package com.amazon.hive.hivecommon.api;

import com.amazon.hive.hivecommon.AuthMech;
import com.amazon.hive.hivecommon.HiveJDBCSettings;
import com.amazon.hive.hivecommon.api.TETSSLTransportFactory;
import com.amazon.hive.hivecommon.core.HiveJDBCCommonDriver;
import com.amazon.hive.hivecommon.exceptions.HiveJDBCMessageKey;
import com.amazon.hive.jdbc.kerberos.Kerberos;
import com.amazon.hive.support.ILogger;
import com.amazon.hive.support.IMessageSource;
import com.amazon.hive.support.IWarningListener;
import com.amazon.hive.support.LogUtilities;
import com.amazon.hive.support.exceptions.ErrorException;
import java.util.HashMap;
import java.util.Locale;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.hive.service.auth.PlainSaslServer;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;

/* loaded from: input_file:com/amazon/hive/hivecommon/api/HiveServer2ClientFactory.class */
public class HiveServer2ClientFactory implements IHiveClientFactory {
    @Override // com.amazon.hive.hivecommon.api.IHiveClientFactory
    public IHiveClient createClient(HiveJDBCSettings hiveJDBCSettings, ILogger iLogger, IWarningListener iWarningListener) throws ErrorException {
        return new HS2Client(hiveJDBCSettings, new TBinaryProtocol(createTransport(hiveJDBCSettings, iWarningListener.getMessageSource(), iWarningListener.getLocale(), iLogger)), iLogger, iWarningListener);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x008e. Please report as an issue. */
    public static TTransport createTransport(HiveJDBCSettings hiveJDBCSettings, IMessageSource iMessageSource, Locale locale, ILogger iLogger) throws ErrorException {
        TTransport tSaslClientTransport;
        AutoCloseable autoCloseable = null;
        TSocket tSocket = null;
        try {
            if (hiveJDBCSettings.m_enableSSL) {
                TETSSLTransportFactory.TETSSLTransportParameters tETSSLTransportParameters = new TETSSLTransportFactory.TETSSLTransportParameters();
                if (null != hiveJDBCSettings.m_sslKeyStore) {
                    tETSSLTransportParameters.setKeyStore(hiveJDBCSettings.m_sslKeyStore, hiveJDBCSettings.m_sslKeyStorePwd);
                }
                if (null != hiveJDBCSettings.m_sslTrustStore) {
                    tETSSLTransportParameters.setTrustStore(hiveJDBCSettings.m_sslTrustStore, hiveJDBCSettings.m_sslTrustStorePwd);
                }
                tETSSLTransportParameters.requireClientAuth(false);
                tETSSLTransportParameters.allowSelfSigned(hiveJDBCSettings.m_allowSelfSigned);
                tETSSLTransportParameters.certNamesMismatch(hiveJDBCSettings.m_certNamesMismatch);
                tSocket = TETSSLTransportFactory.getClientSocket(hiveJDBCSettings.m_host, hiveJDBCSettings.m_port, hiveJDBCSettings.m_timeout, tETSSLTransportParameters);
            } else {
                tSocket = new TSocket(hiveJDBCSettings.m_host, hiveJDBCSettings.m_port, hiveJDBCSettings.m_timeout);
            }
            switch (hiveJDBCSettings.m_authMech) {
                case NOAUTH:
                    tSaslClientTransport = tSocket;
                    if (hiveJDBCSettings.m_authMech == AuthMech.NOAUTH || !hiveJDBCSettings.m_enableSSL) {
                        tSaslClientTransport.open();
                    }
                    return tSaslClientTransport;
                case SASL_KERBEROS:
                    Subject subjectViaAccessControlContext = Kerberos.getSubjectViaAccessControlContext(iLogger);
                    if (iLogger.isEnabled() && null != subjectViaAccessControlContext) {
                        LogUtilities.logError("Kerberos subject retrieved via AccessControlContext", iLogger);
                    }
                    if (null == subjectViaAccessControlContext) {
                        try {
                            subjectViaAccessControlContext = Kerberos.getSubjectViaJAASConfig(iLogger);
                            if (iLogger.isEnabled() && null != subjectViaAccessControlContext) {
                                LogUtilities.logError("Kerberos subject retrieved via JAAS config", iLogger);
                            }
                            if (null == subjectViaAccessControlContext) {
                                try {
                                    subjectViaAccessControlContext = Kerberos.getSubjectViaTicketCache(iLogger);
                                    if (iLogger.isEnabled() && null != subjectViaAccessControlContext) {
                                        LogUtilities.logError("Kerberos subject retrieved via ticket cache lookup", iLogger);
                                    }
                                } catch (LoginException e) {
                                    ErrorException createGeneralException = HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE.name(), e.getMessage());
                                    createGeneralException.initCause(e);
                                    throw createGeneralException;
                                }
                            }
                        } catch (LoginException e2) {
                            ErrorException createGeneralException2 = HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_KERBEROS_AUTHENTICATION_ERROR_GET_JAASCONFIGURE.name(), e2.getMessage());
                            createGeneralException2.initCause(e2);
                            throw createGeneralException2;
                        }
                    }
                    if (null == subjectViaAccessControlContext) {
                        throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SASL_KERSEROS_ERR.name(), "Cannot setup Kerberos authentication");
                    }
                    if (null == hiveJDBCSettings.m_krbServiceName || null == hiveJDBCSettings.m_krbHostFQDN) {
                        throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SASL_KERSEROS_ERR.name(), "kerberos service name error");
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put("javax.security.sasl.qop", "auth,auth-int,auth-conf");
                    hashMap.put("javax.security.sasl.server.authentication", "true");
                    HiveServerPrivilegedAction hiveServerPrivilegedAction = new HiveServerPrivilegedAction(null, tSocket, hiveJDBCSettings.m_krbServiceName, hiveJDBCSettings.m_krbHostFQDN, iMessageSource, locale);
                    Subject.doAs(subjectViaAccessControlContext, hiveServerPrivilegedAction);
                    return hiveServerPrivilegedAction.getTransKerberos();
                case SASL_PLAIN_UID:
                case SASL_PLAIN_UIDPWD:
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("javax.security.sasl.qop", "true");
                    hashMap2.put("javax.security.sasl.qop", "auth-conf");
                    tSaslClientTransport = new TSaslClientTransport(hiveJDBCSettings.m_authMech == AuthMech.SASL_KERBEROS ? "GSSAPI" : PlainSaslServer.PLAIN_METHOD, null, hiveJDBCSettings.m_krbServiceName, hiveJDBCSettings.m_krbHostFQDN, hashMap2, new SaslCallbackHandler(hiveJDBCSettings), tSocket);
                    if (hiveJDBCSettings.m_authMech == AuthMech.NOAUTH) {
                        break;
                    }
                    tSaslClientTransport.open();
                    return tSaslClientTransport;
                default:
                    throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_CREATE_AUTHENTICATION_TRANSPORT_ERR.name(), "Unexpected authentication mechanism selected!");
            }
        } catch (Exception e3) {
            if (0 != 0) {
                autoCloseable.close();
            }
            if (tSocket != null) {
                tSocket.close();
            }
            ErrorException createGeneralException3 = HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_CREATE_AUTHENTICATION_TRANSPORT_ERR.name(), e3.getMessage());
            createGeneralException3.initCause(e3);
            throw createGeneralException3;
        }
    }
}
