package org.apache.gobblin.util.hadoop;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.gobblin.configuration.State;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobClient;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.Master;
import org.apache.hadoop.mapreduce.security.TokenCache;
import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.mapreduce.v2.api.HSClientProtocol;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/gobblin/util/hadoop/TokenUtils.class */
public class TokenUtils {
    private static final String USER_TO_PROXY = "tokens.user.to.proxy";
    private static final String KEYTAB_USER = "keytab.user";
    private static final String KEYTAB_LOCATION = "keytab.location";
    private static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
    public static final String OTHER_NAMENODES = "other_namenodes";
    public static final String TOKEN_RENEWER = "token_renewer";
    private static final String KERBEROS = "kerberos";
    private static final String YARN_RESOURCEMANAGER_PRINCIPAL = "yarn.resourcemanager.principal";
    private static final String YARN_RESOURCEMANAGER_ADDRESS = "yarn.resourcemanager.address";
    private static final String MAPRED_JOB_TRACKER = "mapred.job.tracker";
    private static final String MAPREDUCE_JOBTRACKER_ADDRESS = "mapreduce.jobtracker.address";
    private static final String KERBEROS_REALM = "kerberos.realm";
    private static final String HIVE_TOKEN_SIGNATURE_KEY = "hive.metastore.token.signature";
    private static final String USER_DEFINED_HIVE_LOCATIONS = "user.defined.hcatLocation";
    private static final Logger log = LoggerFactory.getLogger(TokenUtils.class);
    private static final Pattern KEYTAB_USER_PATTERN = Pattern.compile(".*\\/.*@.*");

    public static UserGroupInformation getHadoopAndHiveTokensForProxyUser(final State state, Optional<File> optional, UserGroupInformation userGroupInformation, IMetaStoreClient iMetaStoreClient, String str) throws IOException, InterruptedException {
        final Credentials credentials = new Credentials();
        userGroupInformation.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.gobblin.util.hadoop.TokenUtils.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TokenUtils.getHadoopTokens(state, Optional.absent(), credentials);
                return null;
            }
        });
        userGroupInformation.getCredentials().addAll(credentials);
        getHiveToken(state, iMetaStoreClient, credentials, str, userGroupInformation);
        if (optional.isPresent()) {
            persistTokens(credentials, (File) optional.get());
        }
        return userGroupInformation;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.util.List] */
    public static void getHadoopFSTokens(State state, Optional<File> optional, Credentials credentials, String str) throws IOException, InterruptedException {
        Preconditions.checkArgument(state.contains(KEYTAB_USER), "Missing required property keytab.user");
        Preconditions.checkArgument(state.contains(KEYTAB_LOCATION), "Missing required property keytab.location");
        Configuration configuration = new Configuration();
        configuration.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.loginUserFromKeytab(obtainKerberosPrincipal(state), state.getProp(KEYTAB_LOCATION));
        Optional absent = Strings.isNullOrEmpty(state.getProp(USER_TO_PROXY)) ? Optional.absent() : Optional.fromNullable(state.getProp(USER_TO_PROXY));
        Configuration configuration2 = new Configuration();
        log.info("Getting tokens for userToProxy " + absent);
        ArrayList arrayList = new ArrayList();
        if (state.contains(OTHER_NAMENODES)) {
            arrayList = state.getPropAsList(OTHER_NAMENODES);
        }
        getAllFSTokens(configuration2, credentials, str, absent, arrayList);
        if (optional.isPresent()) {
            persistTokens(credentials, (File) optional.get());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.util.List] */
    public static void getHadoopTokens(State state, Optional<File> optional, Credentials credentials) throws IOException, InterruptedException {
        Preconditions.checkArgument(state.contains(KEYTAB_USER), "Missing required property keytab.user");
        Preconditions.checkArgument(state.contains(KEYTAB_LOCATION), "Missing required property keytab.location");
        Configuration configuration = new Configuration();
        configuration.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.loginUserFromKeytab(obtainKerberosPrincipal(state), state.getProp(KEYTAB_LOCATION));
        Optional absent = Strings.isNullOrEmpty(state.getProp(USER_TO_PROXY)) ? Optional.absent() : Optional.fromNullable(state.getProp(USER_TO_PROXY));
        Configuration configuration2 = new Configuration();
        ArrayList arrayList = new ArrayList();
        if (state.contains(OTHER_NAMENODES)) {
            arrayList = state.getPropAsList(OTHER_NAMENODES);
        }
        String prop = state.getProp(TOKEN_RENEWER);
        log.info("Getting tokens for {}, using renewer: {}, including remote FS: {}", new Object[]{absent, prop, arrayList.toString()});
        getJhToken(configuration2, credentials);
        getJtTokens(configuration2, credentials, absent, state);
        getAllFSTokens(configuration2, credentials, prop, absent, arrayList);
        if (optional.isPresent()) {
            persistTokens(credentials, (File) optional.get());
        }
    }

