.shutdown();
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/sentry-provider-db-1.7.0.jar:org/apache/sentry/service/thrift/SentryService$Status.class */
    public enum Status {
        NOT_STARTED,
        STARTED
    }

    public SentryService(Configuration configuration) {
        this.conf = configuration;
        int i = configuration.getInt(ServiceConstants.ServerConfig.RPC_PORT, 8038);
        if (i == 0) {
            i = findFreePort();
            configuration.setInt(ServiceConstants.ServerConfig.RPC_PORT, i);
        }
        this.address = NetUtils.createSocketAddr(configuration.get(ServiceConstants.ServerConfig.RPC_ADDRESS, "0.0.0.0"), i);
        LOGGER.info("Configured on address " + this.address);
        this.kerberos = "kerberos".equalsIgnoreCase(configuration.get(ServiceConstants.ServerConfig.SECURITY_MODE, "kerberos").trim());
        this.maxThreads = configuration.getInt(ServiceConstants.ServerConfig.RPC_MAX_THREADS, 500);
        this.minThreads = configuration.getInt(ServiceConstants.ServerConfig.RPC_MIN_THREADS, 10);
        this.maxMessageSize = configuration.getLong(ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, ServiceConstants.ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
        if (this.kerberos) {
            try {
                this.principal = SecurityUtil.getServerPrincipal((String) Preconditions.checkNotNull(configuration.get(ServiceConstants.ServerConfig.PRINCIPAL), "sentry.service.server.principal is required"), this.address.getAddress());
                LOGGER.info("Using kerberos principal: " + this.principal);
                this.principalParts = SaslRpcServer.splitKerberosName(this.principal);
                Preconditions.checkArgument(this.principalParts.length == 3, "Kerberos principal should have 3 parts: " + this.principal);
                this.keytab = (String) Preconditions.checkNotNull(configuration.get(ServiceConstants.ServerConfig.KEY_TAB), "sentry.service.server.keytab is required");
                File file = new File(this.keytab);
                Preconditions.checkState(file.isFile() && file.canRead(), "Keytab " + this.keytab + " does not exist or is not readable.");
            } catch (IOException e) {
                throw new RuntimeException("Can't translate kerberos principal'", e);
            }
        } else {
            this.principal = null;
            this.principalParts = null;
            this.keytab = null;
        }
        this.serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() { // from class: org.apache.sentry.service.thrift.SentryService.1
            private int count = 0;

            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                StringBuilder append = new StringBuilder().append(SentryService.class.getSimpleName()).append("-");
                int i2 = this.count;
                this.count = i2 + 1;
                return new Thread(runnable, append.append(i2).toString());
            }
        });
        this.webServerPort = configuration.getInt(ServiceConstants.ServerConfig.SENTRY_WEB_PORT, ServiceConstants.ServerConfig.SENTRY_WEB_PORT_DEFAULT);
        this.status = Status.NOT_STARTED;
    }

    @Override // java.util.concurrent.Callable
    public String call() throws Exception {
        SentryKerberosContext sentryKerberosContext = null;
        try {
            try {
                this.status = Status.STARTED;
                if (this.kerberos) {
                    sentryKerberosContext = new SentryKerberosContext(this.principal, this.keytab, true);
                    Subject.doAs(sentryKerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() { // from class: org.apache.sentry.service.thrift.SentryService.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Void run() throws Exception {
                            SentryService.this.runServer();
                            return null;
                        }
                    });
                } else {
                    runServer();
                }
                if (sentryKerberosContext != null) {
                    sentryKerberosContext.shutDown();
                }
                this.status = Status.NOT_STARTED;
                return null;
            } catch (Exception e) {
                LOGGER.error("Error starting server", (Throwable) e);
                throw new Exception("Error starting server", e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                sentryKerberosContext.shutDown();
            }
            this.status = Status.NOT_STARTED;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void runServer() throws Exception {
        TTransportFactory tTransportFactory;
        Iterable<String> split = ServiceConstants.ConfUtilties.CLASS_SPLITTER.split(this.conf.get(ServiceConstants.ServerConfig.PROCESSOR_FACTORIES, ServiceConstants.ServerConfig.PROCESSOR_FACTORIES_DEFAULT).trim());
        TMultiplexedProcessor tMultiplexedProcessor = new TMultiplexedProcessor();
        boolean z = false;
        for (String str : split) {
            Class<?> classByName = this.conf.getClassByName(str);
            if (!ProcessorFactory.class.isAssignableFrom(classByName)) {
                throw new IllegalArgumentException("Processor Factory " + str + " is not a " + ProcessorFactory.class.getName());
            }
            try {
                Constructor<?> constructor = classByName.getConstructor(Configuration.class);
                LOGGER.info("ProcessorFactory being used: " + classByName.getCanonicalName());
                boolean register = ((ProcessorFactory) constructor.newInstance(this.conf)).register(tMultiplexedProcessor);
                if (!register) {
                    LOGGER.error("Failed to register " + classByName.getCanonicalName());
                }
                z = register || z;
            } catch (Exception e) {
                throw new IllegalStateException("Could not create " + str, e);
            }
        }
        if (!z) {
            throw new IllegalStateException("Failed to register any processors from " + split);
        }
        TServerSocket tServerSocket = new TServerSocket(this.address);
        if (this.kerberos) {
            TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
            factory.addServerDefinition(SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), this.principalParts[0], this.principalParts[1], ServiceConstants.ServerConfig.SASL_PROPERTIES, new GSSCallback(this.conf));
            tTransportFactory = factory;
        } else {
            tTransportFactory = new TTransportFactory();
        }
        this.thriftServer = new TThreadPoolServer(new TThreadPoolServer.Args(tServerSocket).processor(tMultiplexedProcessor).transportFactory(tTransportFactory).protocolFactory(new TBinaryProtocol.Factory(true, true, this.maxMessageSize, this.maxMessageSize)).minWorkerThreads(this.minThreads).maxWorkerThreads(this.maxThreads));
        LOGGER.info("Serving on " + this.address);
        startSentryWebServer();
        this.thriftServer.serve();
    }

