package org.apache.hadoop.hdfs.security.token.delegation;

import com.google.common.base.Charsets;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hdfs.util.IOUtilsClient;
import org.apache.hadoop.hdfs.web.URLConnectionFactory;
import org.apache.hadoop.hdfs.web.WebHdfsConstants;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdfs/security/token/delegation/DelegationUtilsClient.class */
public class DelegationUtilsClient {
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) DelegationUtilsClient.class);
    public static final String STARTUP_PROGRESS_PATH_SPEC = "/startupProgress";
    public static final String GET_DELEGATION_TOKEN_PATH_SPEC = "/getDelegationToken";
    public static final String RENEW_DELEGATION_TOKEN_PATH_SPEC = "/renewDelegationToken";
    public static final String CANCEL_DELEGATION_TOKEN_PATH_SPEC = "/cancelDelegationToken";
    public static final String TOKEN = "token";
    public static final String RENEWER = "renewer";
    public static final String DELEGATION_PARAMETER_NAME = "delegation";
    private static final String SET_DELEGATION = "&delegation=";

    public static Credentials getDTfromRemote(URLConnectionFactory uRLConnectionFactory, URI uri, String str, String str2) throws IOException {
        StringBuilder append = new StringBuilder(uri.toString()).append(GET_DELEGATION_TOKEN_PATH_SPEC);
        String str3 = "?";
        if (str != null) {
            append.append("?").append("renewer").append(AbstractGangliaSink.EQUAL).append(str);
            str3 = "&";
        }
        if (str2 != null) {
            append.append(str3).append("doas=").append(str2);
        }
        boolean equals = uri.getScheme().equals("https");
        HttpURLConnection httpURLConnection = null;
        DataInputStream dataInputStream = null;
        InetSocketAddress createSocketAddr = NetUtils.createSocketAddr(uri.getAuthority());
        try {
            try {
                LOG.debug("Retrieving token from: {}", append);
                httpURLConnection = run(uRLConnectionFactory, new URL(append.toString()));
                InputStream inputStream = httpURLConnection.getInputStream();
                Credentials credentials = new Credentials();
                dataInputStream = new DataInputStream(inputStream);
                credentials.readFields(dataInputStream);
                for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
                    token.setKind(equals ? WebHdfsConstants.HSFTP_TOKEN_KIND : WebHdfsConstants.HFTP_TOKEN_KIND);
                    SecurityUtil.setTokenService(token, createSocketAddr);
                }
                IOUtilsClient.cleanup(LOG, dataInputStream);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return credentials;
            } catch (Exception e) {
                throw new IOException("Unable to obtain remote token", e);
            }
        } catch (Throwable th) {
            IOUtilsClient.cleanup(LOG, dataInputStream);
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static void cancelDelegationToken(URLConnectionFactory uRLConnectionFactory, URI uri, Token<DelegationTokenIdentifier> token) throws IOException, AuthenticationException {
        run(uRLConnectionFactory, new URL(uri.toString() + CANCEL_DELEGATION_TOKEN_PATH_SPEC + "?token" + AbstractGangliaSink.EQUAL + token.encodeToUrlString())).disconnect();
    }

    public static long renewDelegationToken(URLConnectionFactory uRLConnectionFactory, URI uri, Token<DelegationTokenIdentifier> token) throws IOException, AuthenticationException {
        HttpURLConnection httpURLConnection = null;
        BufferedReader bufferedReader = null;
        try {
            try {
                httpURLConnection = run(uRLConnectionFactory, new URL(uri.toString() + RENEW_DELEGATION_TOKEN_PATH_SPEC + "?token" + AbstractGangliaSink.EQUAL + token.encodeToUrlString()));
                bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), Charsets.UTF_8));
                long parseLong = Long.parseLong(bufferedReader.readLine());
                IOUtilsClient.cleanup(LOG, bufferedReader);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return parseLong;
            } catch (IOException e) {
                LOG.info("error in renew over HTTP", (Throwable) e);
                IOException exceptionFromResponse = getExceptionFromResponse(httpURLConnection);
                if (exceptionFromResponse == null) {
                    throw e;
                }
                LOG.info("rethrowing exception from HTTP request: " + exceptionFromResponse.getLocalizedMessage());
                throw exceptionFromResponse;
            }
        } catch (Throwable th) {
            IOUtilsClient.cleanup(LOG, bufferedReader);
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private static IOException getExceptionFromResponse(HttpURLConnection httpURLConnection) {
        IOException iOException = null;
        if (httpURLConnection == null) {
            return null;
        }
        try {
            String responseMessage = httpURLConnection.getResponseMessage();
            if (responseMessage == null || responseMessage.isEmpty()) {
                return null;
            }
            String[] split = responseMessage.split(CommonConfigurationKeys.NFS_EXPORTS_ALLOWED_HOSTS_SEPARATOR);
            if (split.length < 2) {
                return null;
            }
            String str = split[0];
            String str2 = split[1];
            LOG.info("Error response from HTTP request=" + responseMessage + ";ec=" + str + ";em=" + str2);
            if (str == null || str.isEmpty()) {
                return null;
            }
            try {
                iOException = (IOException) Class.forName(str).asSubclass(Exception.class).getConstructor(String.class).newInstance(str2);
            } catch (Exception e) {
                LOG.warn("failed to create object of this class", (Throwable) e);
            }
            if (iOException == null) {
                return null;
            }
            iOException.setStackTrace(new StackTraceElement[0]);
            LOG.info("Exception from HTTP response=" + iOException.getLocalizedMessage());
            return iOException;
        } catch (IOException e2) {
            return null;
        }
    }

    private static HttpURLConnection run(URLConnectionFactory uRLConnectionFactory, URL url) throws IOException, AuthenticationException {
        HttpURLConnection httpURLConnection = null;
        try {
            httpURLConnection = (HttpURLConnection) uRLConnectionFactory.openConnection(url, true);
            if (httpURLConnection.getResponseCode() == 200) {
                return httpURLConnection;
            }
            throw new IOException("Error when dealing remote token: " + httpURLConnection.getResponseMessage());
        } catch (IOException e) {
            LOG.info("Error when dealing remote token:", (Throwable) e);
            IOException exceptionFromResponse = getExceptionFromResponse(httpURLConnection);
            if (exceptionFromResponse == null) {
                throw e;
            }
            LOG.info("rethrowing exception from HTTP request: " + exceptionFromResponse.getLocalizedMessage());
            throw exceptionFromResponse;
        }
    }

    public static String getDelegationTokenUrlParam(String str) {
        return (str != null && UserGroupInformation.isSecurityEnabled()) ? SET_DELEGATION + str : "";
    }
}