    public static String obtainKerberosPrincipal(State state) throws UnknownHostException {
        if (state.getProp(KEYTAB_USER).matches(KEYTAB_USER_PATTERN.pattern())) {
            return state.getProp(KEYTAB_USER);
        }
        Preconditions.checkArgument(state.contains(KERBEROS_REALM));
        return state.getProp(KEYTAB_USER) + "/" + InetAddress.getLocalHost().getCanonicalHostName() + "@" + state.getProp(KERBEROS_REALM);
    }

    public static void getHiveToken(State state, IMetaStoreClient iMetaStoreClient, Credentials credentials, String str, UserGroupInformation userGroupInformation) {
        try {
            HiveConf hiveConf = new HiveConf();
            Token<DelegationTokenIdentifier> fetchHcatToken = fetchHcatToken(str, hiveConf, hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname), iMetaStoreClient);
            credentials.addToken(fetchHcatToken.getService(), fetchHcatToken);
            userGroupInformation.addToken(fetchHcatToken);
            List<String> propAsList = state.contains(USER_DEFINED_HIVE_LOCATIONS) ? state.getPropAsList(USER_DEFINED_HIVE_LOCATIONS) : Collections.EMPTY_LIST;
            if (!propAsList.isEmpty()) {
                log.info("Need to fetch extra metaStore tokens from hive.");
                for (String str2 : propAsList) {
                    log.info("Fetching metaStore token from : " + str2);
                    HiveConf hiveConf2 = new HiveConf();
                    hiveConf2.set(HiveConf.ConfVars.METASTOREURIS.varname, str2);
                    Token<DelegationTokenIdentifier> fetchHcatToken2 = fetchHcatToken(str, hiveConf2, str2, iMetaStoreClient);
                    credentials.addToken(fetchHcatToken2.getService(), fetchHcatToken2);
                    userGroupInformation.addToken(fetchHcatToken2);
                    log.info("Successfully fetched token for:" + str2);
                }
            }
        } catch (Throwable th) {
            String str3 = "Failed to get hive metastore token." + th.getMessage() + th.getCause();
            log.error(str3, th);
            throw new RuntimeException(str3);
        }
    }

    private static Token<DelegationTokenIdentifier> fetchHcatToken(String str, HiveConf hiveConf, String str2, IMetaStoreClient iMetaStoreClient) throws IOException, TException, InterruptedException {
        log.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": " + hiveConf.get(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));
        log.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": " + hiveConf.get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(iMetaStoreClient.getDelegationToken(str, UserGroupInformation.getLoginUser().getShortUserName()));
        if (token.getService().getLength() <= 0 && str2 != null && str2.trim().length() > 0) {
            token.setService(new Text(str2.trim().toLowerCase()));
            log.info("hive.metastore.token.signature:" + str2);
        }
        log.info("Created hive metastore token for user:" + str + " with kind[" + token.getKind() + "] and service[" + token.getService() + "]");
        return token;
    }

    private static void getJhToken(Configuration configuration, Credentials credentials) throws IOException {
        YarnRPC create = YarnRPC.create(configuration);
        String str = configuration.get("mapreduce.jobhistory.address");
        log.debug("Connecting to HistoryServer at: " + str);
        HSClientProtocol hSClientProtocol = (HSClientProtocol) create.getProxy(HSClientProtocol.class, NetUtils.createSocketAddr(str), configuration);
        log.info("Pre-fetching JH token from job history server");
        try {
            Token<?> delegationTokenFromHS = getDelegationTokenFromHS(hSClientProtocol, configuration);
            if (delegationTokenFromHS == null) {
                log.error("getDelegationTokenFromHS() returned null");
                throw new IOException("Unable to fetch JH token.");
            }
            log.info("Created JH token: " + delegationTokenFromHS.toString());
            log.info("Token kind: " + delegationTokenFromHS.getKind());
            log.info("Token id: " + Arrays.toString(delegationTokenFromHS.getIdentifier()));
            log.info("Token service: " + delegationTokenFromHS.getService());
            credentials.addToken(delegationTokenFromHS.getService(), delegationTokenFromHS);
        } catch (Exception e) {
            throw new IOException("Failed to fetch JH token.", e);
        }
    }

    private static void getJtTokens(final Configuration configuration, final Credentials credentials, Optional<String> optional, final State state) throws IOException, InterruptedException {
        if (optional.isPresent()) {
            UserGroupInformation.createProxyUser((String) optional.get(), UserGroupInformation.getLoginUser()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.gobblin.util.hadoop.TokenUtils.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    TokenUtils.getJtTokensImpl(state, configuration, credentials);
                    return null;
                }
            });
        } else {
            getJtTokensImpl(state, configuration, credentials);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void getJtTokensImpl(State state, Configuration configuration, Credentials credentials) throws IOException {
        try {
            JobConf jobConf = new JobConf();
            JobClient jobClient = new JobClient(jobConf);
            log.info("Pre-fetching JT token from JobTracker");
            Token delegationToken = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf));
            if (delegationToken == null) {
                log.error("Failed to fetch JT token");
                throw new IOException("Failed to fetch JT token.");
            }
            log.info("Created JT token: " + delegationToken.toString());
            log.info("Token kind: " + delegationToken.getKind());
            log.info("Token id: " + Arrays.toString(delegationToken.getIdentifier()));
            log.info("Token service: " + delegationToken.getService());
            credentials.addToken(delegationToken.getService(), delegationToken);
        } catch (InterruptedException e) {
            throw new IOException(e);
        }
    }

