package org.apache.sentry.hdfs;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.hdfs.ServiceConstants;
import org.apache.sentry.hdfs.service.thrift.SentryHDFSService;
import org.apache.sentry.hdfs.service.thrift.TAuthzUpdateResponse;
import org.apache.sentry.hdfs.service.thrift.TPathsUpdate;
import org.apache.sentry.hdfs.service.thrift.TPermissionsUpdate;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.protocol.TMultiplexedProtocol;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl.class */
public class SentryHDFSServiceClientDefaultImpl implements SentryHDFSServiceClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryHDFSServiceClientDefaultImpl.class);
    private final Configuration conf;
    private final InetSocketAddress serverAddress;
    private final int connectionTimeout;
    private boolean kerberos;
    private TTransport transport;
    private String[] serverPrincipalParts;
    private SentryHDFSService.Client client;

    /* loaded from: input_file:org/apache/sentry/hdfs/SentryHDFSServiceClientDefaultImpl$UgiSaslClientTransport.class */
    public static class UgiSaslClientTransport extends TSaslClientTransport {
        protected UserGroupInformation ugi;

        public UgiSaslClientTransport(String str, String str2, String str3, String str4, Map<String, String> map, CallbackHandler callbackHandler, TTransport tTransport, boolean z) throws IOException {
            super(str, str2, str3, str4, map, callbackHandler, tTransport);
            this.ugi = null;
            if (z) {
                this.ugi = UserGroupInformation.getLoginUser();
            }
        }

        public void open() throws TTransportException {
            if (this.ugi == null) {
                baseOpen();
                return;
            }
            try {
                if (this.ugi.isFromKeytab()) {
                    this.ugi.checkTGTAndReloginFromKeytab();
                }
                this.ugi.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.sentry.hdfs.SentryHDFSServiceClientDefaultImpl.UgiSaslClientTransport.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws TTransportException {
                        UgiSaslClientTransport.this.baseOpen();
                        return null;
                    }
                });
            } catch (IOException e) {
                throw new TTransportException("Failed to open SASL transport", e);
            } catch (InterruptedException e2) {
                throw new TTransportException("Interrupted while opening underlying transport", e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void baseOpen() throws TTransportException {
            super.open();
        }
    }

    public SentryHDFSServiceClientDefaultImpl(Configuration configuration) throws IOException {
        this.conf = configuration;
        Preconditions.checkNotNull(this.conf, "Configuration object cannot be null");
        this.serverAddress = NetUtils.createSocketAddr((String) Preconditions.checkNotNull(configuration.get(ServiceConstants.ClientConfig.SERVER_RPC_ADDRESS), "Config key sentry.hdfs.service.client.server.rpc-address is required"), configuration.getInt(ServiceConstants.ClientConfig.SERVER_RPC_PORT, ServiceConstants.ClientConfig.SERVER_RPC_PORT_DEFAULT));
        this.connectionTimeout = configuration.getInt(ServiceConstants.ClientConfig.SERVER_RPC_CONN_TIMEOUT, ServiceConstants.ClientConfig.SERVER_RPC_CONN_TIMEOUT_DEFAULT);
        this.kerberos = ServiceConstants.ClientConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase(configuration.get(ServiceConstants.ClientConfig.SECURITY_MODE, ServiceConstants.ClientConfig.SECURITY_MODE_KERBEROS).trim());
        this.transport = new TSocket(this.serverAddress.getHostName(), this.serverAddress.getPort(), this.connectionTimeout);
        if (this.kerberos) {
            String serverPrincipal = SecurityUtil.getServerPrincipal((String) Preconditions.checkNotNull(configuration.get(ServiceConstants.ClientConfig.PRINCIPAL), "sentry.hdfs.service.server.principal is required"), this.serverAddress.getAddress());
            LOGGER.info("Using server kerberos principal: " + serverPrincipal);
            this.serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal);
            Preconditions.checkArgument(this.serverPrincipalParts.length == 3, "Kerberos principal should have 3 parts: " + serverPrincipal);
            this.transport = new UgiSaslClientTransport(SaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), null, this.serverPrincipalParts[0], this.serverPrincipalParts[1], ServiceConstants.ClientConfig.SASL_PROPERTIES, null, this.transport, "true".equalsIgnoreCase(configuration.get(ServiceConstants.ClientConfig.SECURITY_USE_UGI_TRANSPORT, "true")));
        } else {
            this.serverPrincipalParts = null;
        }
        try {
            this.transport.open();
            LOGGER.info("Successfully opened transport: " + this.transport + " to " + this.serverAddress);
            long j = configuration.getLong(ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE, ServiceConstants.ClientConfig.SENTRY_HDFS_THRIFT_MAX_MESSAGE_SIZE_DEFAULT);
            this.client = new SentryHDFSService.Client(new TMultiplexedProtocol(configuration.getBoolean(ServiceConstants.ClientConfig.USE_COMPACT_TRANSPORT, false) ? new TCompactProtocol(this.transport, j, j) : new TBinaryProtocol(this.transport, j, j, true, true), SentryHDFSServiceClient.SENTRY_HDFS_SERVICE_NAME));
            LOGGER.info("Successfully created client");
        } catch (TTransportException e) {
            throw new IOException("Transport exception while opening transport: " + e.getMessage(), e);
        }
    }

    @Override // org.apache.sentry.hdfs.SentryHDFSServiceClient
    public synchronized void notifyHMSUpdate(PathsUpdate pathsUpdate) throws SentryHdfsServiceException {
        try {
            this.client.handle_hms_notification(pathsUpdate.toThrift());
        } catch (Exception e) {
            throw new SentryHdfsServiceException("Thrift Exception occurred !!", e);
        }
    }

    @Override // org.apache.sentry.hdfs.SentryHDFSServiceClient
    public synchronized long getLastSeenHMSPathSeqNum() throws SentryHdfsServiceException {
        try {
            return this.client.check_hms_seq_num(-1L);
        } catch (Exception e) {
            throw new SentryHdfsServiceException("Thrift Exception occurred !!", e);
        }
    }

    @Override // org.apache.sentry.hdfs.SentryHDFSServiceClient
    public synchronized SentryAuthzUpdate getAllUpdatesFrom(long j, long j2) throws SentryHdfsServiceException {
        SentryAuthzUpdate sentryAuthzUpdate = new SentryAuthzUpdate(new LinkedList(), new LinkedList());
        try {
            TAuthzUpdateResponse tAuthzUpdateResponse = this.client.get_all_authz_updates_from(j, j2);
            if (tAuthzUpdateResponse.getAuthzPathUpdate() != null) {
                Iterator<TPathsUpdate> it = tAuthzUpdateResponse.getAuthzPathUpdate().iterator();
                while (it.hasNext()) {
                    sentryAuthzUpdate.getPathUpdates().add(new PathsUpdate(it.next()));
                }
            }
            if (tAuthzUpdateResponse.getAuthzPermUpdate() != null) {
                Iterator<TPermissionsUpdate> it2 = tAuthzUpdateResponse.getAuthzPermUpdate().iterator();
                while (it2.hasNext()) {
                    sentryAuthzUpdate.getPermUpdates().add(new PermissionsUpdate(it2.next()));
                }
            }
            return sentryAuthzUpdate;
        } catch (Exception e) {
            throw new SentryHdfsServiceException("Thrift Exception occurred !!", e);
        }
    }

    @Override // org.apache.sentry.hdfs.SentryHDFSServiceClient
    public void close() {
        if (this.transport != null) {
            this.transport.close();
        }
    }
}
