package org.apache.hadoop.hive.metastore.security;

import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
import org.apache.hadoop.util.GenericOptionsParser;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
import org.apache.hudi.org.apache.commons.lang.StringUtils;
import org.apache.slider.common.params.SliderActions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/metastore/security/DelegationTokenTool.class */
public class DelegationTokenTool extends Configured implements Tool {
    private static Logger LOG = LoggerFactory.getLogger(DelegationTokenTool.class);
    private DelegationTokenStore delegationTokenStore;
    private static String confLocation;
    private long timeLimitMillis;
    private static final int BATCH_SIZE_DEFAULT = 100;
    private static final long SLEEP_TIME_MILLIS_DEFAULT = 10000;
    private OpType opType = OpType.LIST;
    private boolean isDryRun = false;
    private Predicate<DelegationTokenIdentifier> selectForDeletion = Predicates.alwaysTrue();
    private int batchSize = 100;
    private long sleepTimeMillis = 10000;
    private HadoopThriftAuthBridge.Server.ServerMode serverMode = HadoopThriftAuthBridge.Server.ServerMode.METASTORE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hive/metastore/security/DelegationTokenTool$OpType.class */
    public enum OpType {
        DELETE,
        LIST
    }

    private DelegationTokenTool() {
    }

    public static void main(String[] strArr) throws Exception {
        System.exit(ToolRunner.run(new DelegationTokenTool(), strArr));
    }

    private void readArgs(String[] strArr) throws Exception {
        String[] remainingArgs = new GenericOptionsParser(getConf(), strArr).getRemainingArgs();
        Options options = new Options();
        options.addOption(new Option("confLocation", true, "Location of HCat/Hive Server's hive-site."));
        options.addOption(new Option("delete", false, "Delete delegation token."));
        options.addOption(new Option(SliderActions.ACTION_LIST, false, "List delegation tokens."));
        options.addOption(new Option("olderThan", true, "Filter for token's issue-date. (e.g. 3d, 1h or 4m)."));
        options.addOption(new Option("expired", false, "Select expired delegation tokens for listing/deletion."));
        options.addOption(new Option("dryRun", false, "Don't actually delete delegation tokens."));
        options.addOption(new Option("batchSize", true, "Number of tokens to drop between sleep intervals."));
        options.addOption(new Option("sleepTime", true, "Sleep-time in seconds, between batches of dropped delegation tokens."));
        options.addOption(new Option("serverMode", true, "The service from which to read delegation tokens. Should be either of [METASTORE, HIVESERVER2]."));
        CommandLine parse = new GnuParser().parse(options, remainingArgs, false);
        if (parse.hasOption("confLocation")) {
            confLocation = parse.getOptionValue("confLocation");
        }
        if (parse.hasOption(SliderActions.ACTION_LIST)) {
            this.opType = OpType.LIST;
        } else {
            if (!parse.hasOption("delete")) {
                throw new IllegalArgumentException("Operation must be delete, list or get!");
            }
            this.opType = OpType.DELETE;
        }
        this.isDryRun = parse.hasOption("dryRun");
        if (parse.hasOption("expired")) {
            LOG.info("Working on expired delegation tokens!");
            this.timeLimitMillis = System.currentTimeMillis();
            this.selectForDeletion = new Predicate<DelegationTokenIdentifier>() { // from class: org.apache.hadoop.hive.metastore.security.DelegationTokenTool.1
                @Override // com.google.common.base.Predicate
                public boolean apply(DelegationTokenIdentifier delegationTokenIdentifier) {
                    return DelegationTokenTool.this.timeLimitMillis > delegationTokenIdentifier.getMaxDate();
                }
            };
        } else if (parse.hasOption("olderThan")) {
            String optionValue = parse.getOptionValue("olderThan");
            switch (optionValue.charAt(optionValue.length() - 1)) {
                case 'D':
                case 'd':
                    this.timeLimitMillis = System.currentTimeMillis() - (86400000 * Integer.parseInt(optionValue.substring(0, optionValue.length() - 1)));
                    break;
                case 'H':
                case 'h':
                    this.timeLimitMillis = System.currentTimeMillis() - (3600000 * Integer.parseInt(optionValue.substring(0, optionValue.length() - 1)));
                    break;
                case 'M':
                case 'm':
                    this.timeLimitMillis = System.currentTimeMillis() - (60000 * Integer.parseInt(optionValue.substring(0, optionValue.length() - 1)));
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported time-limit: " + optionValue);
            }
            LOG.info("Working on delegation tokens older than current-time (" + this.timeLimitMillis + ").");
            this.selectForDeletion = new Predicate<DelegationTokenIdentifier>() { // from class: org.apache.hadoop.hive.metastore.security.DelegationTokenTool.2
                @Override // com.google.common.base.Predicate
                public boolean apply(DelegationTokenIdentifier delegationTokenIdentifier) {
                    return DelegationTokenTool.this.timeLimitMillis > delegationTokenIdentifier.getIssueDate();
                }
            };
        } else if (this.opType == OpType.DELETE) {
            throw new IllegalArgumentException("Attempting to delete tokens. Specify deletion criteria (either expired or time-range).");
        }
        if (parse.hasOption("batchSize")) {
            this.batchSize = Integer.parseInt(parse.getOptionValue("batchSize"));
            if (this.batchSize < 1) {
                LOG.warn("Invalid batch-size! (" + this.batchSize + ") Resetting to defaults.");
                this.batchSize = 100;
            }
            LOG.info("Batch-size for drop == " + this.batchSize);
        }
        if (parse.hasOption("sleepTime")) {
            this.sleepTimeMillis = 1000 * Integer.parseInt(parse.getOptionValue("sleepTime"));
            if (this.sleepTimeMillis <= 0) {
                LOG.warn("Invalid sleep-time! (" + this.sleepTimeMillis + ") Resetting to defaults.");
                this.sleepTimeMillis = 10000L;
            }
            LOG.info("Sleep between drop-batches: " + this.sleepTimeMillis + " milliseconds.");
        }
        if (parse.hasOption("serverMode")) {
            String lowerCase = parse.getOptionValue("serverMode").toLowerCase();
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1050812932:
                    if (lowerCase.equals("metastore")) {
                        z = false;
                        break;
                    }
                    break;
                case 2024643551:
                    if (lowerCase.equals("hiveserver2")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    this.serverMode = HadoopThriftAuthBridge.Server.ServerMode.METASTORE;
                    break;
                case true:
                    this.serverMode = HadoopThriftAuthBridge.Server.ServerMode.HIVESERVER2;
                    break;
                default:
                    throw new IllegalArgumentException("Invalid value for for serverMode (" + lowerCase + ")Should be either \"METASTORE\", or \"HIVESERVER2\"");
            }
        }
        LOG.info("Running with serverMode == " + this.serverMode);
    }

