package org.apache.drill.exec.rpc.user;

import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import com.google.common.util.concurrent.AbstractCheckedFuture;
import com.google.common.util.concurrent.CheckedFuture;
import com.google.common.util.concurrent.SettableFuture;
import com.google.protobuf.MessageLite;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.common.config.DrillProperties;
import org.apache.drill.common.exceptions.DrillException;
import org.apache.drill.exec.client.InvalidConnectionInfoException;
import org.apache.drill.exec.memory.BufferAllocator;
import org.apache.drill.exec.planner.sql.parser.impl.DrillParserImplConstants;
import org.apache.drill.exec.proto.CoordinationProtos;
import org.apache.drill.exec.proto.GeneralRPCProtos;
import org.apache.drill.exec.proto.UserBitShared;
import org.apache.drill.exec.proto.UserProtos;
import org.apache.drill.exec.rpc.AbstractClientConnection;
import org.apache.drill.exec.rpc.Acks;
import org.apache.drill.exec.rpc.BasicClient;
import org.apache.drill.exec.rpc.ConnectionMultiListener;
import org.apache.drill.exec.rpc.DrillRpcFuture;
import org.apache.drill.exec.rpc.NonTransientRpcException;
import org.apache.drill.exec.rpc.OutOfMemoryHandler;
import org.apache.drill.exec.rpc.ProtobufLengthDecoder;
import org.apache.drill.exec.rpc.Response;
import org.apache.drill.exec.rpc.ResponseSender;
import org.apache.drill.exec.rpc.RpcConnectionHandler;
import org.apache.drill.exec.rpc.RpcException;
import org.apache.drill.exec.rpc.RpcOutcomeListener;
import org.apache.drill.exec.rpc.security.AuthStringUtil;
import org.apache.drill.exec.rpc.security.AuthenticationOutcomeListener;
import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
import org.apache.drill.exec.rpc.security.ClientAuthenticatorProvider;
import org.apache.drill.exec.rpc.security.SaslProperties;
import org.apache.drill.exec.ssl.SSLConfig;
import org.apache.drill.exec.ssl.SSLConfigBuilder;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/rpc/user/UserClient.class */
public class UserClient extends BasicClient<UserProtos.RpcType, UserToBitConnection, UserProtos.UserToBitHandshake, UserProtos.BitToUserHandshake> {
    private static final Logger logger = LoggerFactory.getLogger(UserClient.class);
    private final BufferAllocator allocator;
    private final QueryResultHandler queryResultHandler;
    private final String clientName;
    private final boolean supportComplexTypes;
    private UserProtos.RpcEndpointInfos serverInfos;
    private Set<UserProtos.RpcType> supportedMethods;
    private volatile List<String> serverAuthMechanisms;
    private volatile boolean authComplete;
    private SSLConfig sslConfig;
    private CoordinationProtos.DrillbitEndpoint endpoint;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.drill.exec.rpc.user.UserClient$5, reason: invalid class name */
    /* loaded from: input_file:org/apache/drill/exec/rpc/user/UserClient$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus = new int[UserProtos.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[UserProtos.HandshakeStatus.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[UserProtos.HandshakeStatus.AUTH_REQUIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[UserProtos.HandshakeStatus.AUTH_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[UserProtos.HandshakeStatus.RPC_VERSION_MISMATCH.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[UserProtos.HandshakeStatus.UNKNOWN_FAILURE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/drill/exec/rpc/user/UserClient$UserToBitConnection.class */
    public class UserToBitConnection extends AbstractClientConnection {
        UserToBitConnection(SocketChannel socketChannel) {
            super(socketChannel, "user client");
        }

        public BufferAllocator getAllocator() {
            return UserClient.this.allocator;
        }

