package water.hive;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.IOException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import water.H2O;
import water.MRTask;
import water.Paxos;
import water.util.BinaryFileTransfer;
import water.util.FileUtils;

/* loaded from: input_file:water/hive/DelegationTokenRefresher.class */
public class DelegationTokenRefresher implements Runnable {
    public static final String H2O_AUTH_USER = "h2o.auth.user";
    public static final String H2O_AUTH_PRINCIPAL = "h2o.auth.principal";
    public static final String H2O_AUTH_KEYTAB = "h2o.auth.keytab";
    public static final String H2O_HIVE_USE_KEYTAB = "h2o.hive.useKeytab";
    public static final String H2O_HIVE_JDBC_URL_PATTERN = "h2o.hive.jdbc.urlPattern";
    public static final String H2O_HIVE_HOST = "h2o.hive.jdbc.host";
    public static final String H2O_HIVE_PRINCIPAL = "h2o.hive.principal";
    public static final String H2O_HIVE_TOKEN = "h2o.hive.token";
    private final String _authPrincipal;
    private final String _authKeytabPath;
    private final String _authUser;
    private final String _hiveJdbcUrl;
    private final String _hivePrincipal;
    private final ScheduledExecutorService _executor = Executors.newSingleThreadScheduledExecutor(new ThreadFactoryBuilder().setDaemon(true).setNameFormat("delegation-token-refresher-%d").build());
    private final HiveTokenGenerator _hiveTokenGenerator = new HiveTokenGenerator();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:water/hive/DelegationTokenRefresher$DistributeCreds.class */
    public static class DistributeCreds extends MRTask<DistributeCreds> {
        private final byte[] _credsSerialized;

        private DistributeCreds(byte[] bArr) {
            this._credsSerialized = bArr;
        }

        protected void setupLocal() {
            try {
                Credentials deserialize = deserialize();
                DelegationTokenRefresher.log("Updating credentials", null);
                UserGroupInformation.getCurrentUser().addCredentials(deserialize);
            } catch (IOException e) {
                DelegationTokenRefresher.log("Failed to update credentials", e);
            }
        }

        private Credentials deserialize() throws IOException {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this._credsSerialized);
            Credentials credentials = new Credentials();
            credentials.readTokenStorageStream(new DataInputStream(byteArrayInputStream));
            return credentials;
        }
    }

    public static void setup(Configuration configuration, String str) throws IOException {
        if (HiveTokenGenerator.isHiveDriverPresent()) {
            String str2 = configuration.get(H2O_HIVE_TOKEN);
            if (str2 != null) {
                log("Adding credentials from property", null);
                UserGroupInformation.getCurrentUser().addCredentials(HiveTokenGenerator.tokenToCredentials(str2));
            }
            String str3 = configuration.get(H2O_AUTH_USER);
            String str4 = configuration.get(H2O_AUTH_PRINCIPAL);
            String str5 = configuration.getBoolean(H2O_HIVE_USE_KEYTAB, true) ? configuration.get(H2O_AUTH_KEYTAB) : null;
            String str6 = configuration.get(H2O_HIVE_JDBC_URL_PATTERN);
            String str7 = configuration.get(H2O_HIVE_HOST);
            String str8 = configuration.get(H2O_HIVE_PRINCIPAL);
            String makeHivePrincipalJdbcUrl = str5 != null ? HiveTokenGenerator.makeHivePrincipalJdbcUrl(str6, str7, str8) : HiveTokenGenerator.makeHiveDelegationTokenJdbcUrl(str6, str7);
            if (makeHivePrincipalJdbcUrl != null) {
                new DelegationTokenRefresher(str4, str5 != null ? writeKeytabToFile(str5, str) : null, str3, makeHivePrincipalJdbcUrl, str8).start();
            } else {
                log("Delegation token refresh not active.", null);
            }
        }
    }

    private static String writeKeytabToFile(String str, String str2) throws IOException {
        FileUtils.makeSureDirExists(str2);
        String str3 = str2 + File.separator + "auth_keytab";
        BinaryFileTransfer.writeBinaryFile(str3, BinaryFileTransfer.convertStringToByteArr(str));
        return str3;
    }

    public DelegationTokenRefresher(String str, String str2, String str3, String str4, String str5) {
        this._authPrincipal = str;
        this._authKeytabPath = str2;
        this._authUser = str3;
        this._hiveJdbcUrl = str4;
        this._hivePrincipal = str5;
    }

    public void start() {
        this._executor.scheduleAtFixedRate(this, 0L, 1L, TimeUnit.MINUTES);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void log(String str, Exception exc) {
        System.out.println("TOKEN REFRESH: " + str);
        if (exc != null) {
            exc.printStackTrace(System.out);
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (Paxos._cloudLocked && H2O.CLOUD.leader() != H2O.SELF) {
            this._executor.shutdown();
            return;
        }
        try {
            refreshTokens();
        } catch (IOException | InterruptedException e) {
            log("Failed to refresh token.", e);
        }
    }

    private void distribute(Credentials credentials) throws IOException {
        if (Paxos._cloudLocked) {
            new DistributeCreds(serializeCreds(credentials)).doAllNodes();
        } else {
            log("Updating credentials", null);
            UserGroupInformation.getCurrentUser().addCredentials(credentials);
        }
    }

    private void refreshTokens() throws IOException, InterruptedException {
        String hiveDelegationTokenIfPossible;
        if (this._authKeytabPath != null) {
            log("Log in from keytab as " + this._authPrincipal, null);
            UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(this._authPrincipal, this._authKeytabPath);
            UserGroupInformation userGroupInformation = loginUserFromKeytabAndReturnUGI;
            if (this._authUser != null) {
                log("Impersonate " + this._authUser, null);
                userGroupInformation = UserGroupInformation.createProxyUser(this._authUser, userGroupInformation);
            }
            hiveDelegationTokenIfPossible = this._hiveTokenGenerator.getHiveDelegationTokenAsUser(loginUserFromKeytabAndReturnUGI, userGroupInformation, this._hiveJdbcUrl, this._hivePrincipal);
        } else {
            hiveDelegationTokenIfPossible = this._hiveTokenGenerator.getHiveDelegationTokenIfPossible(UserGroupInformation.getCurrentUser(), this._hiveJdbcUrl, this._hivePrincipal);
        }
        if (hiveDelegationTokenIfPossible == null) {
            log("Failed to refresh delegation token.", null);
        } else {
            DelegationTokenPrinter.printToken(hiveDelegationTokenIfPossible);
            distribute(HiveTokenGenerator.tokenToCredentials(hiveDelegationTokenIfPossible));
        }
    }

    private byte[] serializeCreds(Credentials credentials) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        credentials.writeTokenStorageToStream(new DataOutputStream(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }
}