    public static void getAllFSTokens(final Configuration configuration, final Credentials credentials, final String str, Optional<String> optional, final List<String> list) throws IOException, InterruptedException {
        if (optional.isPresent()) {
            UserGroupInformation.createProxyUser((String) optional.get(), UserGroupInformation.getLoginUser()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.gobblin.util.hadoop.TokenUtils.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    TokenUtils.getAllFSTokensImpl(configuration, credentials, str, list);
                    return null;
                }
            });
        } else {
            getAllFSTokensImpl(configuration, credentials, str, list);
        }
    }

    public static void getAllFSTokensImpl(Configuration configuration, Credentials credentials, String str, List<String> list) {
        try {
            getLocalFSToken(configuration, credentials, str);
            getRemoteFSTokenFromURI(configuration, credentials, str, list);
            log.debug("All credential tokens: " + credentials.getAllTokens());
        } catch (IOException e) {
            log.error("Error getting or creating HDFS token with renewer: " + str, e);
        }
    }

    public static void getLocalFSToken(Configuration configuration, Credentials credentials, String str) throws IOException {
        FileSystem fileSystem = FileSystem.get(configuration);
        if (StringUtils.isEmpty(str)) {
            str = getMRTokenRenewerInternal(new JobConf()).toString();
            log.info("No renewer specified for FS: {}, taking default renewer: {}", fileSystem.getUri(), str);
        }
        log.debug("Getting HDFS token for" + fileSystem.getUri() + " with renewer: " + str);
        Token[] addDelegationTokens = fileSystem.addDelegationTokens(str, credentials);
        if (addDelegationTokens != null) {
            for (Token token : addDelegationTokens) {
                log.info("FS Uri: " + fileSystem.getUri() + " token: " + token);
            }
        }
    }

    public static void getRemoteFSTokenFromURI(Configuration configuration, Credentials credentials, String str, List<String> list) throws IOException {
        if (list == null || list.size() == 0) {
            log.debug("no remote namenode URI specified, not getting any tokens for remote namenodes: " + list);
            return;
        }
        log.debug("Getting tokens for remote namenodes: " + list);
        Path[] pathArr = new Path[list.size()];
        for (int i = 0; i < pathArr.length; i++) {
            pathArr[i] = new Path(list.get(i).trim());
        }
        if (StringUtils.isEmpty(str)) {
            TokenCache.obtainTokensForNamenodes(credentials, pathArr, configuration);
        } else {
            for (Path path : pathArr) {
                FileSystem fileSystem = path.getFileSystem(configuration);
                Token[] addDelegationTokens = fileSystem.addDelegationTokens(str, credentials);
                if (addDelegationTokens != null) {
                    for (Token token : addDelegationTokens) {
                        log.info("Got dt token for " + fileSystem.getUri() + "; " + token);
                    }
                }
            }
        }
        log.info("Successfully fetched tokens for: " + list);
    }

    private static void persistTokens(Credentials credentials, File file) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(fileOutputStream);
            Throwable th2 = null;
            try {
                try {
                    credentials.writeTokenStorageToStream(dataOutputStream);
                    if (dataOutputStream != null) {
                        if (0 != 0) {
                            try {
                                dataOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            dataOutputStream.close();
                        }
                    }
                    log.info("Tokens loaded in " + file.getAbsolutePath());
                } finally {
                }
            } catch (Throwable th4) {
                if (dataOutputStream != null) {
                    if (th2 != null) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
        }
    }

    private static Token<?> getDelegationTokenFromHS(HSClientProtocol hSClientProtocol, Configuration configuration) throws IOException {
        GetDelegationTokenRequest getDelegationTokenRequest = (GetDelegationTokenRequest) RecordFactoryProvider.getRecordFactory((Configuration) null).newRecordInstance(GetDelegationTokenRequest.class);
        getDelegationTokenRequest.setRenewer(Master.getMasterPrincipal(configuration));
        return ConverterUtils.convertFromYarn(hSClientProtocol.getDelegationToken(getDelegationTokenRequest).getDelegationToken(), hSClientProtocol.getConnectAddress());
    }

    public static Text getMRTokenRenewerInternal(JobConf jobConf) throws IOException {
        Text text;
        String str = jobConf.get(YARN_RESOURCEMANAGER_PRINCIPAL, jobConf.get("mapreduce.jobtracker.kerberos.principal"));
        if (str != null) {
            String str2 = jobConf.get(YARN_RESOURCEMANAGER_ADDRESS, jobConf.get(MAPREDUCE_JOBTRACKER_ADDRESS));
            if (str2 == null) {
                str2 = jobConf.get(MAPRED_JOB_TRACKER);
            }
            text = new Text(SecurityUtil.getServerPrincipal(str, NetUtils.createSocketAddr(str2).getHostName()));
        } else {
            text = new Text("azkaban mr tokens");
        }
        return text;
    }
}