        @Override // org.apache.drill.exec.rpc.AbstractClientConnection
        protected Logger getLogger() {
            return UserClient.logger;
        }

        public void incConnectionCounter() {
        }

        public void decConnectionCounter() {
        }
    }

    public UserClient(String str, DrillConfig drillConfig, Properties properties, boolean z, BufferAllocator bufferAllocator, EventLoopGroup eventLoopGroup, Executor executor, CoordinationProtos.DrillbitEndpoint drillbitEndpoint) throws NonTransientRpcException {
        super(UserRpcConfig.getMapping(drillConfig, executor), bufferAllocator.getAsByteBufAllocator(), eventLoopGroup, UserProtos.RpcType.HANDSHAKE, UserProtos.BitToUserHandshake.class, UserProtos.BitToUserHandshake.PARSER);
        this.queryResultHandler = new QueryResultHandler();
        this.serverInfos = null;
        this.supportedMethods = null;
        this.serverAuthMechanisms = null;
        this.authComplete = true;
        this.endpoint = drillbitEndpoint;
        this.clientName = str;
        this.allocator = bufferAllocator;
        this.supportComplexTypes = z;
        try {
            this.sslConfig = new SSLConfigBuilder().properties(properties).mode(SSLConfig.Mode.CLIENT).initializeSSLContext(true).validateKeyStore(false).build();
        } catch (DrillException e) {
            throw new InvalidConnectionInfoException(e.getMessage());
        }
    }

    protected void setupSSL(ChannelPipeline channelPipeline, ConnectionMultiListener.SSLHandshakeListener sSLHandshakeListener) {
        SslHandler sslHandler = new SslHandler(this.sslConfig.createSSLEngine(this.allocator, this.endpoint.getAddress(), this.endpoint.getUserPort()));
        sslHandler.setHandshakeTimeoutMillis(this.sslConfig.getHandshakeTimeout());
        sslHandler.handshakeFuture().addListener(sSLHandshakeListener);
        channelPipeline.addFirst("ssl-handler", sslHandler);
        logger.debug(this.sslConfig.toString());
    }

    protected boolean isSslEnabled() {
        return this.sslConfig.isUserSslEnabled();
    }

    public UserProtos.RpcEndpointInfos getServerInfos() {
        return this.serverInfos;
    }

    public Set<UserProtos.RpcType> getSupportedMethods() {
        return this.supportedMethods;
    }

    public void submitQuery(UserResultsListener userResultsListener, UserProtos.RunQuery runQuery) {
        send(this.queryResultHandler.getWrappedListener(userResultsListener), UserProtos.RpcType.RUN_QUERY, runQuery, UserBitShared.QueryId.class, new ByteBuf[0]);
    }

    public void connect(CoordinationProtos.DrillbitEndpoint drillbitEndpoint, DrillProperties drillProperties, UserBitShared.UserCredentials userCredentials) throws RpcException {
        UserProtos.UserToBitHandshake.Builder properties = UserProtos.UserToBitHandshake.newBuilder().setRpcVersion(5).setSupportListening(true).setSupportComplexTypes(this.supportComplexTypes).setSupportTimeout(true).setCredentials(userCredentials).setClientInfos(UserRpcUtils.getRpcEndpointInfos(this.clientName)).setSaslSupport(UserProtos.SaslSupport.SASL_PRIVACY).setProperties(drillProperties.serializeForServer());
        if (drillProperties.containsKey("test_sasl_level")) {
            properties.setSaslSupport(UserProtos.SaslSupport.valueOf(Integer.parseInt(drillProperties.getProperty("test_sasl_level"))));
        }
        if (this.sslConfig.isUserSslEnabled()) {
            try {
                connect(properties.build(), drillbitEndpoint).checkedGet(this.sslConfig.getHandshakeTimeout(), TimeUnit.MILLISECONDS);
            } catch (TimeoutException e) {
                throw new NonTransientRpcException("Connecting to the server timed out. This is sometimes due to a mismatch in the SSL configuration between client and server. [ Exception: " + e.getMessage() + "]");
            }
        } else {
            connect(properties.build(), drillbitEndpoint).checkedGet();
        }
        validateSaslCompatibility(drillProperties);
        if (this.serverAuthMechanisms != null) {
            try {
                authenticate(drillProperties).checkedGet();
            } catch (SaslException e2) {
                throw new NonTransientRpcException(e2);
            }
        }
    }

