package alluxio.security.authentication;

import alluxio.conf.AlluxioConfiguration;
import alluxio.conf.PropertyKey;
import alluxio.exception.status.AlluxioStatusException;
import alluxio.exception.status.UnknownException;
import alluxio.grpc.SaslAuthenticationServiceGrpc;
import alluxio.security.authentication.SaslHandshakeClientHandler;
import alluxio.security.authentication.SaslParticipantProvider;
import alluxio.util.SecurityUtils;
import io.grpc.CallOptions;
import io.grpc.Channel;
import io.grpc.ClientCall;
import io.grpc.ClientInterceptor;
import io.grpc.ClientInterceptors;
import io.grpc.ConnectivityState;
import io.grpc.ManagedChannel;
import io.grpc.MethodDescriptor;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import javax.security.auth.Subject;
import javax.security.sasl.SaslClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:alluxio/security/authentication/ChannelAuthenticator.class */
public class ChannelAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(ChannelAuthenticator.class);
    protected Subject mParentSubject;
    protected String mUserName;
    protected String mPassword;
    protected String mImpersonationUser;
    protected AuthType mAuthType;
    protected final long mGrpcAuthTimeoutMs;
    private boolean mSecurityEnabled;
    protected boolean mUseSubject = true;
    protected UUID mChannelId = UUID.randomUUID();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:alluxio/security/authentication/ChannelAuthenticator$AuthenticatedManagedChannel.class */
    public class AuthenticatedManagedChannel extends Channel implements AuthenticatedChannel {
        private final ManagedChannel mManagedChannel;
        private final AlluxioConfiguration mConf;
        private Channel mChannel;
        private boolean mAuthenticated;

        AuthenticatedManagedChannel(ManagedChannel managedChannel, AlluxioConfiguration alluxioConfiguration) throws AlluxioStatusException {
            this.mManagedChannel = managedChannel;
            this.mConf = alluxioConfiguration;
            authenticate();
        }

        public void authenticate() throws AlluxioStatusException {
            try {
                SaslClient createSaslClient = ChannelAuthenticator.this.mUseSubject ? SaslParticipantProvider.Factory.create(ChannelAuthenticator.this.mAuthType).createSaslClient(ChannelAuthenticator.this.mParentSubject, this.mConf) : SaslParticipantProvider.Factory.create(ChannelAuthenticator.this.mAuthType).createSaslClient(ChannelAuthenticator.this.mUserName, ChannelAuthenticator.this.mPassword, ChannelAuthenticator.this.mImpersonationUser);
                SaslStreamClientDriver saslStreamClientDriver = new SaslStreamClientDriver(SaslHandshakeClientHandler.Factory.create(ChannelAuthenticator.this.mAuthType, createSaslClient), ChannelAuthenticator.this.mGrpcAuthTimeoutMs);
                saslStreamClientDriver.setServerObserver(SaslAuthenticationServiceGrpc.newStub(this.mManagedChannel).authenticate(saslStreamClientDriver));
                saslStreamClientDriver.start(ChannelAuthenticator.this.mChannelId.toString());
                this.mAuthenticated = true;
                this.mManagedChannel.notifyWhenStateChanged(ConnectivityState.READY, () -> {
                    this.mAuthenticated = false;
                });
                this.mChannel = ClientInterceptors.intercept(this.mManagedChannel, ChannelAuthenticator.this.getInterceptors(createSaslClient));
            } catch (Exception e) {
                String format = String.format("Channel authentication failed. ChannelId: %s, AuthType: %s, Target: %s, Error: %s", ChannelAuthenticator.this.mChannelId, ChannelAuthenticator.this.mAuthType, this.mManagedChannel.authority(), e.toString());
                if (!(e instanceof AlluxioStatusException)) {
                    throw new UnknownException(format, e);
                }
                throw AlluxioStatusException.from(e.getStatus(), format, e);
            }
        }

        public <RequestT, ResponseT> ClientCall<RequestT, ResponseT> newCall(MethodDescriptor<RequestT, ResponseT> methodDescriptor, CallOptions callOptions) {
            return this.mChannel.newCall(methodDescriptor, callOptions);
        }

        public String authority() {
            return this.mChannel.authority();
        }

        @Override // alluxio.security.authentication.AuthenticatedChannel
        public boolean isAuthenticated() {
            return this.mAuthenticated;
        }
    }

    public ChannelAuthenticator(Subject subject, AlluxioConfiguration alluxioConfiguration) {
        this.mParentSubject = subject;
        this.mAuthType = (AuthType) alluxioConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
        this.mSecurityEnabled = SecurityUtils.isSecurityEnabled(alluxioConfiguration);
        this.mGrpcAuthTimeoutMs = alluxioConfiguration.getMs(PropertyKey.MASTER_GRPC_CHANNEL_AUTH_TIMEOUT);
    }

    public ChannelAuthenticator(String str, String str2, String str3, AuthType authType, long j) {
        this.mUserName = str;
        this.mPassword = str2;
        this.mImpersonationUser = str3;
        this.mAuthType = authType;
        this.mGrpcAuthTimeoutMs = j;
    }

    public Channel authenticate(ManagedChannel managedChannel, AlluxioConfiguration alluxioConfiguration) throws AlluxioStatusException {
        LOG.debug("Channel authentication initiated. ChannelId:{}, AuthType:{}, Target:{}", new Object[]{this.mChannelId, this.mAuthType, managedChannel.authority()});
        return this.mAuthType == AuthType.NOSASL ? managedChannel : new AuthenticatedManagedChannel(managedChannel, alluxioConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<ClientInterceptor> getInterceptors(SaslClient saslClient) {
        if (!this.mSecurityEnabled) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        switch (this.mAuthType) {
            case NOSASL:
                break;
            case SIMPLE:
            case CUSTOM:
                arrayList.add(new ChannelIdInjector(this.mChannelId));
                break;
            default:
                throw new RuntimeException(String.format("Authentication type:%s not supported", this.mAuthType.name()));
        }
        return arrayList;
    }
}
