package org.apache.hadoop.hbase.ipc;

import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SocketChannel;
import java.security.PrivilegedExceptionAction;
import java.util.LinkedList;
import java.util.Set;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.HbaseObjectWritable;
import org.apache.hadoop.hbase.io.WritableWithSize;
import org.apache.hadoop.hbase.ipc.HBaseServer;
import org.apache.hadoop.hbase.security.HBaseMultiRealmUserAuthentication;
import org.apache.hadoop.hbase.security.HBaseSaslRpcServer;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Addressing;
import org.apache.hadoop.hbase.util.ByteBufferOutputStream;
import org.apache.hadoop.io.BytesWritable;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.StringUtils;

/* loaded from: input_file:org/apache/hadoop/hbase/ipc/SecureServer.class */
public abstract class SecureServer extends HBaseServer {
    private final boolean authorize;
    private boolean isSecurityEnabled;
    public static final byte CURRENT_VERSION = 4;
    private static final String AUTH_FAILED_FOR = "Auth failed for ";
    private static final String AUTH_SUCCESSFUL_FOR = "Auth successful for ";
    protected SecretManager<TokenIdentifier> secretManager;
    protected ServiceAuthorizationManager authManager;
    public static final ByteBuffer HEADER = ByteBuffer.wrap("srpc".getBytes());
    public static final Set<Byte> INSECURE_VERSIONS = ImmutableSet.of((byte) 3);
    public static final Log LOG = LogFactory.getLog(SecureServer.class);
    private static final Log AUDITLOG = LogFactory.getLog("SecurityLogger." + SecureServer.class.getName());

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/hadoop/hbase/ipc/SecureServer$SecureCall.class */
    public class SecureCall extends HBaseServer.Call {
        public SecureCall(int i, Writable writable, HBaseServer.Connection connection, HBaseServer.Responder responder, long j) {
            super(i, writable, connection, responder, j);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v45, types: [org.apache.hadoop.io.Writable] */
        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Call
        protected synchronized void setResponse(Object obj, Status status, String str, String str2) {
            HbaseObjectWritable hbaseObjectWritable = null;
            if (obj instanceof Writable) {
                hbaseObjectWritable = (Writable) obj;
            } else if (obj != null) {
                hbaseObjectWritable = new HbaseObjectWritable(obj);
            }
            int i = 1024;
            if (hbaseObjectWritable instanceof WritableWithSize) {
                long writableSize = hbaseObjectWritable.getWritableSize() + 4 + 4;
                if (writableSize > 2147483647L) {
                    IOException iOException = new IOException("Result buffer size too large: " + writableSize);
                    str = iOException.getClass().getName();
                    str2 = StringUtils.stringifyException(iOException);
                } else {
                    i = (int) writableSize;
                }
            }
            ByteBufferOutputStream byteBufferOutputStream = new ByteBufferOutputStream(i);
            DataOutputStream dataOutputStream = new DataOutputStream(byteBufferOutputStream);
            try {
                dataOutputStream.writeInt(this.id);
                dataOutputStream.writeInt(status.state);
            } catch (IOException e) {
                str = e.getClass().getName();
                str2 = StringUtils.stringifyException(e);
            }
            try {
                if (status == Status.SUCCESS) {
                    hbaseObjectWritable.write(dataOutputStream);
                } else {
                    WritableUtils.writeString(dataOutputStream, str);
                    WritableUtils.writeString(dataOutputStream, str2);
                }
                if (((SecureConnection) this.connection).useWrap) {
                    wrapWithSasl(byteBufferOutputStream);
                }
            } catch (IOException e2) {
                SecureServer.LOG.warn("Error sending response to call: ", e2);
            }
            this.response = byteBufferOutputStream.getByteBuffer();
        }