    private void validateSaslCompatibility(DrillProperties drillProperties) throws NonTransientRpcException {
        boolean z = drillProperties.containsKey("sasl_encrypt") && Boolean.parseBoolean(drillProperties.getProperty("sasl_encrypt"));
        if (z && !((UserToBitConnection) this.connection).isEncryptionEnabled()) {
            throw new NonTransientRpcException("Client needs encrypted connection but server is not configured for encryption. Please contact your administrator. [Warn: It may be due to wrong config or a security attack in progress.]");
        }
        if (z && this.serverAuthMechanisms == null) {
            throw new NonTransientRpcException("Client needs encrypted connection but server doesn't support any security mechanisms. Please contact your administrator. [Warn: It may be due to wrong config or a security attack in progress.]");
        }
        if (clientNeedsAuthExceptPlain(drillProperties) && this.serverAuthMechanisms == null) {
            throw new NonTransientRpcException("Client needs authentication but server doesn't support any security mechanisms. Please contact your administrator. [Warn: It may be due to wrong config or a security attack in progress.]");
        }
    }

    private boolean clientNeedsAuthExceptPlain(DrillProperties drillProperties) {
        boolean z = false;
        String property = drillProperties.getProperty("auth");
        if (!Strings.isNullOrEmpty(property) && !property.equalsIgnoreCase("PLAIN")) {
            z = true;
        }
        return z | (!Strings.isNullOrEmpty(drillProperties.getProperty("principal")));
    }

    private CheckedFuture<Void, RpcException> connect(UserProtos.UserToBitHandshake userToBitHandshake, CoordinationProtos.DrillbitEndpoint drillbitEndpoint) {
        final SettableFuture create = SettableFuture.create();
        AbstractCheckedFuture<Void, RpcException> abstractCheckedFuture = new AbstractCheckedFuture<Void, RpcException>(create) { // from class: org.apache.drill.exec.rpc.user.UserClient.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: mapException, reason: merged with bridge method [inline-methods] */
            public RpcException m845mapException(Exception exc) {
                return RpcException.mapException(exc);
            }
        };
        connectAsClient(this.queryResultHandler.getWrappedConnectionHandler(new RpcConnectionHandler<UserToBitConnection>() { // from class: org.apache.drill.exec.rpc.user.UserClient.2
            public void connectionSucceeded(UserToBitConnection userToBitConnection) {
                create.set((Object) null);
            }

            public void connectionFailed(RpcConnectionHandler.FailureType failureType, Throwable th) {
                create.setException(new RpcException(String.format("%s : %s", failureType.name(), th.getMessage()), th));
            }
        }), userToBitHandshake, drillbitEndpoint.getAddress(), drillbitEndpoint.getUserPort());
        return abstractCheckedFuture;
    }

    private CheckedFuture<Void, SaslException> authenticate(DrillProperties drillProperties) {
        Map<String, ?> stringPropertiesAsMap = drillProperties.stringPropertiesAsMap();
        stringPropertiesAsMap.putAll(SaslProperties.getSaslProperties(((UserToBitConnection) this.connection).isEncryptionEnabled(), ((UserToBitConnection) this.connection).getMaxWrappedSize()));
        final SettableFuture create = SettableFuture.create();
        AbstractCheckedFuture<Void, SaslException> abstractCheckedFuture = new AbstractCheckedFuture<Void, SaslException>(create) { // from class: org.apache.drill.exec.rpc.user.UserClient.3
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: mapException, reason: merged with bridge method [inline-methods] */
            public SaslException m846mapException(Exception exc) {
                if (exc instanceof ExecutionException) {
                    Throwable rootCause = Throwables.getRootCause(exc);
                    if (rootCause instanceof SaslException) {
                        return new SaslException(String.format("Authentication failed. [Details: %s, Error %s]", ((UserToBitConnection) UserClient.this.connection).getEncryptionCtxtString(), rootCause.getMessage()), rootCause);
                    }
                }
                return new SaslException(String.format("Authentication failed unexpectedly. [Details: %s, Error %s]", ((UserToBitConnection) UserClient.this.connection).getEncryptionCtxtString(), exc.getMessage()), exc);
            }
        };
        try {
            AuthenticatorFactory authenticatorFactory = getAuthenticatorFactory(drillProperties);
            String simpleName = authenticatorFactory.getSimpleName();
            logger.trace("Will try to authenticate to server using {} mechanism with encryption context {}", simpleName, ((UserToBitConnection) this.connection).getEncryptionCtxtString());
            UserGroupInformation createAndLoginUser = authenticatorFactory.createAndLoginUser(stringPropertiesAsMap);
            SaslClient createSaslClient = authenticatorFactory.createSaslClient(createAndLoginUser, stringPropertiesAsMap);
            if (createSaslClient == null) {
                throw new SaslException(String.format("Cannot initiate authentication using %s mechanism. Insufficient credentials or selected mechanism doesn't support configured security layers?", authenticatorFactory.getSimpleName()));
            }
            ((UserToBitConnection) this.connection).setSaslClient(createSaslClient);
            logger.trace("Initiating SASL exchange.");
            new AuthenticationOutcomeListener(this, this.connection, UserProtos.RpcType.SASL_MESSAGE, createAndLoginUser, new RpcOutcomeListener<Void>() { // from class: org.apache.drill.exec.rpc.user.UserClient.4
                public void failed(RpcException rpcException) {
                    create.setException(rpcException);
                }

