package co.cask.cdap.common.security;

import co.cask.cdap.common.conf.Constants;
import com.google.common.base.Joiner;
import com.google.common.base.Throwables;
import java.lang.reflect.Method;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.client.api.YarnClient;
import org.apache.hadoop.yarn.conf.HAUtil;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.twill.internal.yarn.YarnUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/common/security/YarnTokenUtils.class */
public final class YarnTokenUtils {
    private static final Logger LOG = LoggerFactory.getLogger(YarnTokenUtils.class);

    public static Credentials obtainToken(YarnConfiguration yarnConfiguration, Credentials credentials) {
        if (!UserGroupInformation.isSecurityEnabled()) {
            return credentials;
        }
        try {
            YarnClient createYarnClient = YarnClient.createYarnClient();
            createYarnClient.init(yarnConfiguration);
            createYarnClient.start();
            try {
                if (yarnConfiguration.getBoolean(Constants.Explore.TIMELINE_SERVICE_ENABLED, false)) {
                    Method declaredMethod = createYarnClient.getClass().getDeclaredMethod("getTimelineDelegationToken", new Class[0]);
                    declaredMethod.setAccessible(true);
                    Token token = (Token) declaredMethod.invoke(createYarnClient, new Object[0]);
                    if (token != null) {
                        credentials.addToken(token.getService(), token);
                        LOG.debug("Added Yarn Timeline Server delegation token: {}", token);
                    }
                }
                org.apache.hadoop.yarn.api.records.Token rMDelegationToken = createYarnClient.getRMDelegationToken(new Text(UserGroupInformation.getCurrentUser().getShortUserName()));
                ArrayList arrayList = new ArrayList();
                if (HAUtil.isHAEnabled(yarnConfiguration)) {
                    YarnConfiguration yarnConfiguration2 = new YarnConfiguration(yarnConfiguration);
                    Iterator it = HAUtil.getRMHAIds(yarnConfiguration).iterator();
                    while (it.hasNext()) {
                        yarnConfiguration2.set("yarn.resourcemanager.ha.id", (String) it.next());
                        arrayList.add(SecurityUtil.buildTokenService(yarnConfiguration2.getSocketAddr("yarn.resourcemanager.address", "0.0.0.0:8032", 8032)).toString());
                    }
                } else {
                    arrayList.add(SecurityUtil.buildTokenService(YarnUtils.getRMAddress(yarnConfiguration)).toString());
                }
                Token convertFromYarn = ConverterUtils.convertFromYarn(rMDelegationToken, (InetSocketAddress) null);
                convertFromYarn.setService(new Text(Joiner.on(',').join(arrayList)));
                credentials.addToken(new Text(convertFromYarn.getService()), convertFromYarn);
                LOG.debug("Added RM delegation token: {}", convertFromYarn);
                createYarnClient.stop();
                return credentials;
            } catch (Throwable th) {
                createYarnClient.stop();
                throw th;
            }
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    private YarnTokenUtils() {
    }
}