        private void wrapWithSasl(ByteBufferOutputStream byteBufferOutputStream) throws IOException {
            byte[] wrap;
            if (((SecureConnection) this.connection).useSasl) {
                ByteBuffer byteBuffer = byteBufferOutputStream.getByteBuffer();
                synchronized (((SecureConnection) this.connection).saslServer) {
                    wrap = ((SecureConnection) this.connection).saslServer.wrap(byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.remaining());
                }
                if (SecureServer.LOG.isTraceEnabled()) {
                    SecureServer.LOG.trace("Adding saslServer wrapped token of size " + wrap.length + " as call response.");
                }
                byteBuffer.clear();
                DataOutputStream dataOutputStream = new DataOutputStream(byteBufferOutputStream);
                dataOutputStream.writeInt(wrap.length);
                dataOutputStream.write(wrap, 0, wrap.length);
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/ipc/SecureServer$SecureConnection.class */
    public class SecureConnection extends HBaseServer.Connection {
        private boolean rpcHeaderRead;
        private boolean headerRead;
        private ByteBuffer data;
        private ByteBuffer dataLengthBuffer;
        protected final LinkedList<SecureCall> responseQueue;
        private int dataLength;
        private InetAddress addr;
        boolean useSasl;
        SaslServer saslServer;
        private HBaseSaslRpcServer.AuthMethod authMethod;
        private boolean saslContextEstablished;
        private boolean skipInitialSaslHandshake;
        private ByteBuffer rpcHeaderBuffer;
        private ByteBuffer unwrappedData;
        private ByteBuffer unwrappedDataLengthBuffer;
        public UserGroupInformation attemptingUser;
        private final int AUTHORIZATION_FAILED_CALLID = -1;
        private static final int SASL_CALLID = -33;
        private final SecureCall saslCall;
        private boolean useWrap;

        public SecureConnection(SocketChannel socketChannel, long j) {
            super(socketChannel, j);
            this.rpcHeaderRead = false;
            this.headerRead = false;
            this.attemptingUser = null;
            this.AUTHORIZATION_FAILED_CALLID = -1;
            this.saslCall = new SecureCall(SASL_CALLID, null, this, null, 0L);
            this.useWrap = false;
            this.header = new SecureConnectionHeader();
            this.channel = socketChannel;
            this.data = null;
            this.dataLengthBuffer = ByteBuffer.allocate(4);
            this.unwrappedData = null;
            this.unwrappedDataLengthBuffer = ByteBuffer.allocate(4);
            this.socket = socketChannel.socket();
            this.addr = this.socket.getInetAddress();
            this.responseQueue = new LinkedList<>();
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        public String toString() {
            return getHostAddress() + Addressing.HOSTNAME_PORT_SEPARATOR + this.remotePort;
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        public String getHostAddress() {
            return this.hostAddress;
        }

        public InetAddress getHostInetAddress() {
            return this.addr;
        }

        private User getAuthorizedUgi(String str) throws IOException {
            if (this.authMethod != HBaseSaslRpcServer.AuthMethod.DIGEST) {
                return User.create(UserGroupInformation.createRemoteUser(str));
            }
            TokenIdentifier identifier = HBaseSaslRpcServer.getIdentifier(str, SecureServer.this.secretManager);
            UserGroupInformation user = identifier.getUser();
            if (user == null) {
                throw new AccessControlException("Can't retrieve username from tokenIdentifier.");
            }
            user.addTokenIdentifier(identifier);
            return User.create(user);
        }

