package co.cask.cdap.security.impersonation;

import co.cask.cdap.common.conf.CConfiguration;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Throwables;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.io.IOException;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/impersonation/AbstractCachedUGIProvider.class */
public abstract class AbstractCachedUGIProvider implements UGIProvider {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractCachedUGIProvider.class);
    protected final CConfiguration cConf;
    private final LoadingCache<UGICacheKey, UGIWithPrincipal> ugiCache;
    private final OwnerAdmin ownerAdmin;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:co/cask/cdap/security/impersonation/AbstractCachedUGIProvider$UGICacheKey.class */
    public static final class UGICacheKey {
        private final ImpersonationRequest request;

        UGICacheKey(ImpersonationRequest impersonationRequest) {
            this.request = impersonationRequest;
        }

        public ImpersonationRequest getRequest() {
            return this.request;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(this.request.getPrincipal(), ((UGICacheKey) obj).getRequest().getPrincipal());
        }

        public int hashCode() {
            return Objects.hash(this.request.getPrincipal());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCachedUGIProvider(CConfiguration cConfiguration, OwnerAdmin ownerAdmin) {
        this.cConf = cConfiguration;
        this.ownerAdmin = ownerAdmin;
        this.ugiCache = createUGICache(cConfiguration);
    }

    protected abstract UGIWithPrincipal createUGI(ImpersonationRequest impersonationRequest) throws IOException;

    protected abstract boolean checkExploreAndDetermineCache(ImpersonationRequest impersonationRequest) throws IOException;

    @Override // co.cask.cdap.security.impersonation.UGIProvider
    public final UGIWithPrincipal getConfiguredUGI(ImpersonationRequest impersonationRequest) throws IOException {
        try {
            UGIWithPrincipal uGIWithPrincipal = (impersonationRequest.getImpersonatedOpType().equals(ImpersonatedOpType.EXPLORE) || impersonationRequest.getPrincipal() == null) ? null : (UGIWithPrincipal) this.ugiCache.getIfPresent(new UGICacheKey(impersonationRequest));
            if (uGIWithPrincipal != null) {
                return uGIWithPrincipal;
            }
            boolean checkExploreAndDetermineCache = checkExploreAndDetermineCache(impersonationRequest);
            ImpersonationInfo principalForEntity = getPrincipalForEntity(impersonationRequest);
            ImpersonationRequest impersonationRequest2 = new ImpersonationRequest(impersonationRequest.getEntityId(), impersonationRequest.getImpersonatedOpType(), principalForEntity.getPrincipal(), principalForEntity.getKeytabURI());
            return checkExploreAndDetermineCache ? (UGIWithPrincipal) this.ugiCache.get(new UGICacheKey(impersonationRequest2)) : createUGI(impersonationRequest2);
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            Throwables.propagateIfPossible(cause, IOException.class);
            throw new IOException(cause);
        }
    }

    @VisibleForTesting
    void invalidCache() {
        this.ugiCache.invalidateAll();
        this.ugiCache.cleanUp();
    }

    private LoadingCache<UGICacheKey, UGIWithPrincipal> createUGICache(CConfiguration cConfiguration) {
        return CacheBuilder.newBuilder().expireAfterWrite(cConfiguration.getLong("cdap.ugi.cache.expiration.ms"), TimeUnit.MILLISECONDS).build(new CacheLoader<UGICacheKey, UGIWithPrincipal>() { // from class: co.cask.cdap.security.impersonation.AbstractCachedUGIProvider.1
            public UGIWithPrincipal load(UGICacheKey uGICacheKey) throws Exception {
                return AbstractCachedUGIProvider.this.createUGI(uGICacheKey.getRequest());
            }
        });
    }

    private ImpersonationInfo getPrincipalForEntity(ImpersonationRequest impersonationRequest) throws IOException {
        ImpersonationInfo createImpersonationInfo = SecurityUtil.createImpersonationInfo(this.ownerAdmin, this.cConf, impersonationRequest.getEntityId());
        LOG.debug("Obtained impersonation info: {} for entity {}", createImpersonationInfo, impersonationRequest.getEntityId());
        return createImpersonationInfo;
    }
}
