package gobblin.util.hadoop;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import gobblin.configuration.State;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobClient;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.Master;
import org.apache.hadoop.mapreduce.security.TokenCache;
import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.mapreduce.v2.api.HSClientProtocol;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest;
import org.apache.hadoop.mapreduce.v2.jobhistory.JHAdminConfig;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/gobblin-utility-0.11.0.jar:gobblin/util/hadoop/TokenUtils.class */
public class TokenUtils {
    private static final Logger LOG = Logger.getLogger(TokenUtils.class);
    private static final String USER_TO_PROXY = "tokens.user.to.proxy";
    private static final String KEYTAB_USER = "keytab.user";
    private static final String KEYTAB_LOCATION = "keytab.location";
    private static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
    private static final String OTHER_NAMENODES = "other_namenodes";
    private static final String KERBEROS = "kerberos";
    private static final String YARN_RESOURCEMANAGER_PRINCIPAL = "yarn.resourcemanager.principal";
    private static final String YARN_RESOURCEMANAGER_ADDRESS = "yarn.resourcemanager.address";
    private static final String MAPRED_JOB_TRACKER = "mapred.job.tracker";
    private static final String MAPREDUCE_JOBTRACKER_ADDRESS = "mapreduce.jobtracker.address";

    public static File getHadoopTokens(State state) throws IOException, InterruptedException {
        Preconditions.checkArgument(state.contains(KEYTAB_USER), "Missing required property keytab.user");
        Preconditions.checkArgument(state.contains(KEYTAB_LOCATION), "Missing required property keytab.location");
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.loginUserFromKeytab(state.getProp(KEYTAB_USER), state.getProp(KEYTAB_LOCATION));
        Optional absent = Strings.isNullOrEmpty(state.getProp(USER_TO_PROXY)) ? Optional.absent() : Optional.fromNullable(state.getProp(USER_TO_PROXY));
        Configuration configuration2 = new Configuration();
        Credentials credentials = new Credentials();
        LOG.info("Getting tokens for " + absent);
        getJhToken(configuration2, credentials);
        getFsAndJtTokens(state, configuration2, absent, credentials);
        File createTempFile = File.createTempFile("mr-azkaban", ".token");
        persistTokens(credentials, createTempFile);
        return createTempFile;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void getJhToken(Configuration configuration, Credentials credentials) throws IOException {
        YarnRPC create = YarnRPC.create(configuration);
        String str = configuration.get(JHAdminConfig.MR_HISTORY_ADDRESS);
        LOG.debug("Connecting to HistoryServer at: " + str);
        HSClientProtocol hSClientProtocol = (HSClientProtocol) create.getProxy(HSClientProtocol.class, NetUtils.createSocketAddr(str), configuration);
        LOG.info("Pre-fetching JH token from job history server");
        try {
            Token<?> delegationTokenFromHS = getDelegationTokenFromHS(hSClientProtocol, configuration);
            if (delegationTokenFromHS == null) {
                LOG.error("getDelegationTokenFromHS() returned null");
                throw new IOException("Unable to fetch JH token.");
            }
            LOG.info("Created JH token: " + delegationTokenFromHS.toString());
            LOG.info("Token kind: " + delegationTokenFromHS.getKind());
            LOG.info("Token id: " + Arrays.toString(delegationTokenFromHS.getIdentifier()));
            LOG.info("Token service: " + delegationTokenFromHS.getService());
            credentials.addToken(delegationTokenFromHS.getService(), delegationTokenFromHS);
        } catch (Exception e) {
            throw new IOException("Failed to fetch JH token.", e);
        }
    }