        private void saslReadAndProcess(byte[] bArr) throws IOException, InterruptedException {
            if (this.saslContextEstablished) {
                if (SecureServer.LOG.isTraceEnabled()) {
                    SecureServer.LOG.trace("Have read input token of size " + bArr.length + " for processing by saslServer.unwrap()");
                }
                if (this.useWrap) {
                    processUnwrappedData(this.saslServer.unwrap(bArr, 0, bArr.length));
                    return;
                } else {
                    processOneRpc(bArr);
                    return;
                }
            }
            try {
                if (this.saslServer == null) {
                    switch (this.authMethod) {
                        case DIGEST:
                            if (SecureServer.this.secretManager != null) {
                                this.saslServer = Sasl.createSaslServer(HBaseSaslRpcServer.AuthMethod.DIGEST.getMechanismName(), (String) null, HBaseSaslRpcServer.SASL_DEFAULT_REALM, HBaseSaslRpcServer.SASL_PROPS, new HBaseSaslRpcServer.SaslDigestCallbackHandler(SecureServer.this.secretManager, this));
                                break;
                            } else {
                                throw new AccessControlException("Server is not configured to do DIGEST authentication.");
                            }
                        case KERBEROS_USER_REALM:
                            createSaslServer(HBaseMultiRealmUserAuthentication.getServerUGIForUserRealm(SecureServer.this.conf));
                            break;
                        default:
                            createSaslServer(UserGroupInformation.getCurrentUser());
                            break;
                    }
                    if (this.saslServer == null) {
                        throw new AccessControlException("Unable to find SASL server implementation for " + this.authMethod.getMechanismName());
                    }
                    if (SecureServer.LOG.isTraceEnabled()) {
                        SecureServer.LOG.trace("Created SASL server with mechanism = " + this.authMethod.getMechanismName());
                    }
                }
                if (SecureServer.LOG.isTraceEnabled()) {
                    SecureServer.LOG.trace("Have read input token of size " + bArr.length + " for processing by saslServer.evaluateResponse()");
                }
                byte[] evaluateResponse = this.saslServer.evaluateResponse(bArr);
                if (evaluateResponse != null) {
                    if (SecureServer.LOG.isTraceEnabled()) {
                        SecureServer.LOG.trace("Will send token of size " + evaluateResponse.length + " from saslServer.");
                    }
                    doSaslReply(HBaseSaslRpcServer.SaslStatus.SUCCESS, new BytesWritable(evaluateResponse), null, null);
                }
                if (this.saslServer.isComplete()) {
                    if (SecureServer.LOG.isDebugEnabled()) {
                        SecureServer.LOG.debug("SASL server context established. Negotiated QoP is " + this.saslServer.getNegotiatedProperty("javax.security.sasl.qop"));
                    }
                    String str = (String) this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
                    this.useWrap = (str == null || "auth".equalsIgnoreCase(str)) ? false : true;
                    this.ticket = getAuthorizedUgi(this.saslServer.getAuthorizationID());
                    if (SecureServer.LOG.isDebugEnabled()) {
                        SecureServer.LOG.debug("SASL server successfully authenticated client: " + this.ticket);
                    }
                    SecureServer.this.rpcMetrics.authenticationSuccesses.inc();
                    SecureServer.AUDITLOG.info(SecureServer.AUTH_SUCCESSFUL_FOR + this.ticket);
                    this.saslContextEstablished = true;
                }
            } catch (IOException e) {
                SecretManager.InvalidToken invalidToken = e;
                SecretManager.InvalidToken invalidToken2 = e;
                while (true) {
                    SecretManager.InvalidToken invalidToken3 = invalidToken2;
                    if (invalidToken3 == null) {
                        break;
                    }
                    if (invalidToken3 instanceof SecretManager.InvalidToken) {
                        invalidToken = invalidToken3;
                        break;
                    }
                    invalidToken2 = invalidToken3.getCause();
                }
                doSaslReply(HBaseSaslRpcServer.SaslStatus.ERROR, null, invalidToken.getClass().getName(), invalidToken.getLocalizedMessage());
                SecureServer.this.rpcMetrics.authenticationFailures.inc();
                SecureServer.AUDITLOG.warn(SecureServer.AUTH_FAILED_FOR + toString() + Addressing.HOSTNAME_PORT_SEPARATOR + this.attemptingUser);
                throw e;
            }
        }

