package org.apache.ranger.hms;

import java.io.IOException;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.rms.util.PropertiesUtil;
import org.apache.ranger.rms.util.RMSToHMSKerberosContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/hms/HiveSimpleConnectionFactory.class */
public final class HiveSimpleConnectionFactory implements HiveConnectionFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(HiveSimpleConnectionFactory.class);
    private final Configuration conf;
    private final boolean insecure;
    private String hmsName;
    private RMSToHMSKerberosContext kerberosContext = null;

    public HiveSimpleConnectionFactory(Configuration configuration) {
        this.conf = configuration;
        this.insecure = !configuration.getBoolean("hive.metastore.sasl.enabled", true);
    }

    public void init(String str) throws IOException, LoginException {
        this.hmsName = str;
        if (this.insecure) {
            LOGGER.info("Using insecure connection to HMS");
            return;
        }
        String principal = SecureClientLogin.getPrincipal(this.conf.get("ranger-rms.kerberos.principal"), this.conf.get("ranger-rms.service.host"));
        String str2 = this.conf.get("ranger-rms.kerberos.keytab");
        String str3 = this.conf.get("hadoop.security.auth_to_local", PropertiesUtil.getProperty("hadoop.security.auth_to_local", "DEFAULT"));
        LOGGER.info("principal:" + principal);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("keytab:" + str2);
        }
        if (SecureClientLogin.isKerberosCredentialExists(principal, str2)) {
            LOGGER.info("nameRules:" + str3);
            this.kerberosContext = new RMSToHMSKerberosContext(principal, str2, false);
        }
    }

    @Override // org.apache.ranger.hms.HiveConnectionFactory
    public HMSClient connect() throws IOException, InterruptedException {
        return new HMSClient((HiveMetaStoreClient) (this.insecure ? UserGroupInformation.getCurrentUser() : UserGroupInformation.getUGIFromSubject(this.kerberosContext.getSubject())).doAs(() -> {
            return new HiveMetaStoreClient(this.conf);
        }), this.hmsName);
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        if (this.kerberosContext != null) {
            this.kerberosContext.shutDown();
            this.kerberosContext = null;
        }
    }
}
