package org.apache.kyuubi.service.authentication;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hive.service.rpc.thrift.TCLIService;
import org.apache.kyuubi.KyuubiSQLException;
import org.apache.kyuubi.Logging;
import org.apache.kyuubi.config.KyuubiConf;
import org.apache.kyuubi.config.KyuubiConf$;
import org.apache.kyuubi.shaded.zookeeper.client.ZooKeeperSaslClient;
import org.apache.thrift.TProcessorFactory;
import org.apache.thrift.transport.TSaslServerTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;
import org.slf4j.Logger;
import scala.Enumeration;
import scala.Function0;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.SetLike;
import scala.collection.TraversableLike;
import scala.collection.immutable.Set;
import scala.collection.immutable.Set$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: KyuubiAuthenticationFactory.scala */
@ScalaSignature(bytes = "\u0006\u0001\t%a\u0001B\u000e\u001d\u0001\u001dB\u0001B\r\u0001\u0003\u0002\u0003\u0006Ia\r\u0005\ts\u0001\u0011\t\u0011)A\u0005u!)Q\b\u0001C\u0001}!91\t\u0001b\u0001\n\u0003!\u0005BB1\u0001A\u0003%Q\tC\u0004c\u0001\t\u0007I\u0011A2\t\r\u0011\u0004\u0001\u0015!\u0003;\u0011\u001d)\u0007A1A\u0005\u0002\rDaA\u001a\u0001!\u0002\u0013Q\u0004bB4\u0001\u0005\u0004%I\u0001\u001b\u0005\u0007Y\u0002\u0001\u000b\u0011B5\t\u000f5\u0004!\u0019!C\u0005]\"11\u000f\u0001Q\u0001\n=DQ\u0001\u001e\u0001\u0005\nUDq!a\u0001\u0001\t\u0003\t)\u0001C\u0004\u0002\u0018\u0001!\t!!\u0007\t\u000f\u0005E\u0003\u0001\"\u0001\u0002T!9\u0011q\u000b\u0001\u0005\u0002\u0005MsaBA-9!\u0005\u00111\f\u0004\u00077qA\t!!\u0018\t\ru\"B\u0011AA0\u0011%\t\t\u0007\u0006b\u0001\n\u0003\t\u0019\u0007\u0003\u0005\u0002pQ\u0001\u000b\u0011BA3\u0011\u001d\t\t\b\u0006C\u0001\u0003gBq!!8\u0015\t\u0003\ty\u000eC\u0005\u0002rR\t\n\u0011\"\u0001\u0002t\nY2*_;vE&\fU\u000f\u001e5f]RL7-\u0019;j_:4\u0015m\u0019;pefT!!\b\u0010\u0002\u001d\u0005,H\u000f[3oi&\u001c\u0017\r^5p]*\u0011q\u0004I\u0001\bg\u0016\u0014h/[2f\u0015\t\t#%\u0001\u0004lsV,(-\u001b\u0006\u0003G\u0011\na!\u00199bG\",'\"A\u0013\u0002\u0007=\u0014xm\u0001\u0001\u0014\u0007\u0001Ac\u0006\u0005\u0002*Y5\t!FC\u0001,\u0003\u0015\u00198-\u00197b\u0013\ti#F\u0001\u0004B]f\u0014VM\u001a\t\u0003_Aj\u0011\u0001I\u0005\u0003c\u0001\u0012q\u0001T8hO&tw-\u0001\u0003d_:4\u0007C\u0001\u001b8\u001b\u0005)$B\u0001\u001c!\u0003\u0019\u0019wN\u001c4jO&\u0011\u0001(\u000e\u0002\u000b\u0017f,XOY5D_:4\u0017\u0001C5t'\u0016\u0014h/\u001a:\u0011\u0005%Z\u0014B\u0001\u001f+\u0005\u001d\u0011un\u001c7fC:\fa\u0001P5oSRtDcA B\u0005B\u0011\u0001\tA\u0007\u00029!)