        private void createSaslServer(UserGroupInformation userGroupInformation) throws AccessControlException, IOException, InterruptedException {
            String userName = userGroupInformation.getUserName();
            if (SecureServer.LOG.isDebugEnabled()) {
                SecureServer.LOG.debug("Kerberos principal name is " + userName);
            }
            final String[] splitKerberosName = HBaseSaslRpcServer.splitKerberosName(userName);
            if (splitKerberosName.length != 3) {
                throw new AccessControlException("Kerberos principal name does NOT have the expected hostname part: " + userName);
            }
            userGroupInformation.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hbase.ipc.SecureServer.SecureConnection.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SaslException {
                    SecureConnection.this.saslServer = Sasl.createSaslServer(HBaseSaslRpcServer.AuthMethod.KERBEROS.getMechanismName(), splitKerberosName[0], splitKerberosName[1], HBaseSaslRpcServer.SASL_PROPS, new HBaseSaslRpcServer.SaslGssCallbackHandler());
                    return null;
                }
            });
        }

        private void doSaslReply(HBaseSaslRpcServer.SaslStatus saslStatus, Writable writable, String str, String str2) throws IOException {
            this.saslCall.setResponse(writable, saslStatus == HBaseSaslRpcServer.SaslStatus.SUCCESS ? Status.SUCCESS : Status.ERROR, str, str2);
            this.saslCall.responder = SecureServer.this.responder;
            this.saslCall.sendResponseIfReady();
        }

        private void disposeSasl() {
            if (this.saslServer != null) {
                try {
                    this.saslServer.dispose();
                } catch (SaslException e) {
                }
            }
        }

        /* JADX WARN: Code restructure failed: missing block: B:40:0x02db, code lost:
        
            return r0;
         */
        /* JADX WARN: Code restructure failed: missing block: B:84:0x00b6, code lost:
        
            if (org.apache.hadoop.hbase.ipc.SecureServer.INSECURE_VERSIONS.contains(java.lang.Integer.valueOf(r0)) == false) goto L28;
         */
        /* JADX WARN: Code restructure failed: missing block: B:85:0x00b9, code lost:
        
            org.apache.hadoop.hbase.ipc.SecureServer.LOG.warn("An insecure client (version '" + ((int) r0) + "') is attempting to connect  to this version '4' secure server from " + r10.hostAddress + org.apache.hadoop.hbase.util.Addressing.HOSTNAME_PORT_SEPARATOR + r10.remotePort);
         */
        /* JADX WARN: Code restructure failed: missing block: B:86:?, code lost:
        
            return -1;
         */
        /* JADX WARN: Code restructure failed: missing block: B:87:0x00fd, code lost:
        
            org.apache.hadoop.hbase.ipc.SecureServer.LOG.warn("Incorrect header or version mismatch from " + r10.hostAddress + org.apache.hadoop.hbase.util.Addressing.HOSTNAME_PORT_SEPARATOR + r10.remotePort + " got version " + ((int) r0) + " expected version 4");
         */
        /* JADX WARN: Code restructure failed: missing block: B:88:0x0139, code lost:
        
            return -1;
         */
        /* JADX WARN: Code restructure failed: missing block: B:92:0x0061, code lost:
        
            return r0;
         */
        /* JADX WARN: Code restructure failed: missing block: B:9:0x002b, code lost:
        
            return r0;
         */
        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public int readAndProcess() throws java.io.IOException, java.lang.InterruptedException {
            /*
                Method dump skipped, instructions count: 732
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.hadoop.hbase.ipc.SecureServer.SecureConnection.readAndProcess():int");
        }

