package org.apache.kyuubi.service.authentication;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hive.service.rpc.thrift.TCLIService;
import org.apache.kyuubi.KyuubiSQLException;
import org.apache.kyuubi.Logging;
import org.apache.kyuubi.config.KyuubiConf;
import org.apache.kyuubi.config.KyuubiConf$;
import org.apache.thrift.TProcessorFactory;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;
import org.slf4j.Logger;
import scala.Enumeration;
import scala.Function0;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: KyuubiAuthenticationFactory.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005=g\u0001\u0002\r\u001a\u0001\u0011B\u0001b\f\u0001\u0003\u0002\u0003\u0006I\u0001\r\u0005\u0006m\u0001!\ta\u000e\u0005\bw\u0001\u0011\r\u0011\"\u0003=\u0011\u0019Y\u0005\u0001)A\u0005{!9A\n\u0001b\u0001\n\u0013i\u0005BB)\u0001A\u0003%a\nC\u0004S\u0001\t\u0007I\u0011B'\t\rM\u0003\u0001\u0015!\u0003O\u0011\u001d!\u0006A1A\u0005\nUCa!\u0017\u0001!\u0002\u00131\u0006b\u0002.\u0001\u0005\u0004%Ia\u0017\u0005\u0007A\u0002\u0001\u000b\u0011\u0002/\t\u000b\u0005\u0004A\u0011\u00022\t\u000bY\u0004A\u0011A<\t\u000f\u0005\u0005\u0001\u0001\"\u0001\u0002\u0004!9\u00111\t\u0001\u0005\u0002\u0005\u0015\u0003bBA%\u0001\u0011\u0005\u0011QI\u0004\b\u0003\u0017J\u0002\u0012AA'\r\u0019A\u0012\u0004#\u0001\u0002P!1ag\u0005C\u0001\u0003#B\u0011\"a\u0015\u0014\u0005\u0004%\t!!\u0016\t\u0011\u0005\u00054\u0003)A\u0005\u0003/Bq!a\u0019\u0014\t\u0003\t)GA\u000eLsV,(-[!vi\",g\u000e^5dCRLwN\u001c$bGR|'/\u001f\u0006\u00035m\ta\"Y;uQ\u0016tG/[2bi&|gN\u0003\u0002\u001d;\u000591/\u001a:wS\u000e,'B\u0001\u0010 \u0003\u0019Y\u00170^;cS*\u0011\u0001%I\u0001\u0007CB\f7\r[3\u000b\u0003\t\n1a\u001c:h\u0007\u0001\u00192\u0001A\u0013,!\t1\u0013&D\u0001(\u0015\u0005A\u0013!B:dC2\f\u0017B\u0001\u0016(\u0005\u0019\te.\u001f*fMB\u0011A&L\u0007\u0002;%\u0011a&\b\u0002\b\u0019><w-\u001b8h\u0003\u0011\u0019wN\u001c4\u0011\u0005E\"T\"\u0001\u001a\u000b\u0005Mj\u0012AB2p]\u001aLw-\u0003\u00026e\tQ1*_;vE&\u001cuN\u001c4\u0002\rqJg.\u001b;?)\tA$\b\u0005\u0002:\u00015\t\u0011\u0004C\u00030\u0005\u0001\u0007\u0001'A\u0005bkRDG+\u001f9fgV\tQ\bE\u0002?\u0003\u000ek\u0011a\u0010\u0006\u0003\u0001\u001e\n!bY8mY\u0016\u001cG/[8o\u0013\t\u0011uHA\u0002TKF\u0004\"\u0001R$\u000f\u0005e*\u0015B\u0001$\u001a\u0003%\tU\u000f\u001e5UsB,7/\u0003\u0002I\u0013\n)a+\u00197vK&\u0011!j\n\u0002\f\u000b:,X.\u001a:bi&|g.\u0001\u0006bkRDG+\u001f9fg\u0002\naA\\8TCNdW#\u0001(\u0011\u0005\u0019z\u0015B\u0001)(\u0005\u001d\u0011un\u001c7fC:\fqA\\8TCNd\u0007%A\blKJ\u0014WM]8t\u000b:\f'\r\\3e\u0003AYWM\u001d2fe>\u001cXI\\1cY\u0016$\u0007%\u0001\tqY\u0006Lg.Q;uQRK\b/Z(qiV\ta\u000bE\u0002'/\u000eK!\u0001W\u0014\u0003\r=\u0003H/[8o\u0003E\u0001H.Y5o\u0003V$\b\u000eV=qK>\u0003H\u000fI\u0001\u0011Q\u0006$wn\u001c9BkRD7+\u001a:wKJ,\u0012\u0001\u0018\t\u0004M]k\u0006CA\u001d_\u0013\ty\u0016D\u0001\u000fIC\u0012|w\u000e\u001d+ie&4G/Q;uQ\n\u0013\u0018\u000eZ4f'\u0016\u0014h/\u001a:\u0002#!\fGm\\8q\u0003V$\bnU3sm\u0016\u0014\b%A\thKR\u001c\u0016m\u001d7Qe>\u0004XM\u001d;jKN,\u0012a\u0019\t\u0005I&\\7.D\u0001f\u0015\t1w-\u0001\u0003vi&d'\"\u00015\u0002\t)\fg/Y\u0005\u0003U\u0016\u00141!T1q!