!g\u0001a\u0001g!9\u0011h\u0001I\u0001\u0002\u0004Q\u0014!C1vi\"$\u0016\u0010]3t+\u0005)\u0005c\u0001$N!:\u0011qi\u0013\t\u0003\u0011*j\u0011!\u0013\u0006\u0003\u0015\u001a\na\u0001\u0010:p_Rt\u0014B\u0001'+\u0003\u0019\u0001&/\u001a3fM&\u0011aj\u0014\u0002\u0004'\u0016$(B\u0001'+!\t\tfL\u0004\u0002S9:\u00111k\u0017\b\u0003)js!!V-\u000f\u0005YCfB\u0001%X\u0013\u0005)\u0013BA\u0012%\u0013\t\t#%\u0003\u0002 A%\u0011QDH\u0005\u0003;r\t\u0011\"Q;uQRK\b/Z:\n\u0005}\u0003'\u0001C!vi\"$\u0016\u0010]3\u000b\u0005uc\u0012AC1vi\"$\u0016\u0010]3tA\u0005ian\\*bg2,e.\u00192mK\u0012,\u0012AO\u0001\u000f]>\u001c\u0016m\u001d7F]\u0006\u0014G.\u001a3!\u0003=YWM\u001d2fe>\u001cXI\\1cY\u0016$\u0017\u0001E6fe\n,'o\\:F]\u0006\u0014G.\u001a3!\u0003A\u0001H.Y5o\u0003V$\b\u000eV=qK>\u0003H/F\u0001j!\rI#\u000eU\u0005\u0003W*\u0012aa\u00149uS>t\u0017!\u00059mC&t\u0017)\u001e;i)f\u0004Xm\u00149uA\u0005\u0001\u0002.\u00193p_B\fU\u000f\u001e5TKJ4XM]\u000b\u0002_B\u0019\u0011F\u001b9\u0011\u0005\u0001\u000b\u0018B\u0001:\u001d\u0005qA\u0015\rZ8paRC'/\u001b4u\u0003V$\bN\u0011:jI\u001e,7+\u001a:wKJ\f\u0011\u0003[1e_>\u0004\u0018)\u001e;i'\u0016\u0014h/\u001a:!\u0003E9W\r^*bg2\u0004&o\u001c9feRLWm]\u000b\u0002mB!q\u000f @\u007f\u001b\u0005A(BA={\u0003\u0011)H/\u001b7\u000b\u0003m\fAA[1wC&\u0011Q\u0010\u001f\u0002\u0004\u001b\u0006\u0004\bC\u0001$��\u0013\r\t\ta\u0014\u0002\u0007'R\u0014\u0018N\\4\u0002)\u001d,G\u000f\u0016+sC:\u001c\bo\u001c:u\r\u0006\u001cGo\u001c:z+\t\t9\u0001\u0005\u0003\u0002\n\u0005MQBAA\u0006\u0015\u0011\ti!a\u0004\u0002\u0013Q\u0014\u0018M\\:q_J$(bAA\tE\u00051A\u000f\u001b:jMRLA!!\u0006\u0002\f\t\tB\u000b\u0016:b]N\u0004xN\u001d;GC\u000e$xN]=\u0002)\u001d,G\u000f\u0016)s_\u000e,7o]8s\r\u0006\u001cGo\u001c:z)\u0011\tY\"a\t\u0011\t\u0005u\u0011qD\u0007\u0003\u0003\u001fIA!!\t\u0002\u0010\t\tB\u000b\u0015:pG\u0016\u001c8o\u001c:GC\u000e$xN]=\t\u000f\u0005\u0015\u0002\u00031\u0001\u0002(\u0005\u0011a-\u001a\t\u0005\u0003S\tYE\u0004\u0003\u0002,\u0005\u0015c\u0002BA\u0017\u0003\u0003rA!a\f\u0002<9!\u0011\u0011GA\u001c\u001d\r)\u00161G\u0005\u0004\u0003k\u0011\u0013\u0001\u00025jm\u0016L1aHA\u001d\u0015\r\t)DI\u0005\u0005\u0003{\ty$A\u0002sa\u000eT1aHA\u001d\u0013\u0011\t\t\"a\u0011\u000b\t\u0005u\u0012qH\u0005\u0005\u0003\u000f\nI%A\u0006U\u00072K5+\u001a:wS\u000e,'\u0002BA\t\u0003\u0007JA!!\u0014\u0002P\t)\u0011JZ1dK*!\u0011qIA%\u000359W\r\u001e*f[>$X-V:feV\u0011\u0011Q\u000b\t\u0004S)t\u0018\u0001D4fi&\u0003\u0018\t\u001a3sKN\u001c\u0018aG&zkV\u0014\u0017.Q;uQ\u0016tG/[2bi&|gNR1di>\u0014\u0018\u0010\u0005\u0002A)M\u0019A\u0003\u000b\u0018\u0015\u0005\u0005m\u0013A\u0004%Te}\u0003&k\u0014-Z?V\u001bVIU\u000b\u0003\u0003K\u0002B!a\u001a\u0002n5\u0011\u0011\u0011\u000e\u0006\u0004\u0003WR\u0018\u0001\u00027b]\u001eLA!!