    private void init() throws Exception {
        Configuration configuration = new Configuration();
        configuration.addResource(new Path(confLocation));
        String var = MetastoreConf.getVar(configuration, MetastoreConf.ConfVars.DELEGATION_TOKEN_STORE_CLS, "");
        if (StringUtils.isBlank(var)) {
            throw new Exception("Could not find Delegation TokenStore implementation.");
        }
        this.delegationTokenStore = (DelegationTokenStore) ReflectionUtils.newInstance(Class.forName(var).asSubclass(DelegationTokenStore.class), configuration);
        this.delegationTokenStore.init(null, this.serverMode);
    }

    private List<DelegationTokenIdentifier> getAllDelegationTokenIDs() throws Exception {
        return this.delegationTokenStore.getAllDelegationTokenIdentifiers();
    }

    private void doList() throws Exception {
        Iterator it2 = Iterables.filter(getAllDelegationTokenIDs(), this.selectForDeletion).iterator();
        while (it2.hasNext()) {
            System.out.println(((DelegationTokenIdentifier) it2.next()).toString());
        }
    }

    private void doDelete() throws Exception {
        int i = 0;
        List<DelegationTokenIdentifier> allDelegationTokenIDs = getAllDelegationTokenIDs();
        for (DelegationTokenIdentifier delegationTokenIdentifier : Iterables.filter(allDelegationTokenIDs, this.selectForDeletion)) {
            i++;
            if (i % this.batchSize == 0) {
                LOG.info("Deleted " + i + "/" + allDelegationTokenIDs.size() + " (" + ((100 * i) / allDelegationTokenIDs.size()) + "%). Sleeping for " + this.sleepTimeMillis + "ms...");
                try {
                    Thread.sleep(this.sleepTimeMillis);
                } catch (InterruptedException e) {
                }
            }
            LOG.info("Deleting token: " + delegationTokenIdentifier.toString());
            if (!this.isDryRun) {
                this.delegationTokenStore.removeToken(delegationTokenIdentifier);
            }
        }
    }

    public int run(String[] strArr) throws Exception {
        try {
            readArgs(strArr);
            init();
            switch (this.opType) {
                case LIST:
                    doList();
                    return 0;
                case DELETE:
                    doDelete();
                    return 0;
                default:
                    return 0;
            }
        } catch (Exception e) {
            LOG.error("Unexpected exception: ", e);
            return -1;
        }
    }
}