\ta7O\u0004\u0002ncB\u0011anJ\u0007\u0002_*\u0011\u0001oI\u0001\u0007yI|w\u000e\u001e \n\u0005I<\u0013A\u0002)sK\u0012,g-\u0003\u0002uk\n11\u000b\u001e:j]\u001eT!A]\u0014\u0002)\u001d,G\u000f\u0016+sC:\u001c\bo\u001c:u\r\u0006\u001cGo\u001c:z+\u0005A\bCA=\u007f\u001b\u0005Q(BA>}\u0003%!(/\u00198ta>\u0014HO\u0003\u0002~?\u00051A\u000f\u001b:jMRL!a >\u0003#Q#&/\u00198ta>\u0014HOR1di>\u0014\u00180\u0001\u000bhKR$\u0006K]8dKN\u001cxN\u001d$bGR|'/\u001f\u000b\u0005\u0003\u000b\ti\u0001\u0005\u0003\u0002\b\u0005%Q\"\u0001?\n\u0007\u0005-APA\tU!J|7-Z:t_J4\u0015m\u0019;pefDq!a\u0004\u0010\u0001\u0004\t\t\"\u0001\u0002gKB!\u00111CA\u001f\u001d\u0011\t)\"a\u000e\u000f\t\u0005]\u00111\u0007\b\u0005\u00033\tiC\u0004\u0003\u0002\u001c\u0005%b\u0002BA\u000f\u0003KqA!a\b\u0002$9\u0019a.!\t\n\u0003\tJ!\u0001I\u0011\n\u0007\u0005\u001dr$\u0001\u0003iSZ,\u0017b\u0001\u000f\u0002,)\u0019\u0011qE\u0010\n\t\u0005=\u0012\u0011G\u0001\u0004eB\u001c'b\u0001\u000f\u0002,%\u0019Q0!\u000e\u000b\t\u0005=\u0012\u0011G\u0005\u0005\u0003s\tY$A\u0006U\u00072K5+\u001a:wS\u000e,'bA?\u00026%!\u0011qHA!\u0005\u0015Ie-Y2f\u0015\u0011\tI$a\u000f\u0002\u001b\u001d,GOU3n_R,Wk]3s+\t\t9\u0005E\u0002'/.\fAbZ3u\u0013B\fE\r\u001a:fgN\f1dS=vk\nL\u0017)\u001e;iK:$\u0018nY1uS>tg)Y2u_JL\bCA\u001d\u0014'\t\u0019R\u0005\u0006\u0002\u0002N\u0005q\u0001j\u0015\u001a`!J{\u0005,W0V'\u0016\u0013VCAA,!\u0011\tI&a\u0018\u000e\u0005\u0005m#bAA/O\u0006!A.\u00198h\u0013\r!\u00181L\u0001\u0010\u0011N\u0013t\f\u0015*P1f{VkU#SA\u0005\tb/\u001a:jMf\u0004&o\u001c=z\u0003\u000e\u001cWm]:\u0015\u0015\u0005\u001d\u0014QNA9\u0003k\nI\bE\u0002'\u0003SJ1!a\u001b(\u0005\u0011)f.\u001b;\t\r\u0005=t\u00031\u0001l\u0003!\u0011X-\u00197Vg\u0016\u0014\bBBA:/\u0001\u00071.A\u0005qe>D\u00180V:fe\"1\u0011qO\fA\u0002-\f\u0011\"\u001b9BI\u0012\u0014Xm]:\t\u000f\u0005mt\u00031\u0001\u0002~\u0005Q\u0001.\u00193p_B\u001cuN\u001c4\u0011\t\u0005}\u0014qQ\u0007\u0003\u0003\u0003S1aLAB\u0015\r\t)iH\u0001\u0007Q\u0006$wn\u001c9\n\t\u0005%\u0015\u0011\u0011\u0002\u000e\u0007>tg-[4ve\u0006$\u0018n\u001c8)\u000b]\ti)!'\u0011\u000b\u0019\ny)a%\n\u0007\u0005EuE\u0001\u0004uQJ|wo\u001d\t\u0004Y\u0005U\u0015bAAL;\t\u00112*_;vE&\u001c\u0016\u000bT#yG\u0016\u0004H/[8oc\u0019q2.a'\u0002NFJ1%!(\u0002&\u0006\r\u0017qU\u000b\u0005\u0003?\u000b\t+F\u0001l\t\u001d\t\u0019k\tb\u0001\u0003[\u0013\u0011\u0001V\u0005\u0005\u0003O\u000bI+A\u000e%Y\u0016\u001c8/\u001b8ji\u0012:'/Z1uKJ$C-\u001a4bk2$H%\r\u0006\u0004\u0003W;\u0013A\u0002;ie><8/\u0005\u0003\u00020\u0006U\u0006c\u0001\u0014\u00022&\u0019\u00111W\u0014\u0003\u000f9{G\u000f[5oOB!\u0011qWA_\u001d\r1\u0013\u0011X\u0005\u0004\u0003w;\u0013a\u00029bG.\fw-Z\u0005\u0005\u0003\u007f\u000b\tMA\u0005UQJ|w/\u00192mK*\u0019\u00111X\u00142\u0013\r\n)-a2\u0002J\u0006-fb\u0001\u0014\u0002H&\u0019\u00111V\u00142\u000b\t2s%a3\u0003\u000bM\u001c\u0017\r\\12\u0007\u0019\n\u0019\n")
/* loaded from: input_file:org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.class */
public class KyuubiAuthenticationFactory implements Logging {
    private final KyuubiConf conf;
    private final Seq<Enumeration.Value> authTypes;
    private final boolean noSasl;
    private final boolean kerberosEnabled;
    private final Option<Enumeration.Value> plainAuthTypeOpt;
    private final Option<HadoopThriftAuthBridgeServer> hadoopAuthServer;
    private transient Logger org$apache$kyuubi$Logging$$log_;