\u0001\u0002j\u0005y\u0001j\u0015\u001a`!J{\u0005,W0V'\u0016\u0013\u0006%A\twKJLg-\u001f)s_bL\u0018iY2fgN$\"\"!\u001e\u0002|\u0005}\u00141QAD!\rI\u0013qO\u0005\u0004\u0003sR#\u0001B+oSRDa!! \u0019\u0001\u0004q\u0018\u0001\u0003:fC2,6/\u001a:\t\r\u0005\u0005\u0005\u00041\u0001\u007f\u0003%\u0001(o\u001c=z+N,'\u000f\u0003\u0004\u0002\u0006b\u0001\rA`\u0001\nSB\fE\r\u001a:fgNDq!!#\u0019\u0001\u0004\tY)\u0001\u0006iC\u0012|w\u000e]\"p]\u001a\u0004B!!$\u0002\u00166\u0011\u0011q\u0012\u0006\u0004e\u0005E%bAAJE\u00051\u0001.\u00193p_BLA!a&\u0002\u0010\ni1i\u001c8gS\u001e,(/\u0019;j_:DS\u0001GAN\u0003O\u0003R!KAO\u0003CK1!a(+\u0005\u0019!\bN]8xgB\u0019q&a)\n\u0007\u0005\u0015\u0006E\u0001\nLsV,(-[*R\u0019\u0016C8-\u001a9uS>t\u0017G\u0002\u0010\u007f\u0003S\u000bY.M\u0005$\u0003W\u000b\u0019,!5\u00026V!\u0011QVAX+\u0005qHaBAYM\t\u0007\u00111\u0018\u0002\u0002)&!\u0011QWA\\\u0003m!C.Z:tS:LG\u000fJ4sK\u0006$XM\u001d\u0013eK\u001a\fW\u000f\u001c;%c)\u0019\u0011\u0011\u0018\u0016\u0002\rQD'o\\<t#\u0011\ti,a1\u0011\u0007%\ny,C\u0002\u0002B*\u0012qAT8uQ&tw\r\u0005\u0003\u0002F\u0006-gbA\u0015\u0002H&\u0019\u0011\u0011\u001a\u0016\u0002\u000fA\f7m[1hK&!\u0011QZAh\u0005%!\u0006N]8xC\ndWMC\u0002\u0002J*\n\u0014bIAj\u0003+\f9.!/\u000f\u0007%\n).C\u0002\u0002:*\nTAI\u0015+\u00033\u0014Qa]2bY\u0006\f4AJAQ\u0003i9W\r\u001e,bY&$\u0007+Y:to>\u0014H-Q;uQ6+G\u000f[8e)\u0011\t\t/a<\u0011\t\u0005\r\u0018\u0011\u001e\b\u0004%\u0006\u0015\u0018bAAt9\u0005Y\u0011)\u001e;i\u001b\u0016$\bn\u001c3t\u0013\u0011\tY/!<\u0003\u0015\u0005+H\u000f['fi\"|GMC\u0002\u0002hrAQaQ\rA\u0002\u0015\u000b1\u0004\n7fgNLg.\u001b;%OJ,\u0017\r^3sI\u0011,g-Y;mi\u0012\u0012TCAA{U\rQ\u0014q_\u0016\u0003\u0003s\u0004B!a?\u0003\u00065\u0011\u0011Q \u0006\u0005\u0003\u007f\u0014\t!A\u0005v]\u000eDWmY6fI*\u0019!1\u0001\u0016\u0002\u0015\u0005tgn\u001c;bi&|g.\u0003\u0003\u0003\b\u0005u(!E;oG\",7m[3e-\u0006\u0014\u0018.\u00198dK\u0002")
/* loaded from: input_file:org/apache/kyuubi/service/authentication/KyuubiAuthenticationFactory.class */
public class KyuubiAuthenticationFactory implements Logging {
    private final KyuubiConf conf;
    private final boolean isServer;
    private final Set<Enumeration.Value> authTypes;
    private final boolean noSaslEnabled;
    private final boolean kerberosEnabled;
    private final Option<Enumeration.Value> plainAuthTypeOpt;
    private final Option<HadoopThriftAuthBridgeServer> hadoopAuthServer;
    private transient Logger org$apache$kyuubi$Logging$$log_;