                public void success(Void r4, ByteBuf byteBuf) {
                    UserClient.this.authComplete = true;
                    create.set((Object) null);
                }

                public void interrupted(InterruptedException interruptedException) {
                    create.setException(interruptedException);
                }
            }).initiate(simpleName);
            return abstractCheckedFuture;
        } catch (IOException e) {
            create.setException(e);
            return abstractCheckedFuture;
        }
    }

    private AuthenticatorFactory getAuthenticatorFactory(DrillProperties drillProperties) throws SaslException {
        Set<String> asSet = AuthStringUtil.asSet(this.serverAuthMechanisms);
        String property = drillProperties.getProperty("auth");
        if (property != null) {
            if (!ClientAuthenticatorProvider.getInstance().containsFactory(property)) {
                throw new SaslException(String.format("Unknown mechanism: %s", property));
            }
            if (asSet.contains(property.toUpperCase())) {
                return ClientAuthenticatorProvider.getInstance().getAuthenticatorFactory(property);
            }
            throw new SaslException(String.format("Server does not support authentication using: %s. [Details: %s]", property, ((UserToBitConnection) this.connection).getEncryptionCtxtString()));
        }
        if (asSet.contains("KERBEROS") && drillProperties.containsKey("principal")) {
            return ClientAuthenticatorProvider.getInstance().getAuthenticatorFactory("KERBEROS");
        }
        if (asSet.contains("PLAIN") && drillProperties.containsKey("user") && !Strings.isNullOrEmpty(drillProperties.getProperty("password"))) {
            return ClientAuthenticatorProvider.getInstance().getAuthenticatorFactory("PLAIN");
        }
        throw new SaslException(String.format("Server requires authentication using %s. Insufficient credentials?. [Details: %s]. ", this.serverAuthMechanisms, ((UserToBitConnection) this.connection).getEncryptionCtxtString()));
    }

    protected <SEND extends MessageLite, RECEIVE extends MessageLite> void send(RpcOutcomeListener<RECEIVE> rpcOutcomeListener, UserProtos.RpcType rpcType, SEND send, Class<RECEIVE> cls, boolean z, ByteBuf... byteBufArr) {
        super.send(rpcOutcomeListener, this.connection, rpcType, send, cls, z, byteBufArr);
    }

