package io.hops.hudi.org.apache.hadoop.hbase.regionserver;

import io.hops.hudi.org.apache.hadoop.hbase.DoNotRetryIOException;
import io.hops.hudi.org.apache.hadoop.hbase.HConstants;
import io.hops.hudi.org.apache.hadoop.hbase.TableName;
import io.hops.hudi.org.apache.hadoop.hbase.client.Connection;
import io.hops.hudi.org.apache.hadoop.hbase.ipc.RpcServer;
import io.hops.hudi.org.apache.hadoop.hbase.regionserver.HRegion;
import io.hops.hudi.org.apache.hadoop.hbase.security.User;
import io.hops.hudi.org.apache.hadoop.hbase.security.UserProvider;
import io.hops.hudi.org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
import io.hops.hudi.org.apache.hadoop.hbase.security.token.ClientTokenUtil;
import io.hops.hudi.org.apache.hadoop.hbase.security.token.FsDelegationToken;
import io.hops.hudi.org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos;
import io.hops.hudi.org.apache.hadoop.hbase.util.Addressing;
import io.hops.hudi.org.apache.hadoop.hbase.util.Bytes;
import io.hops.hudi.org.apache.hadoop.hbase.util.CommonFSUtils;
import io.hops.hudi.org.apache.hadoop.hbase.util.FSUtils;
import io.hops.hudi.org.apache.hadoop.hbase.util.Methods;
import io.hops.hudi.org.apache.hadoop.hbase.util.Pair;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
import org.apache.commons.lang3.mutable.MutableInt;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:io/hops/hudi/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.class */
public class SecureBulkLoadManager {
    public static final long VERSION = 0;
    private static final int RANDOM_WIDTH = 320;
    private static final int RANDOM_RADIX = 32;
    private static final Logger LOG = LoggerFactory.getLogger(SecureBulkLoadManager.class);
    private static final FsPermission PERM_ALL_ACCESS = FsPermission.valueOf("-rwxrwxrwx");
    private static final FsPermission PERM_HIDDEN = FsPermission.valueOf("-rwx--x--x");
    private SecureRandom random;
    private FileSystem fs;
    private Configuration conf;
    private Path baseStagingDir;
    private UserProvider userProvider;
    private ConcurrentHashMap<UserGroupInformation, MutableInt> ugiReferenceCounter;
    private Connection conn;
    private Consumer<HRegion> fsCreatedListener;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/hops/hudi/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager$SecureBulkLoadListener.class */
    public static class SecureBulkLoadListener implements HRegion.BulkLoadListener {
        private final FileSystem fs;
        private final String stagingDir;
        private final Configuration conf;
        private FileSystem srcFs = null;
        private Map<String, FsPermission> origPermissions;

        public SecureBulkLoadListener(FileSystem fileSystem, String str, Configuration configuration) {
            this.origPermissions = null;
            this.fs = fileSystem;
            this.stagingDir = str;
            this.conf = configuration;
            this.origPermissions = new HashMap();
        }

        @Override // io.hops.hudi.org.apache.hadoop.hbase.regionserver.HRegion.BulkLoadListener
        public String prepareBulkLoad(byte[] bArr, String str, boolean z) throws IOException {
            Path path = new Path(str);
            Path path2 = new Path(this.stagingDir, new Path(Bytes.toString(bArr), path.getName()));
            if (path.equals(path2)) {
                SecureBulkLoadManager.LOG.debug(path.getName() + " is already available in staging directory. Skipping copy or rename.");
                return path2.toString();
            }
            if (this.srcFs == null) {
                this.srcFs = FileSystem.newInstance(path.toUri(), this.conf);
            }
            if (!isFile(path)) {
                throw new IOException("Path does not reference a file: " + path);
            }
            if (!FSUtils.isSameHdfs(this.conf, this.srcFs, this.fs)) {
                SecureBulkLoadManager.LOG.debug("Bulk-load file " + str + " is on different filesystem than the destination filesystem. Copying file over to destination staging dir.");
                FileUtil.copy(this.srcFs, path, this.fs, path2, false, this.conf);
            } else if (z) {
                SecureBulkLoadManager.LOG.debug("Bulk-load file " + str + " is copied to destination staging dir.");
                FileUtil.copy(this.srcFs, path, this.fs, path2, false, this.conf);
            } else {
                SecureBulkLoadManager.LOG.debug("Moving " + path + " to " + path2);
                this.origPermissions.put(str, this.fs.getFileStatus(path).getPermission());
                if (!this.fs.rename(path, path2)) {
                    throw new IOException("Failed to move HFile: " + path + " to " + path2);
                }
            }
            this.fs.setPermission(path2, SecureBulkLoadManager.PERM_ALL_ACCESS);
            return path2.toString();
        }

