package org.apache.hive.hcatalog.templeton;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hive.hcatalog.common.HCatUtil;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/hcatalog/templeton/SecureProxySupport.class */
public class SecureProxySupport {
    private Path tokenPath;
    public static final String HCAT_SERVICE = "hcat";
    private final boolean isEnabled = UserGroupInformation.isSecurityEnabled();
    private String user;
    private static final Logger LOG = LoggerFactory.getLogger(SecureProxySupport.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hive/hcatalog/templeton/SecureProxySupport$TokenWrapper.class */
    public static class TokenWrapper {
        Token<?>[] tokens;

        private TokenWrapper() {
            this.tokens = new Token[0];
        }
    }

    public Path getTokenPath() {
        return this.tokenPath;
    }

    public String getHcatServiceStr() {
        return HCAT_SERVICE;
    }

    public Path open(String str, Configuration configuration) throws IOException, InterruptedException {
        close();
        if (this.isEnabled) {
            this.user = str;
            this.tokenPath = new Path(File.createTempFile(Main.SERVLET_PATH, null).toURI());
            Token<?>[] fSDelegationToken = getFSDelegationToken(str, configuration);
            try {
                String buildHcatDelegationToken = buildHcatDelegationToken(str);
                if (buildHcatDelegationToken == null) {
                    LOG.error("open(" + str + ") token=null");
                }
                Token<?> token = new Token<>();
                token.decodeFromUrlString(buildHcatDelegationToken);
                token.setService(new Text(HCAT_SERVICE));
                writeProxyDelegationTokens(fSDelegationToken, token, configuration, str, this.tokenPath);
            } catch (Exception e) {
                throw new IOException(e);
            }
        }
        return this.tokenPath;
    }

    public void close() {
        if (this.tokenPath != null) {
            new File(this.tokenPath.toUri()).delete();
            try {
                File file = new File(new URI(this.tokenPath.getParent() + File.separator + "." + this.tokenPath.getName() + ".crc"));
                if (file.exists()) {
                    file.delete();
                }
            } catch (URISyntaxException e) {
                LOG.error("Failed to delete token crc file.", e);
            }
            this.tokenPath = null;
        }
    }

    public void addEnv(Map<String, String> map) {
        if (this.isEnabled) {
            map.put("HADOOP_TOKEN_FILE_LOCATION", getTokenPath().toUri().getPath());
        }
    }

    public void addArgs(List<String> list) {
        if (this.isEnabled) {
            list.add("-D");
            list.add(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE + "=" + getHcatServiceStr());
            list.add("-D");
            list.add("proxy.user.name=" + this.user);
        }
    }

    private Token<?>[] getFSDelegationToken(String str, final Configuration configuration) throws IOException, InterruptedException {
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        final UserGroupInformation ugi = UgiFactory.getUgi(str);
        final TokenWrapper tokenWrapper = new TokenWrapper();
        ugi.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException, URISyntaxException {
                Credentials credentials = new Credentials();
                SecureProxySupport.collectTokens(FileSystem.get(configuration), tokenWrapper, credentials, ugi.getShortUserName());
                for (String str2 : configuration.getStringCollection("mapreduce.job.hdfs-servers")) {
                    SecureProxySupport.LOG.debug("Getting tokens for " + str2);
                    SecureProxySupport.collectTokens(FileSystem.get(new URI(str2), configuration), tokenWrapper, credentials, ugi.getShortUserName());
                }
                return null;
            }
        });
        FileSystem.closeAllForUGI(ugi);
        return tokenWrapper.tokens;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void collectTokens(FileSystem fileSystem, TokenWrapper tokenWrapper, Credentials credentials, String str) throws IOException {
        Token[] addDelegationTokens = fileSystem.addDelegationTokens(str, credentials);
        if (addDelegationTokens == null || addDelegationTokens.length <= 0) {
            return;
        }
        tokenWrapper.tokens = (Token[]) ArrayUtils.addAll(tokenWrapper.tokens, addDelegationTokens);
    }

    private void writeProxyDelegationTokens(final Token<?>[] tokenArr, final Token<?> token, final Configuration configuration, String str, final Path path) throws IOException, InterruptedException {
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        UserGroupInformation ugi = UgiFactory.getUgi(str);
        ugi.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                Credentials credentials = new Credentials();
                for (Token token2 : tokenArr) {
                    credentials.addToken(token2.getService(), token2);
                }
                credentials.addToken(token.getService(), token);
                credentials.writeTokenStorageFile(path, configuration);
                return null;
            }
        });
        FileSystem.closeAllForUGI(ugi);
    }

    private String buildHcatDelegationToken(String str) throws IOException, InterruptedException, TException {
        final HiveConf hiveConf = new HiveConf();
        final IMetaStoreClient hiveMetastoreClient = HCatUtil.getHiveMetastoreClient(hiveConf);
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        final UserGroupInformation ugi = UgiFactory.getUgi(str);
        String str2 = (String) ugi.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws IOException, MetaException, TException {
                return hiveMetastoreClient.getDelegationToken(hiveConf.getUser(), ugi.getUserName());
            }
        });
        FileSystem.closeAllForUGI(ugi);
        return str2;
    }
}
