package oadd.org.apache.drill.exec.rpc;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.security.sasl.SaslException;
import oadd.org.apache.drill.common.KerberosUtil;
import oadd.org.apache.drill.common.config.DrillConfig;
import oadd.org.apache.drill.common.config.DrillProperties;
import oadd.org.apache.drill.exec.ExecConstants;
import oadd.org.apache.drill.exec.exception.DrillbitStartupException;
import oadd.org.apache.drill.exec.memory.BufferAllocator;
import oadd.org.apache.drill.exec.proto.CoordinationProtos;
import oadd.org.apache.drill.exec.rpc.security.AuthStringUtil;
import oadd.org.apache.drill.exec.rpc.security.AuthenticatorFactory;
import oadd.org.apache.drill.exec.rpc.security.AuthenticatorProvider;
import oadd.org.apache.drill.exec.server.BootStrapContext;
import oadd.org.apache.hadoop.security.HadoopKerberosName;
import oadd.org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:oadd/org/apache/drill/exec/rpc/BitConnectionConfig.class */
public abstract class BitConnectionConfig extends AbstractConnectionConfig {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) BitConnectionConfig.class);
    private final String authMechanismToUse;
    private final boolean useLoginPrincipal;

    protected BitConnectionConfig(BufferAllocator bufferAllocator, BootStrapContext bootStrapContext) throws DrillbitStartupException {
        super(bufferAllocator, bootStrapContext);
        DrillConfig config = bootStrapContext.getConfig();
        AuthenticatorProvider authProvider = getAuthProvider();
        if (config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)) {
            this.authMechanismToUse = config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM);
            try {
                authProvider.getAuthenticatorFactory(this.authMechanismToUse);
                this.encryptionContext.setEncryption(config.getBoolean(ExecConstants.BIT_ENCRYPTION_SASL_ENABLED));
                int i = config.getInt(ExecConstants.BIT_ENCRYPTION_SASL_MAX_WRAPPED_SIZE);
                if (i <= 0) {
                    throw new DrillbitStartupException(String.format("Invalid value configured for bit.encryption.sasl.max_wrapped_size. Must be a positive integer in bytes with a recommended max value of %s", 16777215));
                }
                if (i > 16777215) {
                    logger.warn("The configured value of bit.encryption.sasl.max_wrapped_size: {} is too big. This may cause higher memory pressure. [Details: Recommended max value is {}]", (Object) Integer.valueOf(i), (Object) 16777215);
                }
                this.encryptionContext.setMaxWrappedSize(i);
                logger.info("Configured bit-to-bit connections to require authentication using: {} with encryption: {}", this.authMechanismToUse, this.encryptionContext.getEncryptionCtxtString());
            } catch (SaslException e) {
                throw new DrillbitStartupException(String.format("'%s' mechanism not found for bit-to-bit authentication. Please check authentication configuration.", this.authMechanismToUse));
            }
        } else {
            if (config.getBoolean(ExecConstants.BIT_ENCRYPTION_SASL_ENABLED)) {
                throw new DrillbitStartupException("Invalid security configuration. Encryption using SASL is enabled with authentication disabled. Please check the security.bit configurations.");
            }
            this.authMechanismToUse = null;
        }
        this.useLoginPrincipal = config.getBoolean(ExecConstants.USE_LOGIN_PRINCIPAL);
    }

    public String getAuthMechanismToUse() {
        return this.authMechanismToUse;
    }

    public AuthenticatorFactory getAuthFactory(List<String> list) throws SaslException {
        if (this.authMechanismToUse == null) {
            throw new SaslException("Authentication is not enabled");
        }
        if (AuthStringUtil.listContains(list, this.authMechanismToUse)) {
            return getAuthProvider().getAuthenticatorFactory(this.authMechanismToUse);
        }
        throw new SaslException(String.format("Remote does not support authentication using '%s'", this.authMechanismToUse));
    }

    public Map<String, ?> getSaslClientProperties(CoordinationProtos.DrillbitEndpoint drillbitEndpoint, Map<String, String> map) throws IOException {
        DrillProperties createEmpty = DrillProperties.createEmpty();
        UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
        if (loginUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS) {
            HadoopKerberosName hadoopKerberosName = new HadoopKerberosName(loginUser.getUserName());
            if (this.useLoginPrincipal) {
                createEmpty.setProperty(DrillProperties.SERVICE_PRINCIPAL, hadoopKerberosName.toString());
            } else {
                createEmpty.setProperty(DrillProperties.SERVICE_PRINCIPAL, KerberosUtil.getPrincipalFromParts(hadoopKerberosName.getShortName(), drillbitEndpoint.getAddress(), hadoopKerberosName.getRealm()));
            }
        }
        createEmpty.merge(map);
        return createEmpty.stringPropertiesAsMap();
    }
}
