package org.apache.sentry.service.thrift;

import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/service/thrift/HiveSimpleConnectionFactory.class */
public final class HiveSimpleConnectionFactory implements HiveConnectionFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(HiveSimpleConnectionFactory.class);
    private final Configuration conf;
    private final HiveConf hiveConf;
    private final boolean insecure;
    private SentryKerberosContext kerberosContext = null;

    public HiveSimpleConnectionFactory(Configuration configuration, HiveConf hiveConf) {
        this.conf = configuration;
        this.hiveConf = hiveConf;
        this.insecure = !"kerberos".equalsIgnoreCase(configuration.get("sentry.service.security.mode", "none").trim());
    }

    public void init() throws IOException, LoginException {
        if (this.insecure) {
            LOGGER.info("Using insecure connection to HMS");
            return;
        }
        String serverPrincipal = SecurityUtil.getServerPrincipal((String) Preconditions.checkNotNull(this.conf.get("sentry.service.server.principal"), "%s is required", new Object[]{"sentry.service.server.principal"}), NetUtils.createSocketAddr(this.conf.get("sentry.service.server.rpc-address", "0.0.0.0"), this.conf.getInt("sentry.service.server.rpc-port", 8038)).getAddress());
        LOGGER.debug("Opening kerberos connection to HMS using kerberos principal {}", serverPrincipal);
        Preconditions.checkArgument(SaslRpcServer.splitKerberosName(serverPrincipal).length == 3, "Kerberos principal %s should have 3 parts", new Object[]{serverPrincipal});
        String str = (String) Preconditions.checkNotNull(this.conf.get("sentry.service.server.keytab"), "Configuration is missing required %s paraeter", new Object[]{"sentry.service.server.keytab"});
        File file = new File(str);
        Preconditions.checkState(file.isFile() && file.canRead(), "Keytab %s does not exist or is not readable", new Object[]{str});
        this.kerberosContext = new SentryKerberosContext(serverPrincipal, str, false);
        UserGroupInformation.setConfiguration(this.conf);
        LOGGER.info("Using secure connection to HMS");
    }

    @Override // org.apache.sentry.service.thrift.HiveConnectionFactory
    public HMSClient connect() throws IOException, InterruptedException, MetaException {
        return this.insecure ? new HMSClient(new HiveMetaStoreClient(this.hiveConf)) : new HMSClient((HiveMetaStoreClient) UserGroupInformation.getUGIFromSubject(this.kerberosContext.getSubject()).doAs(new PrivilegedExceptionAction<HiveMetaStoreClient>() { // from class: org.apache.sentry.service.thrift.HiveSimpleConnectionFactory.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public HiveMetaStoreClient run() throws MetaException {
                return new HiveMetaStoreClient(HiveSimpleConnectionFactory.this.hiveConf);
            }
        }));
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        if (this.kerberosContext != null) {
            this.kerberosContext.shutDown();
            this.kerberosContext = null;
        }
    }
}