    public static Enumeration.Value getValidPasswordAuthMethod(Set<Enumeration.Value> set) {
        return KyuubiAuthenticationFactory$.MODULE$.getValidPasswordAuthMethod(set);
    }

    public static void verifyProxyAccess(String str, String str2, String str3, Configuration configuration) throws KyuubiSQLException {
        KyuubiAuthenticationFactory$.MODULE$.verifyProxyAccess(str, str2, str3, configuration);
    }

    public static String HS2_PROXY_USER() {
        return KyuubiAuthenticationFactory$.MODULE$.HS2_PROXY_USER();
    }

    @Override // org.apache.kyuubi.Logging
    public String loggerName() {
        String loggerName;
        loggerName = loggerName();
        return loggerName;
    }

    @Override // org.apache.kyuubi.Logging
    public Logger logger() {
        Logger logger;
        logger = logger();
        return logger;
    }

    @Override // org.apache.kyuubi.Logging
    public void debug(Function0<Object> function0) {
        debug(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void debug(Function0<Object> function0, Throwable th) {
        debug(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void info(Function0<Object> function0) {
        info(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void info(Function0<Object> function0, Throwable th) {
        info(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0) {
        warn(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void warn(Function0<Object> function0, Throwable th) {
        warn(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0, Throwable th) {
        error(function0, th);
    }

    @Override // org.apache.kyuubi.Logging
    public void error(Function0<Object> function0) {
        error(function0);
    }

    @Override // org.apache.kyuubi.Logging
    public void initializeLoggerIfNecessary(boolean z) {
        initializeLoggerIfNecessary(z);
    }

    @Override // org.apache.kyuubi.Logging
    public Logger org$apache$kyuubi$Logging$$log_() {
        return this.org$apache$kyuubi$Logging$$log_;
    }

    @Override // org.apache.kyuubi.Logging
    public void org$apache$kyuubi$Logging$$log__$eq(Logger logger) {
        this.org$apache$kyuubi$Logging$$log_ = logger;
    }

    public Set<Enumeration.Value> authTypes() {
        return this.authTypes;
    }

    public boolean noSaslEnabled() {
        return this.noSaslEnabled;
    }

    public boolean kerberosEnabled() {
        return this.kerberosEnabled;
    }

    private Option<Enumeration.Value> plainAuthTypeOpt() {
        return this.plainAuthTypeOpt;
    }

    private Option<HadoopThriftAuthBridgeServer> hadoopAuthServer() {
        return this.hadoopAuthServer;
    }

    private Map<String, String> getSaslProperties() {
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", SaslQOP$.MODULE$.withName((String) this.conf.get(KyuubiConf$.MODULE$.SASL_QOP())).toString());
        hashMap.put("javax.security.sasl.server.authentication", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        return hashMap;
    }

    public TTransportFactory getTTransportFactory() {
        if (noSaslEnabled()) {
            return new TTransportFactory();
        }
        TSaslServerTransport.Factory factory = null;
        Option<HadoopThriftAuthBridgeServer> hadoopAuthServer = hadoopAuthServer();
        if (hadoopAuthServer instanceof Some) {
            factory = liftedTree2$1((HadoopThriftAuthBridgeServer) ((Some) hadoopAuthServer).value());
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        Option<Enumeration.Value> plainAuthTypeOpt = plainAuthTypeOpt();
        if (plainAuthTypeOpt instanceof Some) {
            factory = PlainSASLHelper$.MODULE$.getTransportFactory(((Enumeration.Value) ((Some) plainAuthTypeOpt).value()).toString(), this.conf, Option$.MODULE$.apply(factory), this.isServer);
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
        }
        Option<HadoopThriftAuthBridgeServer> hadoopAuthServer2 = hadoopAuthServer();
        return hadoopAuthServer2 instanceof Some ? ((HadoopThriftAuthBridgeServer) ((Some) hadoopAuthServer2).value()).wrapTransportFactory(factory) : factory;
    }