    public static void verifyProxyAccess(String str, String str2, String str3, Configuration configuration) throws KyuubiSQLException {
        KyuubiAuthenticationFactory$.MODULE$.verifyProxyAccess(str, str2, str3, configuration);
    }

    public static String HS2_PROXY_USER() {
        return KyuubiAuthenticationFactory$.MODULE$.HS2_PROXY_USER();
    }

    @Override // org.apache.kyuubi.Logging
    public String loggerName() {
        String loggerName;
        loggerName = loggerName();
        return loggerName;
    }

    @Override // org.apache.kyuubi.Logging
    public Logger logger() {
        Logger logger;
        logger = logger();
        return logger;
    }

    @Override // org.apache.kyuubi.Logging
    public void debug(Function0<Object> function0) {
        debug(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void info(Function0<Object> function0) {
        info(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0) {
        warn(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0, Throwable th) {
        warn(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0, Throwable th) {
        error(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0) {
        error(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void initializeLoggerIfNecessary(boolean z) {
        initializeLoggerIfNecessary(z);
    }

    @Override // org.apache.kyuubi.Logging
    public Logger org$apache$kyuubi$Logging$$log_() {
        return this.org$apache$kyuubi$Logging$$log_;
    }

    @Override // org.apache.kyuubi.Logging
    public void org$apache$kyuubi$Logging$$log__$eq(Logger logger) {
        this.org$apache$kyuubi$Logging$$log_ = logger;
    }

    private Seq<Enumeration.Value> authTypes() {
        return this.authTypes;
    }

    private boolean noSasl() {
        return this.noSasl;
    }

    private boolean kerberosEnabled() {
        return this.kerberosEnabled;
    }

    private Option<Enumeration.Value> plainAuthTypeOpt() {
        return this.plainAuthTypeOpt;
    }

    private Option<HadoopThriftAuthBridgeServer> hadoopAuthServer() {
        return this.hadoopAuthServer;
    }