        @Override // io.hops.hudi.org.apache.hadoop.hbase.regionserver.HRegion.BulkLoadListener
        public void doneBulkLoad(byte[] bArr, String str) throws IOException {
            SecureBulkLoadManager.LOG.debug("Bulk Load done for: " + str);
            closeSrcFs();
        }

        private void closeSrcFs() throws IOException {
            if (this.srcFs != null) {
                this.srcFs.close();
                this.srcFs = null;
            }
        }

        @Override // io.hops.hudi.org.apache.hadoop.hbase.regionserver.HRegion.BulkLoadListener
        public void failedBulkLoad(byte[] bArr, String str) throws IOException {
            try {
                Path path = new Path(str);
                if (this.srcFs == null) {
                    this.srcFs = FileSystem.newInstance(path.toUri(), this.conf);
                }
                if (FSUtils.isSameHdfs(this.conf, this.srcFs, this.fs)) {
                    Path path2 = new Path(this.stagingDir, new Path(Bytes.toString(bArr), path.getName()));
                    if (path.equals(path2)) {
                        SecureBulkLoadManager.LOG.debug(path.getName() + " is already available in source directory. Skipping rename.");
                        closeSrcFs();
                        return;
                    }
                    SecureBulkLoadManager.LOG.debug("Moving " + path2 + " back to " + path);
                    if (!this.fs.rename(path2, path)) {
                        throw new IOException("Failed to move HFile: " + path2 + " to " + path);
                    }
                    if (this.origPermissions.containsKey(str)) {
                        this.fs.setPermission(path, this.origPermissions.get(str));
                    } else {
                        SecureBulkLoadManager.LOG.warn("Can't find previous permission for path=" + str);
                    }
                    closeSrcFs();
                }
            } finally {
                closeSrcFs();
            }
        }

        private boolean isFile(Path path) throws IOException {
            boolean z;
            FileStatus fileStatus = this.srcFs.getFileStatus(path);
            boolean z2 = !fileStatus.isDirectory();
            if (z2) {
                if (!((Boolean) Methods.call(FileStatus.class, fileStatus, "isSymlink", null, null)).booleanValue()) {
                    z = true;
                    z2 = z;
                    return z2;
                }
            }
            z = false;
            z2 = z;
            return z2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureBulkLoadManager(Configuration configuration, Connection connection) {
        this.conf = configuration;
        this.conn = connection;
    }

    public void start() throws IOException {
        this.random = new SecureRandom();
        this.userProvider = UserProvider.instantiate(this.conf);
        this.ugiReferenceCounter = new ConcurrentHashMap<>();
        this.fs = FileSystem.get(this.conf);
        this.baseStagingDir = new Path(CommonFSUtils.getRootDir(this.conf), HConstants.BULKLOAD_STAGING_DIR_NAME);
        if (this.conf.get("hbase.bulkload.staging.dir") != null) {
            LOG.warn("hbase.bulkload.staging.dir  is deprecated. Bulkload staging directory is " + this.baseStagingDir);
        }
        if (this.fs.exists(this.baseStagingDir)) {
            return;
        }
        this.fs.mkdirs(this.baseStagingDir, PERM_HIDDEN);
    }

