package org.apache.flume.api;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import org.apache.flume.FlumeException;
import org.apache.flume.auth.FlumeAuthenticationUtil;
import org.apache.flume.auth.FlumeAuthenticator;
import org.apache.flume.auth.PrivilegedExecutor;
import org.apache.naming.ResourceRef;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;

/* loaded from: input_file:META-INF/bundled-dependencies/flume-ng-auth-1.11.0.jar:org/apache/flume/api/SecureThriftRpcClient.class */
public class SecureThriftRpcClient extends ThriftRpcClient {
    private static final String CLIENT_PRINCIPAL = "client-principal";
    private static final String CLIENT_KEYTAB = "client-keytab";
    private static final String SERVER_PRINCIPAL = "server-principal";
    private String serverPrincipal;
    private FlumeAuthenticator privilegedExecutor;

    /* loaded from: input_file:META-INF/bundled-dependencies/flume-ng-auth-1.11.0.jar:org/apache/flume/api/SecureThriftRpcClient$UgiSaslClientTransport.class */
    public static class UgiSaslClientTransport extends TSaslClientTransport {
        PrivilegedExecutor privilegedExecutor;

        public UgiSaslClientTransport(String str, String str2, String str3, String str4, Map<String, String> map, CallbackHandler callbackHandler, TTransport tTransport, PrivilegedExecutor privilegedExecutor) throws IOException, TTransportException {
            super(str, str2, str3, str4, map, callbackHandler, tTransport);
            this.privilegedExecutor = privilegedExecutor;
        }

        @Override // org.apache.thrift.transport.TSaslClientTransport, org.apache.thrift.transport.TSaslTransport, org.apache.thrift.transport.TTransport
        public void open() throws FlumeException {
            try {
                this.privilegedExecutor.execute(new PrivilegedExceptionAction<Void>() { // from class: org.apache.flume.api.SecureThriftRpcClient.UgiSaslClientTransport.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws FlumeException {
                        UgiSaslClientTransport.this.callSuperClassOpen();
                        return null;
                    }
                });
            } catch (InterruptedException e) {
                throw new FlumeException("Interrupted while opening underlying transport", e);
            } catch (Exception e2) {
                throw new FlumeException("Failed to open SASL transport", e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void callSuperClassOpen() throws FlumeException {
            try {
                super.open();
            } catch (TTransportException e) {
                throw new FlumeException("Failed to open SASL transport", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.flume.api.ThriftRpcClient, org.apache.flume.api.AbstractRpcClient
    public void configure(Properties properties) throws FlumeException {
        super.configure(properties);
        this.serverPrincipal = properties.getProperty(SERVER_PRINCIPAL);
        if (this.serverPrincipal == null || this.serverPrincipal.isEmpty()) {
            throw new IllegalArgumentException("Flume in secure mode, but Flume config doesn't specify a server principal to use for Kerberos auth.");
        }
        String property = properties.getProperty(CLIENT_PRINCIPAL);
        String property2 = properties.getProperty(CLIENT_KEYTAB);
        this.privilegedExecutor = FlumeAuthenticationUtil.getAuthenticator(property, property2);
        if (!this.privilegedExecutor.isAuthenticated()) {
            throw new FlumeException("Authentication failed in Kerberos mode for principal " + property + " keytab " + property2);
        }
    }

    @Override // org.apache.flume.api.ThriftRpcClient
    protected TTransport getTransport(TSocket tSocket) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", ResourceRef.AUTH);
        try {
            String[] splitKerberosName = FlumeAuthenticationUtil.splitKerberosName(this.serverPrincipal);
            return new UgiSaslClientTransport("GSSAPI", null, splitKerberosName[0], splitKerberosName[1], hashMap, null, tSocket, this.privilegedExecutor);
        } catch (IOException e) {
            throw new FlumeException("Error while trying to resolve Principal name - " + this.serverPrincipal, e);
        }
    }
}
