package org.apache.accumulo.server;

import com.google.common.base.Preconditions;
import java.io.IOException;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.ZooKeeperInstance;
import org.apache.accumulo.core.client.impl.ClientContext;
import org.apache.accumulo.core.client.impl.ConnectorImpl;
import org.apache.accumulo.core.client.impl.Credentials;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.conf.SiteConfiguration;
import org.apache.accumulo.core.rpc.SslConnectionParams;
import org.apache.accumulo.core.util.DeprecationUtil;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.conf.ServerConfigurationFactory;
import org.apache.accumulo.server.rpc.SaslServerConnectionParams;
import org.apache.accumulo.server.rpc.ThriftServerType;
import org.apache.accumulo.server.security.SecurityUtil;
import org.apache.accumulo.server.security.SystemCredentials;
import org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager;
import org.apache.hadoop.security.UserGroupInformation;

/* loaded from: input_file:org/apache/accumulo/server/AccumuloServerContext.class */
public class AccumuloServerContext extends ClientContext {
    private final ServerConfigurationFactory confFactory;
    private AuthenticationTokenSecretManager secretManager;

    public AccumuloServerContext(ServerConfigurationFactory serverConfigurationFactory) {
        this(serverConfigurationFactory, null);
    }

    public AccumuloServerContext(ServerConfigurationFactory serverConfigurationFactory, AuthenticationTokenSecretManager authenticationTokenSecretManager) {
        super(serverConfigurationFactory.getInstance(), getCredentials(serverConfigurationFactory.getInstance()), serverConfigurationFactory.getConfiguration());
        this.confFactory = serverConfigurationFactory;
        this.secretManager = authenticationTokenSecretManager;
        if (null != m1getSaslParams()) {
            enforceKerberosLogin();
        }
    }

    void enforceKerberosLogin() {
        String serverPrincipal = SecurityUtil.getServerPrincipal(this.confFactory.getSiteConfiguration().get(Property.GENERAL_KERBEROS_PRINCIPAL));
        try {
            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            Preconditions.checkArgument(loginUser.hasKerberosCredentials(), "Server does not have Kerberos credentials");
            Preconditions.checkArgument(serverPrincipal.equals(loginUser.getUserName()), "Expected login user to be " + serverPrincipal + " but was " + loginUser.getUserName());
        } catch (IOException e) {
            throw new RuntimeException("Could not get login user", e);
        }
    }

    private static Credentials getCredentials(Instance instance) {
        return DeprecationUtil.isMockInstance(instance) ? new Credentials("mockSystemUser", new PasswordToken("mockSystemPassword")) : SystemCredentials.get(instance);
    }

    public ServerConfigurationFactory getServerConfigurationFactory() {
        return this.confFactory;
    }

    public SslConnectionParams getServerSslParams() {
        return SslConnectionParams.forServer(getConfiguration());
    }

    /* renamed from: getSaslParams, reason: merged with bridge method [inline-methods] */
    public SaslServerConnectionParams m1getSaslParams() {
        SiteConfiguration siteConfiguration = getServerConfigurationFactory().getSiteConfiguration();
        if (siteConfiguration.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
            return new SaslServerConnectionParams((AccumuloConfiguration) siteConfiguration, getCredentials().getToken(), this.secretManager);
        }
        return null;
    }

    public ThriftServerType getThriftServerType() {
        AccumuloConfiguration configuration = getConfiguration();
        if (configuration.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED)) {
            if (configuration.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
                throw new IllegalStateException("Cannot create a Thrift server capable of both SASL and SSL");
            }
            return ThriftServerType.SSL;
        }
        if (!configuration.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
            return ThriftServerType.get(configuration.get(Property.GENERAL_RPC_SERVER_TYPE));
        }
        if (configuration.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED)) {
            throw new IllegalStateException("Cannot create a Thrift server capable of both SASL and SSL");
        }
        return ThriftServerType.SASL;
    }

    public void setSecretManager(AuthenticationTokenSecretManager authenticationTokenSecretManager) {
        this.secretManager = authenticationTokenSecretManager;
    }

    public AuthenticationTokenSecretManager getSecretManager() {
        return this.secretManager;
    }

    public Connector getConnector() throws AccumuloException, AccumuloSecurityException {
        if (this.conn == null) {
            if ((this.inst instanceof ZooKeeperInstance) || (this.inst instanceof HdfsZooInstance)) {
                this.conn = new ConnectorImpl(this);
            } else {
                Credentials credentials = getCredentials();
                this.conn = getInstance().getConnector(credentials.getPrincipal(), credentials.getToken());
            }
        }
        return this.conn;
    }
}