        private void processHeader(byte[] bArr) throws IOException {
            this.header.readFields(new DataInputStream(new ByteArrayInputStream(bArr)));
            try {
                if (this.header.getProtocol() != null) {
                    this.protocol = HBaseServer.getProtocolClass(this.header.getProtocol(), SecureServer.this.conf);
                }
                User user = this.header.getUser();
                if (!this.useSasl) {
                    this.ticket = user;
                    if (this.ticket != null) {
                        this.ticket.getUGI().setAuthenticationMethod(HBaseSaslRpcServer.AuthMethod.SIMPLE.authenticationMethod);
                        return;
                    }
                    return;
                }
                this.ticket.getUGI().setAuthenticationMethod(this.authMethod.authenticationMethod);
                if (user == null || user.getName().equals(this.ticket.getName())) {
                    return;
                }
                if (this.authMethod == HBaseSaslRpcServer.AuthMethod.DIGEST) {
                    throw new AccessControlException("Authenticated user (" + this.ticket + ") doesn't match what the client claims to be (" + user + ")");
                }
                this.ticket = User.create(UserGroupInformation.createProxyUser(user.getName(), this.ticket.getUGI()));
                this.ticket.getUGI().setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.PROXY);
            } catch (ClassNotFoundException e) {
                throw new IOException("Unknown protocol: " + this.header.getProtocol());
            }
        }

        private void processUnwrappedData(byte[] bArr) throws IOException, InterruptedException {
            ReadableByteChannel newChannel = Channels.newChannel(new ByteArrayInputStream(bArr));
            while (true) {
                if (this.unwrappedDataLengthBuffer.remaining() > 0 && (SecureServer.this.channelRead(newChannel, this.unwrappedDataLengthBuffer) <= 0 || this.unwrappedDataLengthBuffer.remaining() > 0)) {
                    return;
                }
                if (this.unwrappedData == null) {
                    this.unwrappedDataLengthBuffer.flip();
                    int i = this.unwrappedDataLengthBuffer.getInt();
                    if (i == -1) {
                        if (SecureServer.LOG.isTraceEnabled()) {
                            SecureServer.LOG.trace("Received ping message");
                        }
                        this.unwrappedDataLengthBuffer.clear();
                    } else {
                        this.unwrappedData = ByteBuffer.allocate(i);
                    }
                }
                if (SecureServer.this.channelRead(newChannel, this.unwrappedData) <= 0 || this.unwrappedData.remaining() > 0) {
                    return;
                }
                if (this.unwrappedData.remaining() == 0) {
                    this.unwrappedDataLengthBuffer.clear();
                    this.unwrappedData.flip();
                    processOneRpc(this.unwrappedData.array());
                    this.unwrappedData = null;
                }
            }
        }

        private void processOneRpc(byte[] bArr) throws IOException, InterruptedException {
            if (this.headerRead) {
                processData(bArr);
                return;
            }
            processHeader(bArr);
            this.headerRead = true;
            if (!authorizeConnection()) {
                throw new AccessControlException("Connection from " + this + " for protocol " + this.header.getProtocol() + " is unauthorized for user " + this.ticket);
            }
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        protected void processData(byte[] bArr) throws IOException, InterruptedException {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            int readInt = dataInputStream.readInt();
            if (SecureServer.LOG.isTraceEnabled()) {
                SecureServer.LOG.trace(" got #" + readInt);
            }
            Writable writable = (Writable) ReflectionUtils.newInstance(SecureServer.this.paramClass, SecureServer.this.conf);
            writable.readFields(dataInputStream);
            SecureCall secureCall = new SecureCall(readInt, writable, this, SecureServer.this.responder, bArr.length);
            if (SecureServer.this.priorityCallQueue != null && SecureServer.this.getQosLevel(writable) > SecureServer.this.highPriorityLevel) {
                SecureServer.this.priorityCallQueue.put(secureCall);
                SecureServer.this.updateCallQueueLenMetrics(SecureServer.this.priorityCallQueue);
            } else if (SecureServer.this.replicationQueue == null || SecureServer.this.getQosLevel(writable) != 5) {
                SecureServer.this.callQueue.put(secureCall);
                SecureServer.this.updateCallQueueLenMetrics(SecureServer.this.callQueue);
            } else {
                SecureServer.this.replicationQueue.put(secureCall);
                SecureServer.this.updateCallQueueLenMetrics(SecureServer.this.replicationQueue);
            }
        }

