package alluxio.security.authentication;

import alluxio.conf.AlluxioConfiguration;
import alluxio.conf.PropertyKey;
import alluxio.core.client.runtime.io.grpc.CallOptions;
import alluxio.core.client.runtime.io.grpc.Channel;
import alluxio.core.client.runtime.io.grpc.ClientCall;
import alluxio.core.client.runtime.io.grpc.ClientInterceptors;
import alluxio.core.client.runtime.io.grpc.ConnectivityState;
import alluxio.core.client.runtime.io.grpc.ManagedChannel;
import alluxio.core.client.runtime.io.grpc.MethodDescriptor;
import alluxio.exception.status.AlluxioStatusException;
import alluxio.exception.status.UnauthenticatedException;
import alluxio.exception.status.UnknownException;
import alluxio.grpc.ChannelAuthenticationScheme;
import alluxio.grpc.GrpcServerAddress;
import alluxio.grpc.SaslAuthenticationServiceGrpc;
import alluxio.security.authentication.plain.SaslClientHandlerPlain;
import java.net.SocketAddress;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:alluxio/security/authentication/ChannelAuthenticator.class */
public class ChannelAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(ChannelAuthenticator.class);
    private AlluxioConfiguration mConfiguration;
    protected Subject mParentSubject;
    protected String mUserName;
    protected String mPassword;
    protected String mImpersonationUser;
    protected AuthType mAuthType;
    protected final long mGrpcAuthTimeoutMs;
    protected boolean mUseSubject = true;
    protected UUID mChannelId = UUID.randomUUID();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:alluxio/security/authentication/ChannelAuthenticator$DefaultAuthenticatedChannel.class */
    public class DefaultAuthenticatedChannel extends AuthenticatedChannel {
        private final GrpcServerAddress mServerAddress;
        private final ManagedChannel mManagedChannel;
        private Channel mChannel;
        private AtomicBoolean mAuthenticated = new AtomicBoolean(false);
        private SaslStreamClientDriver mClientDriver;

        DefaultAuthenticatedChannel(GrpcServerAddress grpcServerAddress, ManagedChannel managedChannel) throws AlluxioStatusException {
            this.mServerAddress = grpcServerAddress;
            this.mManagedChannel = managedChannel;
            authenticate();
        }

        public void authenticate() throws AlluxioStatusException {
            try {
                SaslClientHandler createSaslClientHandler = createSaslClientHandler(this.mServerAddress, getChannelAuthScheme(ChannelAuthenticator.this.mParentSubject, this.mServerAddress.getSocketAddress()), ChannelAuthenticator.this.mParentSubject);
                Throwable th = null;
                try {
                    try {
                        this.mClientDriver = new SaslStreamClientDriver(new DefaultSaslHandshakeClientHandler(createSaslClientHandler), this.mAuthenticated, ChannelAuthenticator.this.mChannelId, ChannelAuthenticator.this.mGrpcAuthTimeoutMs);
                        this.mClientDriver.setServerObserver(SaslAuthenticationServiceGrpc.newStub(this.mManagedChannel).authenticate(this.mClientDriver));
                        this.mClientDriver.start();
                        this.mManagedChannel.notifyWhenStateChanged(ConnectivityState.READY, () -> {
                            this.mAuthenticated.set(false);
                        });
                        this.mChannel = ClientInterceptors.intercept(this.mManagedChannel, new ChannelIdInjector(ChannelAuthenticator.this.mChannelId));
                        if (createSaslClientHandler != null) {
                            if (0 != 0) {
                                try {
                                    createSaslClientHandler.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                createSaslClientHandler.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                String format = String.format("Channel authentication failed. ChannelId: %s, AuthType: %s, Target: %s, Error: %s", ChannelAuthenticator.this.mChannelId, ChannelAuthenticator.this.mAuthType, this.mManagedChannel.authority(), e.toString());
                ChannelAuthenticator.LOG.warn(format);
                if (!(e instanceof AlluxioStatusException)) {
                    throw new UnknownException(format, e);
                }
                throw AlluxioStatusException.from(((AlluxioStatusException) e).getStatus().withDescription(format).withCause(e));
            }
        }

        private ChannelAuthenticationScheme getChannelAuthScheme(Subject subject, SocketAddress socketAddress) throws UnauthenticatedException {
            switch (ChannelAuthenticator.this.mAuthType) {
                case NOSASL:
                    return ChannelAuthenticationScheme.NOSASL;
                case SIMPLE:
                    return ChannelAuthenticationScheme.SIMPLE;
                case CUSTOM:
                    return ChannelAuthenticationScheme.CUSTOM;
                default:
                    throw new UnauthenticatedException(String.format("Configured authentication type is not supported: %s", ChannelAuthenticator.this.mAuthType.getAuthName()));
            }
        }

        private SaslClientHandler createSaslClientHandler(GrpcServerAddress grpcServerAddress, ChannelAuthenticationScheme channelAuthenticationScheme, Subject subject) throws UnauthenticatedException {
            switch (channelAuthenticationScheme) {
                case SIMPLE:
                case CUSTOM:
                    return ChannelAuthenticator.this.mUseSubject ? new SaslClientHandlerPlain(ChannelAuthenticator.this.mParentSubject, ChannelAuthenticator.this.mConfiguration) : new SaslClientHandlerPlain(ChannelAuthenticator.this.mUserName, ChannelAuthenticator.this.mPassword, ChannelAuthenticator.this.mImpersonationUser);
                default:
                    throw new UnauthenticatedException(String.format("Channel authentication scheme not supported: %s", channelAuthenticationScheme.name()));
            }
        }

        @Override // alluxio.core.client.runtime.io.grpc.Channel
        public <RequestT, ResponseT> ClientCall<RequestT, ResponseT> newCall(MethodDescriptor<RequestT, ResponseT> methodDescriptor, CallOptions callOptions) {
            return this.mChannel.newCall(methodDescriptor, callOptions);
        }

        @Override // alluxio.core.client.runtime.io.grpc.Channel
        public String authority() {
            return this.mChannel.authority();
        }

        @Override // alluxio.security.authentication.AuthenticatedChannel
        public boolean isAuthenticated() {
            return this.mAuthenticated.get();
        }

        @Override // alluxio.security.authentication.AuthenticatedChannel
        public UUID getChannelId() {
            return ChannelAuthenticator.this.mChannelId;
        }

        @Override // alluxio.security.authentication.AuthenticatedChannel
        public void close() {
            this.mClientDriver.stop();
        }
    }

    public ChannelAuthenticator(Subject subject, AlluxioConfiguration alluxioConfiguration) {
        this.mParentSubject = subject;
        this.mConfiguration = alluxioConfiguration;
        this.mAuthType = (AuthType) alluxioConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
        this.mGrpcAuthTimeoutMs = alluxioConfiguration.getMs(PropertyKey.NETWORK_CONNECTION_AUTH_TIMEOUT);
    }

    public ChannelAuthenticator(String str, String str2, String str3, AuthType authType, long j) {
        this.mUserName = str;
        this.mPassword = str2;
        this.mImpersonationUser = str3;
        this.mAuthType = authType;
        this.mGrpcAuthTimeoutMs = j;
    }

    public AuthenticatedChannel authenticate(GrpcServerAddress grpcServerAddress, ManagedChannel managedChannel) throws AlluxioStatusException {
        LOG.debug("Channel authentication initiated. ChannelId:{}, AuthType:{}, Target:{}", this.mChannelId, this.mAuthType, managedChannel.authority());
        return new DefaultAuthenticatedChannel(grpcServerAddress, managedChannel);
    }
}