    private static void getFsAndJtTokens(final State state, final Configuration configuration, Optional<String> optional, final Credentials credentials) throws IOException, InterruptedException {
        if (optional.isPresent()) {
            UserGroupInformation.createProxyUser(optional.get(), UserGroupInformation.getLoginUser()).doAs(new PrivilegedExceptionAction<Void>() { // from class: gobblin.util.hadoop.TokenUtils.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    TokenUtils.getFsAndJtTokensImpl(State.this, configuration, credentials);
                    return null;
                }
            });
        } else {
            getFsAndJtTokensImpl(state, configuration, credentials);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void getFsAndJtTokensImpl(State state, Configuration configuration, Credentials credentials) throws IOException {
        getHdfsToken(configuration, credentials);
        if (state.contains(OTHER_NAMENODES)) {
            getOtherNamenodesToken(state.getPropAsList(OTHER_NAMENODES), configuration, credentials);
        }
        getJtToken(credentials);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void getHdfsToken(Configuration configuration, Credentials credentials) throws IOException {
        FileSystem fileSystem = FileSystem.get(configuration);
        LOG.info("Getting DFS token from " + fileSystem.getUri());
        Token<?> delegationToken = fileSystem.getDelegationToken(getMRTokenRenewerInternal(new JobConf()).toString());
        if (delegationToken == null) {
            LOG.error("Failed to fetch DFS token for ");
            throw new IOException("Failed to fetch DFS token.");
        }
        LOG.info("Created DFS token: " + delegationToken.toString());
        LOG.info("Token kind: " + delegationToken.getKind());
        LOG.info("Token id: " + Arrays.toString(delegationToken.getIdentifier()));
        LOG.info("Token service: " + delegationToken.getService());
        credentials.addToken(delegationToken.getService(), delegationToken);
    }

    private static void getOtherNamenodesToken(List<String> list, Configuration configuration, Credentials credentials) throws IOException {
        LOG.info("other_namenodes: " + list);
        Path[] pathArr = new Path[list.size()];
        for (int i = 0; i < pathArr.length; i++) {
            pathArr[i] = new Path(list.get(i).trim());
        }
        TokenCache.obtainTokensForNamenodes(credentials, pathArr, configuration);
        LOG.info("Successfully fetched tokens for: " + list);
    }

    private static void getJtToken(Credentials credentials) throws IOException {
        try {
            JobConf jobConf = new JobConf();
            JobClient jobClient = new JobClient(jobConf);
            LOG.info("Pre-fetching JT token from JobTracker");
            Token<DelegationTokenIdentifier> delegationToken = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf));
            if (delegationToken == null) {
                LOG.error("Failed to fetch JT token");
                throw new IOException("Failed to fetch JT token.");
            }
            LOG.info("Created JT token: " + delegationToken.toString());
            LOG.info("Token kind: " + delegationToken.getKind());
            LOG.info("Token id: " + Arrays.toString(delegationToken.getIdentifier()));
            LOG.info("Token service: " + delegationToken.getService());
            credentials.addToken(delegationToken.getService(), delegationToken);
        } catch (InterruptedException e) {
            throw new IOException(e);
        }
    }

    private static void persistTokens(Credentials credentials, File file) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(fileOutputStream);
            Throwable th2 = null;
            try {
                try {
                    credentials.writeTokenStorageToStream(dataOutputStream);
                    if (dataOutputStream != null) {
                        if (0 != 0) {
                            try {
                                dataOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            dataOutputStream.close();
                        }
                    }
                    LOG.info("Tokens loaded in " + file.getAbsolutePath());
                } finally {
                }
            } catch (Throwable th4) {
                if (dataOutputStream != null) {
                    if (th2 != null) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
        }
    }

    private static Token<?> getDelegationTokenFromHS(HSClientProtocol hSClientProtocol, Configuration configuration) throws IOException {
        GetDelegationTokenRequest getDelegationTokenRequest = (GetDelegationTokenRequest) RecordFactoryProvider.getRecordFactory(null).newRecordInstance(GetDelegationTokenRequest.class);
        getDelegationTokenRequest.setRenewer(Master.getMasterPrincipal(configuration));
        return ConverterUtils.convertFromYarn(hSClientProtocol.getDelegationToken(getDelegationTokenRequest).getDelegationToken(), hSClientProtocol.getConnectAddress());
    }

    private static Text getMRTokenRenewerInternal(JobConf jobConf) throws IOException {
        Text text;
        String str = jobConf.get("yarn.resourcemanager.principal", jobConf.get("mapreduce.jobtracker.kerberos.principal"));
        if (str != null) {
            String str2 = jobConf.get("yarn.resourcemanager.address", jobConf.get("mapreduce.jobtracker.address"));
            if (str2 == null) {
                str2 = jobConf.get(MAPRED_JOB_TRACKER);
            }
            text = new Text(SecurityUtil.getServerPrincipal(str, NetUtils.createSocketAddr(str2).getHostName()));
        } else {
            text = new Text("azkaban mr tokens");
        }
        return text;
    }
}