    public void stop() throws IOException {
    }

    public String prepareBulkLoad(HRegion hRegion, ClientProtos.PrepareBulkLoadRequest prepareBulkLoadRequest) throws IOException {
        User activeUser = getActiveUser();
        hRegion.getCoprocessorHost().prePrepareBulkLoad(activeUser);
        return createStagingDir(this.baseStagingDir, activeUser, hRegion.getTableDescriptor().getTableName()).toString();
    }

    public void cleanupBulkLoad(HRegion hRegion, ClientProtos.CleanupBulkLoadRequest cleanupBulkLoadRequest) throws IOException {
        hRegion.getCoprocessorHost().preCleanupBulkLoad(getActiveUser());
        Path path = new Path(cleanupBulkLoadRequest.getBulkToken());
        if (!this.fs.delete(path, true) && this.fs.exists(path)) {
            throw new IOException("Failed to clean up " + path);
        }
        LOG.trace("Cleaned up {} successfully.", path);
    }

    void setFsCreatedListener(Consumer<HRegion> consumer) {
        this.fsCreatedListener = consumer;
    }

    private void incrementUgiReference(UserGroupInformation userGroupInformation) {
        this.ugiReferenceCounter.compute(userGroupInformation, (userGroupInformation2, mutableInt) -> {
            if (mutableInt == null) {
                mutableInt = new MutableInt(1);
            } else {
                mutableInt.increment();
            }
            return mutableInt;
        });
    }

    private void decrementUgiReference(UserGroupInformation userGroupInformation) {
        this.ugiReferenceCounter.computeIfPresent(userGroupInformation, (userGroupInformation2, mutableInt) -> {
            if (mutableInt.intValue() > 1) {
                mutableInt.decrement();
            } else {
                mutableInt = null;
            }
            return mutableInt;
        });
    }

    private boolean isUserReferenced(UserGroupInformation userGroupInformation) {
        return this.ugiReferenceCounter.containsKey(userGroupInformation);
    }

    public Map<byte[], List<Path>> secureBulkLoadHFiles(HRegion hRegion, ClientProtos.BulkLoadHFileRequest bulkLoadHFileRequest) throws IOException {
        return secureBulkLoadHFiles(hRegion, bulkLoadHFileRequest, null);
    }

