package co.cask.cdap.security;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.io.Locations;
import co.cask.cdap.common.kerberos.SecurityUtil;
import co.cask.cdap.common.security.ImpersonationInfo;
import co.cask.cdap.common.security.UGIProvider;
import co.cask.cdap.common.utils.DirUtils;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.twill.filesystem.Location;
import org.apache.twill.filesystem.LocationFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/DefaultUGIProvider.class */
public class DefaultUGIProvider implements UGIProvider {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultUGIProvider.class);
    private final CConfiguration cConf;
    private final LocationFactory locationFactory;

    @Inject
    DefaultUGIProvider(CConfiguration cConfiguration, LocationFactory locationFactory) {
        this.cConf = cConfiguration;
        this.locationFactory = locationFactory;
    }

    /* JADX WARN: Finally extract failed */
    public UserGroupInformation getConfiguredUGI(ImpersonationInfo impersonationInfo) throws IOException {
        File file;
        LOG.debug("Configured impersonation info: {}", impersonationInfo);
        File file2 = null;
        try {
            URI create = URI.create(impersonationInfo.getKeytabURI());
            if (create.getScheme() == null || "file".equals(create.getScheme())) {
                file = new File(create.getPath());
            } else {
                file = localizeKeytab(this.locationFactory.create(create));
                file2 = file;
            }
            String expandPrincipal = SecurityUtil.expandPrincipal(impersonationInfo.getPrincipal());
            LOG.debug("Logging in as: principal={}, keytab={}", expandPrincipal, file);
            Preconditions.checkArgument(Files.isReadable(file.toPath()), "Keytab file is not a readable file: %s", new Object[]{file});
            UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(expandPrincipal, file.getAbsolutePath());
            if (file2 != null && !file2.delete()) {
                LOG.warn("Failed to delete file: {}", file2);
            }
            return loginUserFromKeytabAndReturnUGI;
        } catch (Throwable th) {
            if (file2 != null && !file2.delete()) {
                LOG.warn("Failed to delete file: {}", file2);
            }
            throw th;
        }
    }

    private File localizeKeytab(Location location) throws IOException {
        URI uri = location.toURI();
        if (uri.getScheme() == null || "file".equals(uri.getScheme())) {
            return new File(uri.getPath());
        }
        File absoluteFile = new File(this.cConf.get("local.data.dir"), this.cConf.get("app.temp.dir")).getAbsoluteFile();
        if (!DirUtils.mkdirs(absoluteFile)) {
            throw new IOException(String.format("Could not create temporary directory at %s, while localizing keytab", absoluteFile));
        }
        Path createTempFile = Files.createTempFile(absoluteFile.toPath(), null, "keytab.localized", PosixFilePermissions.asFileAttribute(ImmutableSet.of(PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_READ)));
        LOG.debug("Copying keytab file from {} to {}", location, createTempFile);
        com.google.common.io.Files.copy(Locations.newInputSupplier(location), createTempFile.toFile());
        return createTempFile.toFile();
    }
}