    private void startSentryWebServer() throws Exception {
        if (Boolean.valueOf(this.conf.getBoolean(ServiceConstants.ServerConfig.SENTRY_WEB_ENABLE, ServiceConstants.ServerConfig.SENTRY_WEB_ENABLE_DEFAULT.booleanValue())).booleanValue()) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SentryHealthCheckServletContextListener());
            arrayList.add(new SentryMetricsServletContextListener());
            this.sentryWebServer = new SentryWebServer(arrayList, this.webServerPort, this.conf);
            this.sentryWebServer.start();
        }
    }

    private void stopSentryWebServer() throws Exception {
        if (this.sentryWebServer != null) {
            this.sentryWebServer.stop();
            this.sentryWebServer = null;
        }
    }

    public InetSocketAddress getAddress() {
        return this.address;
    }

    public synchronized boolean isRunning() {
        return this.status == Status.STARTED && this.thriftServer != null && this.thriftServer.isServing();
    }

    public synchronized void start() throws Exception {
        if (this.status != Status.NOT_STARTED) {
            throw new IllegalStateException("Cannot start when " + this.status);
        }
        LOGGER.info("Attempting to start...");
        this.serviceStatus = this.serviceExecutor.submit(this);
    }

    public synchronized void stop() throws Exception {
        MultiException multiException = null;
        LOGGER.info("Attempting to stop...");
        if (isRunning()) {
            LOGGER.info("Attempting to stop sentry thrift service...");
            try {
                this.thriftServer.stop();
                this.thriftServer = null;
                this.status = Status.NOT_STARTED;
            } catch (Exception e) {
                LOGGER.error("Error while stopping sentry thrift service", (Throwable) e);
                multiException = addMultiException(null, e);
            }
        } else {
            this.thriftServer = null;
            this.status = Status.NOT_STARTED;
            LOGGER.info("Sentry thrift service is already stopped...");
        }
        if (isWebServerRunning()) {
            try {
                LOGGER.info("Attempting to stop sentry web service...");
                stopSentryWebServer();
            } catch (Exception e2) {
                LOGGER.error("Error while stopping sentry web service", (Throwable) e2);
                multiException = addMultiException(multiException, e2);
            }
        } else {
            LOGGER.info("Sentry web service is already stopped...");
        }
        if (multiException != null) {
            multiException.ifExceptionThrow();
        }
        LOGGER.info("Stopped...");
    }

    public synchronized void waitOnFuture() throws ExecutionException, InterruptedException {
        LOGGER.info("Waiting on future.get()");
        this.serviceStatus.get();
    }

    private MultiException addMultiException(MultiException multiException, Exception exc) {
        if (multiException == null) {
            multiException = new MultiException();
        }
        multiException.add(exc);
        return multiException;
    }

    private boolean isWebServerRunning() {
        return this.sentryWebServer != null && this.sentryWebServer.isAlive();
    }

    private static int findFreePort() {
        int i = 0;
        while (true) {
            int i2 = i;
            i++;
            if (i2 > 1000) {
                throw new IllegalStateException("Unable to find a port after 1000 attempts");
            }
            try {
                ServerSocket serverSocket = new ServerSocket(0);
                int localPort = serverSocket.getLocalPort();
                serverSocket.close();
                return localPort;
            } catch (IOException e) {
            }
        }
    }

    public static Configuration loadConfig(String str) throws MalformedURLException {
        if (str == null) {
            throw new IllegalArgumentException("Usage: conffile path/to/sentry-service.xml");
        }
        File file = new File(str);
        if (!file.isFile() || !file.canRead()) {
            throw new IllegalArgumentException("Cannot read configuration file " + file);
        }
        Configuration configuration = new Configuration(false);
        configuration.addResource(file.toURL());
        return configuration;
    }

    public Configuration getConf() {
        return this.conf;
    }

    public void setThriftEventHandler(TServerEventHandler tServerEventHandler) throws IllegalStateException {
        if (this.thriftServer == null) {
            throw new IllegalStateException("Server is not initialized or stopped");
        }
        this.thriftServer.setServerEventHandler(tServerEventHandler);
    }

    public TServerEventHandler getThriftEventHandler() throws IllegalStateException {
        if (this.thriftServer == null) {
            throw new IllegalStateException("Server is not initialized or stopped");
        }
        return this.thriftServer.getEventHandler();
    }
}