    private Map<String, String> getSaslProperties() {
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", SaslQOP$.MODULE$.withName((String) this.conf.get(KyuubiConf$.MODULE$.SASL_QOP())).toString());
        hashMap.put("javax.security.sasl.server.authentication", "true");
        return hashMap;
    }

    public TTransportFactory getTTransportFactory() {
        if (noSasl()) {
            return new TTransportFactory();
        }
        TSaslServerTransport.Factory factory = null;
        Some hadoopAuthServer = hadoopAuthServer();
        if (hadoopAuthServer instanceof Some) {
            factory = liftedTree2$1((HadoopThriftAuthBridgeServer) hadoopAuthServer.value());
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        Some plainAuthTypeOpt = plainAuthTypeOpt();
        if (plainAuthTypeOpt instanceof Some) {
            factory = PlainSASLHelper$.MODULE$.getTransportFactory(((Enumeration.Value) plainAuthTypeOpt.value()).toString(), this.conf, Option$.MODULE$.apply(factory));
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
        }
        Some hadoopAuthServer2 = hadoopAuthServer();
        return hadoopAuthServer2 instanceof Some ? ((HadoopThriftAuthBridgeServer) hadoopAuthServer2.value()).wrapTransportFactory(factory) : factory;
    }

    public TProcessorFactory getTProcessorFactory(TCLIService.Iface iface) {
        Some hadoopAuthServer = hadoopAuthServer();
        return hadoopAuthServer instanceof Some ? new FEServiceProcessorFactory((HadoopThriftAuthBridgeServer) hadoopAuthServer.value(), iface) : PlainSASLHelper$.MODULE$.getProcessFactory(iface);
    }

    public Option<String> getRemoteUser() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteUser();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserName());
        });
    }

    public Option<String> getIpAddress() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteAddress();
        }).map(inetAddress -> {
            return inetAddress.getHostAddress();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserIpAddress());
        });
    }

    public static final /* synthetic */ boolean $anonfun$plainAuthTypeOpt$1(Enumeration.Value value) {
        return value.equals(AuthTypes$.MODULE$.KERBEROS());
    }

    public static final /* synthetic */ boolean $anonfun$plainAuthTypeOpt$2(Enumeration.Value value) {
        return value.equals(AuthTypes$.MODULE$.NOSASL());
    }

    private static final /* synthetic */ void liftedTree1$1(KyuubiDelegationTokenManager kyuubiDelegationTokenManager) {
        try {
            kyuubiDelegationTokenManager.startThreads();
        } catch (IOException e) {
            throw new TTransportException("Failed to start token manager", e);
        }
    }

    private final /* synthetic */ TSaslServerTransport.Factory liftedTree2$1(HadoopThriftAuthBridgeServer hadoopThriftAuthBridgeServer) {
        try {
            return hadoopThriftAuthBridgeServer.createSaslServerTransportFactory(getSaslProperties());
        } catch (TTransportException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public KyuubiAuthenticationFactory(KyuubiConf kyuubiConf) {
        Some some;
        this.conf = kyuubiConf;
        Logging.$init$(this);
        this.authTypes = (Seq) ((TraversableLike) kyuubiConf.get(KyuubiConf$.MODULE$.AUTHENTICATION_METHOD())).map(str -> {
            return AuthTypes$.MODULE$.withName(str);
        }, Seq$.MODULE$.canBuildFrom());
        Seq<Enumeration.Value> authTypes = authTypes();
        $colon.colon colonVar = new $colon.colon(AuthTypes$.MODULE$.NOSASL(), Nil$.MODULE$);
        this.noSasl = authTypes != null ? authTypes.equals(colonVar) : colonVar == null;
        this.kerberosEnabled = authTypes().contains(AuthTypes$.MODULE$.KERBEROS());
        this.plainAuthTypeOpt = ((TraversableLike) ((TraversableLike) authTypes().filterNot(value -> {
            return BoxesRunTime.boxToBoolean($anonfun$plainAuthTypeOpt$1(value));
        })).filterNot(value2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$plainAuthTypeOpt$2(value2));
        })).headOption();
        if (kerberosEnabled()) {
            KyuubiDelegationTokenManager apply = KyuubiDelegationTokenManager$.MODULE$.apply(kyuubiConf);
            liftedTree1$1(apply);
            some = new Some(new HadoopThriftAuthBridgeServer(apply));
        } else {
            some = None$.MODULE$;
        }
        this.hadoopAuthServer = some;
    }
}