    protected MessageLite getResponseDefaultInstance(int i) throws RpcException {
        switch (i) {
            case 0:
                return UserProtos.BitToUserHandshake.getDefaultInstance();
            case 1:
                return GeneralRPCProtos.Ack.getDefaultInstance();
            case 2:
            case 3:
            case 4:
            case 5:
            case 8:
            case DrillParserImplConstants.ALLOW /* 11 */:
            case 12:
            case 14:
            case 15:
            case 16:
            case 17:
            case 22:
            default:
                throw new RpcException(String.format("Unable to deal with RpcType of %d", Integer.valueOf(i)));
            case 6:
                return UserBitShared.QueryData.getDefaultInstance();
            case DrillParserImplConstants.ADMIN /* 7 */:
                return UserBitShared.QueryId.getDefaultInstance();
            case DrillParserImplConstants.ALL /* 9 */:
                return UserProtos.GetServerMetaResp.getDefaultInstance();
            case DrillParserImplConstants.ALLOCATE /* 10 */:
                return UserBitShared.QueryResult.getDefaultInstance();
            case DrillParserImplConstants.ALTER /* 13 */:
                return UserProtos.QueryPlanFragments.getDefaultInstance();
            case DrillParserImplConstants.AS /* 18 */:
                return UserProtos.GetCatalogsResp.getDefaultInstance();
            case DrillParserImplConstants.ASC /* 19 */:
                return UserProtos.GetSchemasResp.getDefaultInstance();
            case DrillParserImplConstants.ASENSITIVE /* 20 */:
                return UserProtos.GetTablesResp.getDefaultInstance();
            case DrillParserImplConstants.ASSERTION /* 21 */:
                return UserProtos.GetColumnsResp.getDefaultInstance();
            case DrillParserImplConstants.ASYMMETRIC /* 23 */:
                return UserProtos.CreatePreparedStatementResp.getDefaultInstance();
            case DrillParserImplConstants.AT /* 24 */:
                return UserBitShared.SaslMessage.getDefaultInstance();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handle(UserToBitConnection userToBitConnection, int i, ByteBuf byteBuf, ByteBuf byteBuf2, ResponseSender responseSender) throws RpcException {
        if (!this.authComplete) {
            throw new RpcException(String.format("Request of type %d is not allowed without authentication. Remote on %s must authenticate before making requests. Connection dropped.", Integer.valueOf(i), userToBitConnection.getRemoteAddress()));
        }
        switch (i) {
            case 6:
                this.queryResultHandler.batchArrived(userToBitConnection, byteBuf, byteBuf2);
                responseSender.send(new Response(UserProtos.RpcType.ACK, Acks.OK, new ByteBuf[0]));
                return;
            case DrillParserImplConstants.ALLOCATE /* 10 */:
                this.queryResultHandler.resultArrived(byteBuf);
                responseSender.send(new Response(UserProtos.RpcType.ACK, Acks.OK, new ByteBuf[0]));
                return;
            default:
                throw new RpcException(String.format("Unknown Rpc Type %d. ", Integer.valueOf(i)));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateHandshake(UserProtos.BitToUserHandshake bitToUserHandshake) throws RpcException {
        if (bitToUserHandshake.hasServerInfos()) {
            this.serverInfos = bitToUserHandshake.getServerInfos();
        }
        this.supportedMethods = Sets.immutableEnumSet(bitToUserHandshake.getSupportedMethodsList());
        switch (AnonymousClass5.$SwitchMap$org$apache$drill$exec$proto$UserProtos$HandshakeStatus[bitToUserHandshake.getStatus().ordinal()]) {
            case 1:
            default:
                return;
            case 2:
                this.authComplete = false;
                this.serverAuthMechanisms = ImmutableList.copyOf(bitToUserHandshake.getAuthenticationMechanismsList());
                ((UserToBitConnection) this.connection).setEncryption(bitToUserHandshake.hasEncrypted() && bitToUserHandshake.getEncrypted());
                if (bitToUserHandshake.hasMaxWrappedSize()) {
                    ((UserToBitConnection) this.connection).setMaxWrappedSize(bitToUserHandshake.getMaxWrappedSize());
                }
                logger.trace(String.format("Server requires authentication with encryption context %s before proceeding.", ((UserToBitConnection) this.connection).getEncryptionCtxtString()));
                return;
            case 3:
            case 4:
            case 5:
                String format = String.format("Status: %s, Error Id: %s, Error message: %s", bitToUserHandshake.getStatus(), bitToUserHandshake.getErrorId(), bitToUserHandshake.getErrorMessage());
                logger.error(format);
                throw new NonTransientRpcException(format);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: initRemoteConnection, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public UserToBitConnection m844initRemoteConnection(SocketChannel socketChannel) {
        super.initRemoteConnection(socketChannel);
        return new UserToBitConnection(socketChannel);
    }

    public ProtobufLengthDecoder getDecoder(BufferAllocator bufferAllocator) {
        return new UserProtobufLengthDecoder(bufferAllocator, OutOfMemoryHandler.DEFAULT_INSTANCE);
    }

    public DrillRpcFuture<UserProtos.QueryPlanFragments> planQuery(UserProtos.GetQueryPlanFragments getQueryPlanFragments) {
        return send(UserProtos.RpcType.GET_QUERY_PLAN_FRAGMENTS, getQueryPlanFragments, UserProtos.QueryPlanFragments.class, new ByteBuf[0]);
    }
}