        private boolean authorizeConnection() throws IOException {
            try {
                if (this.ticket != null && this.ticket.getUGI().getRealUser() != null && this.authMethod != HBaseSaslRpcServer.AuthMethod.DIGEST) {
                    ProxyUsers.authorize(this.ticket.getUGI(), getHostAddress(), SecureServer.this.conf);
                }
                SecureServer.this.authorize(this.ticket, this.header, getHostInetAddress());
                if (SecureServer.LOG.isDebugEnabled()) {
                    SecureServer.LOG.debug("Successfully authorized " + this.header);
                }
                SecureServer.this.rpcMetrics.authorizationSuccesses.inc();
                return true;
            } catch (AuthorizationException e) {
                if (SecureServer.LOG.isDebugEnabled()) {
                    SecureServer.LOG.debug("Connection authorization failed: " + e.getMessage(), e);
                }
                SecureServer.this.rpcMetrics.authorizationFailures.inc();
                SecureCall secureCall = new SecureCall(-1, null, this, null, 0L);
                secureCall.setResponse(null, Status.FATAL, e.getClass().getName(), e.getMessage());
                SecureServer.this.responder.doRespond(secureCall);
                return false;
            }
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        protected synchronized void close() {
            disposeSasl();
            this.data = null;
            this.dataLengthBuffer = null;
            if (this.channel.isOpen()) {
                try {
                    this.socket.shutdownOutput();
                } catch (Exception e) {
                }
                if (this.channel.isOpen()) {
                    try {
                        this.channel.close();
                    } catch (Exception e2) {
                    }
                }
                try {
                    this.socket.close();
                } catch (Exception e3) {
                }
            }
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        public /* bridge */ /* synthetic */ long getLastContact() {
            return super.getLastContact();
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        public /* bridge */ /* synthetic */ void setLastContact(long j) {
            super.setLastContact(j);
        }

        @Override // org.apache.hadoop.hbase.ipc.HBaseServer.Connection
        public /* bridge */ /* synthetic */ int getRemotePort() {
            return super.getRemotePort();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecureServer(String str, int i, Class<? extends Writable> cls, int i2, int i3, Configuration configuration, String str2, int i4) throws IOException {
        super(str, i, cls, i2, i3, configuration, str2, i4);
        this.authorize = configuration.getBoolean("hadoop.security.authorization", false);
        this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
        if (this.isSecurityEnabled) {
            HBaseSaslRpcServer.init(configuration);
        }
    }

    @Override // org.apache.hadoop.hbase.ipc.HBaseServer
    protected HBaseServer.Connection getConnection(SocketChannel socketChannel, long j) {
        return new SecureConnection(socketChannel, j);
    }

    Configuration getConf() {
        return this.conf;
    }

    void disableSecurity() {
        this.isSecurityEnabled = false;
    }

    void enableSecurity() {
        this.isSecurityEnabled = true;
    }

    @Override // org.apache.hadoop.hbase.ipc.HBaseServer, org.apache.hadoop.hbase.ipc.RpcServer
    public synchronized void stop() {
        super.stop();
    }

    public SecretManager<? extends TokenIdentifier> getSecretManager() {
        return this.secretManager;
    }

    public void setSecretManager(SecretManager<? extends TokenIdentifier> secretManager) {
        this.secretManager = secretManager;
    }

    public void authorize(User user, ConnectionHeader connectionHeader, InetAddress inetAddress) throws AuthorizationException {
        if (this.authorize) {
            try {
                Class<? extends VersionedProtocol> protocolClass = getProtocolClass(connectionHeader.getProtocol(), getConf());
                ServiceAuthorizationManager serviceAuthorizationManager = this.authManager;
                ServiceAuthorizationManager.authorize(user != null ? user.getUGI() : null, protocolClass, getConf(), inetAddress);
            } catch (ClassNotFoundException e) {
                throw new AuthorizationException("Unknown protocol: " + connectionHeader.getProtocol());
            }
        }
    }
}