    public TProcessorFactory getTProcessorFactory(TCLIService.Iface iface) {
        Option<HadoopThriftAuthBridgeServer> hadoopAuthServer = hadoopAuthServer();
        return hadoopAuthServer instanceof Some ? new FEServiceProcessorFactory((HadoopThriftAuthBridgeServer) ((Some) hadoopAuthServer).value(), iface) : PlainSASLHelper$.MODULE$.getProcessFactory(iface);
    }

    public Option<String> getRemoteUser() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteUser();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserName());
        });
    }

    public Option<String> getIpAddress() {
        return hadoopAuthServer().map(hadoopThriftAuthBridgeServer -> {
            return hadoopThriftAuthBridgeServer.getRemoteAddress();
        }).map(inetAddress -> {
            return inetAddress.getHostAddress();
        }).orElse(() -> {
            return Option$.MODULE$.apply(TSetIpAddressProcessor$.MODULE$.getUserIpAddress());
        });
    }

    public static final /* synthetic */ boolean $anonfun$plainAuthTypeOpt$1(Enumeration.Value value) {
        return value.equals(AuthTypes$.MODULE$.KERBEROS());
    }

    public static final /* synthetic */ boolean $anonfun$plainAuthTypeOpt$2(Enumeration.Value value) {
        return value.equals(AuthTypes$.MODULE$.NOSASL());
    }

    private static final /* synthetic */ void liftedTree1$1(KyuubiDelegationTokenManager kyuubiDelegationTokenManager) {
        try {
            kyuubiDelegationTokenManager.startThreads();
        } catch (IOException e) {
            throw new TTransportException("Failed to start token manager", e);
        }
    }

    private final /* synthetic */ TSaslServerTransport.Factory liftedTree2$1(HadoopThriftAuthBridgeServer hadoopThriftAuthBridgeServer) {
        try {
            return hadoopThriftAuthBridgeServer.createSaslServerTransportFactory(getSaslProperties());
        } catch (TTransportException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public KyuubiAuthenticationFactory(KyuubiConf kyuubiConf, boolean z) {
        Option<HadoopThriftAuthBridgeServer> option;
        this.conf = kyuubiConf;
        this.isServer = z;
        Logging.$init$(this);
        this.authTypes = (Set) ((SetLike) kyuubiConf.get(KyuubiConf$.MODULE$.AUTHENTICATION_METHOD())).map(str -> {
            return AuthTypes$.MODULE$.withName(str);
        }, Set$.MODULE$.canBuildFrom());
        Set<Enumeration.Value> authTypes = authTypes();
        CC apply = Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new Enumeration.Value[]{AuthTypes$.MODULE$.NOSASL()}));
        this.noSaslEnabled = authTypes != null ? authTypes.equals(apply) : apply == 0;
        this.kerberosEnabled = authTypes().contains(AuthTypes$.MODULE$.KERBEROS());
        this.plainAuthTypeOpt = ((TraversableLike) ((TraversableLike) authTypes().filterNot(value -> {
            return BoxesRunTime.boxToBoolean($anonfun$plainAuthTypeOpt$1(value));
        })).filterNot(value2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$plainAuthTypeOpt$2(value2));
        })).headOption();
        if (kerberosEnabled()) {
            KyuubiDelegationTokenManager apply2 = KyuubiDelegationTokenManager$.MODULE$.apply(kyuubiConf);
            liftedTree1$1(apply2);
            option = new Some<>(new HadoopThriftAuthBridgeServer(apply2));
        } else {
            option = None$.MODULE$;
        }
        this.hadoopAuthServer = option;
        if (BoxesRunTime.unboxToBoolean(kyuubiConf.get(KyuubiConf$.MODULE$.ENGINE_SECURITY_ENABLED()))) {
            InternalSecurityAccessor$.MODULE$.initialize(kyuubiConf, z);
        }
    }
}
