package org.apache.hadoop.hdfs.web;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.DelegationTokenRenewer;
import org.apache.hadoop.fs.DelegationTokenRenewer.Renewable;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenRenewer;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSelector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/hadoop-hdfs-2.3.0.jar:org/apache/hadoop/hdfs/web/TokenAspect.class */
public final class TokenAspect<T extends FileSystem & DelegationTokenRenewer.Renewable> {
    private DelegationTokenRenewer.RenewAction<?> action;
    private DelegationTokenRenewer dtRenewer = null;
    private final DTSelecorByKind dtSelector;
    private final T fs;
    private boolean hasInitedToken;
    private final Log LOG;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/hadoop-hdfs-2.3.0.jar:org/apache/hadoop/hdfs/web/TokenAspect$DTSelecorByKind.class */
    public static class DTSelecorByKind extends AbstractDelegationTokenSelector<DelegationTokenIdentifier> {
        private static final DelegationTokenSelector selector = new DelegationTokenSelector();

        public DTSelecorByKind(Text text) {
            super(text);
        }

        Token<DelegationTokenIdentifier> selectToken(URI uri, Collection<Token<?>> collection, Configuration configuration) {
            Token<DelegationTokenIdentifier> selectToken = selectToken(SecurityUtil.buildTokenService(uri), collection);
            if (selectToken == null) {
                selectToken = selector.selectToken(uri, collection, configuration);
            }
            return selectToken;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/hadoop-hdfs-2.3.0.jar:org/apache/hadoop/hdfs/web/TokenAspect$TokenManagementDelegator.class */
    public interface TokenManagementDelegator {
        void cancelDelegationToken(Token<?> token) throws IOException;

        URI getCanonicalUri();

        long renewDelegationToken(Token<?> token) throws IOException;
    }

    @InterfaceAudience.Private
    /* loaded from: input_file:lib/hadoop-hdfs-2.3.0.jar:org/apache/hadoop/hdfs/web/TokenAspect$TokenManager.class */
    public static class TokenManager extends TokenRenewer {
        @Override // org.apache.hadoop.security.token.TokenRenewer
        public void cancel(Token<?> token, Configuration configuration) throws IOException {
            getInstance(token, configuration).cancelDelegationToken(token);
        }

        @Override // org.apache.hadoop.security.token.TokenRenewer
        public boolean handleKind(Text text) {
            return text.equals(HftpFileSystem.TOKEN_KIND) || text.equals(HsftpFileSystem.TOKEN_KIND) || text.equals(WebHdfsFileSystem.TOKEN_KIND) || text.equals(SWebHdfsFileSystem.TOKEN_KIND);
        }

        @Override // org.apache.hadoop.security.token.TokenRenewer
        public boolean isManaged(Token<?> token) throws IOException {
            return true;
        }

        @Override // org.apache.hadoop.security.token.TokenRenewer
        public long renew(Token<?> token, Configuration configuration) throws IOException {
            return getInstance(token, configuration).renewDelegationToken(token);
        }

        private TokenManagementDelegator getInstance(Token<?> token, Configuration configuration) throws IOException {
            URI createUri;
            InetSocketAddress tokenServiceAddr = SecurityUtil.getTokenServiceAddr(token);
            Text kind = token.getKind();
            if (kind.equals(HftpFileSystem.TOKEN_KIND)) {
                createUri = DFSUtil.createUri(HftpFileSystem.SCHEME, tokenServiceAddr);
            } else if (kind.equals(HsftpFileSystem.TOKEN_KIND)) {
                createUri = DFSUtil.createUri(HsftpFileSystem.SCHEME, tokenServiceAddr);
            } else if (kind.equals(WebHdfsFileSystem.TOKEN_KIND)) {
                createUri = DFSUtil.createUri(WebHdfsFileSystem.SCHEME, tokenServiceAddr);
            } else {
                if (!kind.equals(SWebHdfsFileSystem.TOKEN_KIND)) {
                    throw new IllegalArgumentException("Unsupported scheme");
                }
                createUri = DFSUtil.createUri(SWebHdfsFileSystem.SCHEME, tokenServiceAddr);
            }
            return (TokenManagementDelegator) FileSystem.get(createUri, configuration);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenAspect(T t, Text text) {
        this.LOG = LogFactory.getLog(t.getClass());
        this.fs = t;
        this.dtSelector = new DTSelecorByKind(text);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void ensureTokenInitialized() throws IOException {
        if (this.hasInitedToken && (this.action == null || this.action.isValid())) {
            return;
        }
        Token<?> delegationToken = this.fs.getDelegationToken(null);
        if (delegationToken != null) {
            this.fs.setDelegationToken(delegationToken);
            addRenewAction(this.fs);
            this.LOG.debug("Created new DT for " + delegationToken.getService());
        }
        this.hasInitedToken = true;
    }

    public synchronized void reset() {
        this.hasInitedToken = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void initDelegationToken(UserGroupInformation userGroupInformation) {
        Token<DelegationTokenIdentifier> selectDelegationToken = selectDelegationToken(userGroupInformation);
        if (selectDelegationToken != null) {
            this.LOG.debug("Found existing DT for " + selectDelegationToken.getService());
            this.fs.setDelegationToken(selectDelegationToken);
            this.hasInitedToken = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void removeRenewAction() throws IOException {
        if (this.dtRenewer != null) {
            this.dtRenewer.removeRenewAction(this.fs);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public Token<DelegationTokenIdentifier> selectDelegationToken(UserGroupInformation userGroupInformation) {
        return this.dtSelector.selectToken(((TokenManagementDelegator) this.fs).getCanonicalUri(), userGroupInformation.getTokens(), this.fs.getConf());
    }

    private synchronized void addRenewAction(T t) {
        if (this.dtRenewer == null) {
            this.dtRenewer = DelegationTokenRenewer.getInstance();
        }
        this.action = this.dtRenewer.addRenewAction(t);
    }
}