    public Map<byte[], List<Path>> secureBulkLoadHFiles(final HRegion hRegion, final ClientProtos.BulkLoadHFileRequest bulkLoadHFileRequest, final List<String> list) throws IOException {
        final ArrayList arrayList = new ArrayList(bulkLoadHFileRequest.getFamilyPathCount());
        for (ClientProtos.BulkLoadHFileRequest.FamilyPath familyPath : bulkLoadHFileRequest.getFamilyPathList()) {
            arrayList.add(new Pair<>(familyPath.getFamily().toByteArray(), familyPath.getPath()));
        }
        Token token = this.userProvider.isHadoopSecurityEnabled() ? new Token(bulkLoadHFileRequest.getFsToken().getIdentifier().toByteArray(), bulkLoadHFileRequest.getFsToken().getPassword().toByteArray(), new Text(bulkLoadHFileRequest.getFsToken().getKind()), new Text(bulkLoadHFileRequest.getFsToken().getService())) : null;
        final String bulkToken = bulkLoadHFileRequest.getBulkToken();
        UserGroupInformation ugi = getActiveUser().getUGI();
        if (this.userProvider.isHadoopSecurityEnabled()) {
            try {
                Token<AuthenticationTokenIdentifier> obtainToken = ClientTokenUtil.obtainToken(this.conn);
                if (obtainToken != null) {
                    LOG.debug("token added " + obtainToken + " for user " + ugi + " return=" + ugi.addToken(obtainToken));
                }
            } catch (IOException e) {
                LOG.warn("unable to add token", e);
            }
        }
        if (token != null) {
            ugi.addToken(token);
        } else if (this.userProvider.isHadoopSecurityEnabled()) {
            throw new DoNotRetryIOException("User token cannot be null");
        }
        if (hRegion.getCoprocessorHost() != null) {
            hRegion.getCoprocessorHost().preBulkLoadHFile(arrayList);
        }
        Map<byte[], List<Path>> map = null;
        try {
            incrementUgiReference(ugi);
            if (this.userProvider.isHadoopSecurityEnabled()) {
                FsDelegationToken fsDelegationToken = new FsDelegationToken(this.userProvider, "renewer");
                fsDelegationToken.acquireDelegationToken(this.fs);
                Token<?> userToken = fsDelegationToken.getUserToken();
                if (userToken != null && (token == null || !userToken.getService().equals(token.getService()))) {
                    ugi.addToken(userToken);
                }
            }
            map = (Map) ugi.doAs(new PrivilegedAction<Map<byte[], List<Path>>>() { // from class: io.hops.hudi.org.apache.hadoop.hbase.regionserver.SecureBulkLoadManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Map<byte[], List<Path>> run() {
                    try {
                        FileSystem fileSystem = FileSystem.get(SecureBulkLoadManager.this.conf);
                        Iterator it = arrayList.iterator();
                        while (it.hasNext()) {
                            Path path = new Path(bulkToken, Bytes.toString((byte[]) ((Pair) it.next()).getFirst()));
                            if (!fileSystem.exists(path)) {
                                fileSystem.mkdirs(path);
                                fileSystem.setPermission(path, SecureBulkLoadManager.PERM_ALL_ACCESS);
                            }
                        }
                        if (SecureBulkLoadManager.this.fsCreatedListener != null) {
                            SecureBulkLoadManager.this.fsCreatedListener.accept(hRegion);
                        }
                        return hRegion.bulkLoadHFiles(arrayList, true, new SecureBulkLoadListener(fileSystem, bulkToken, SecureBulkLoadManager.this.conf), bulkLoadHFileRequest.getCopyFile(), list, bulkLoadHFileRequest.getReplicate());
                    } catch (Exception e2) {
                        SecureBulkLoadManager.LOG.error("Failed to complete bulk load", e2);
                        return null;
                    }
                }
            });
            decrementUgiReference(ugi);
            try {
                if (!UserGroupInformation.getLoginUser().equals(ugi) && !isUserReferenced(ugi)) {
                    FileSystem.closeAllForUGI(ugi);
                }
            } catch (IOException e2) {
                LOG.error("Failed to close FileSystem for: {}", ugi, e2);
            }
            if (hRegion.getCoprocessorHost() != null) {
                hRegion.getCoprocessorHost().postBulkLoadHFile(arrayList, map);
            }
            return map;
        } catch (Throwable th) {
            decrementUgiReference(ugi);
            try {
                if (!UserGroupInformation.getLoginUser().equals(ugi) && !isUserReferenced(ugi)) {
                    FileSystem.closeAllForUGI(ugi);
                }
            } catch (IOException e3) {
                LOG.error("Failed to close FileSystem for: {}", ugi, e3);
            }
            if (hRegion.getCoprocessorHost() != null) {
                hRegion.getCoprocessorHost().postBulkLoadHFile(arrayList, map);
            }
            throw th;
        }
    }

    private Path createStagingDir(Path path, User user, TableName tableName) throws IOException {
        return createStagingDir(path, user, user.getShortName() + "__" + tableName.getNameAsString().replace(Addressing.HOSTNAME_PORT_SEPARATOR, "_") + "__" + new BigInteger(320, this.random).toString(32));
    }

    private Path createStagingDir(Path path, User user, String str) throws IOException {
        Path path2 = new Path(path, str);
        this.fs.mkdirs(path2, PERM_ALL_ACCESS);
        this.fs.setPermission(path2, PERM_ALL_ACCESS);
        return path2;
    }

    private User getActiveUser() throws IOException {
        User orElse = RpcServer.getRequestUser().orElse(this.userProvider.getCurrent());
        return (this.userProvider.isHadoopSecurityEnabled() && "simple".equalsIgnoreCase(this.conf.get(User.HBASE_SECURITY_CONF_KEY))) ? User.createUserForTesting(this.conf, orElse.getShortName(), new String[0]) : orElse;
    }
}
