package org.apache.kyuubi.spark.connector.hive;

import java.lang.reflect.UndeclaredThrowableException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaHookLoader;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.spark.SparkConf;
import org.apache.spark.internal.Logging;
import org.apache.spark.security.HadoopDelegationTokenProvider;
import org.apache.spark.sql.hive.kyuubi.connector.HiveBridgeHelper$;
import org.slf4j.Logger;
import scala.$less$colon$less$;
import scala.Function0;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.collection.ArrayOps$;
import scala.collection.JavaConverters$;
import scala.collection.StringOps$;
import scala.collection.immutable.Set;
import scala.collection.mutable.HashSet;
import scala.collection.mutable.HashSet$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.control.NonFatal$;

/* compiled from: KyuubiHiveConnectorDelegationTokenProvider.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005Uc\u0001B\b\u0011\u0001uAQ!\r\u0001\u0005\u0002IBQ!\u000e\u0001\u0005BYBqA\u0011\u0001C\u0002\u0013%1\t\u0003\u0004L\u0001\u0001\u0006I\u0001\u0012\u0005\u0006\u0019\u0002!I!\u0014\u0005\u0006S\u0002!IA\u001b\u0005\u0006_\u0002!\t\u0005\u001d\u0005\u0006_\u0002!IA\u001e\u0005\u0006u\u0002!\te\u001f\u0005\b\u0003'\u0001A\u0011BA\u000b\u000f\u001d\tI\u0004\u0005E\u0001\u0003w1aa\u0004\t\t\u0002\u0005u\u0002BB\u0019\r\t\u0003\ty\u0004C\u0004\u0002B1!\t!a\u0011\u0003U-KX/\u001e2j\u0011&4XmQ8o]\u0016\u001cGo\u001c:EK2,w-\u0019;j_:$vn[3o!J|g/\u001b3fe*\u0011\u0011CE\u0001\u0005Q&4XM\u0003\u0002\u0014)\u0005I1m\u001c8oK\u000e$xN\u001d\u0006\u0003+Y\tQa\u001d9be.T!a\u0006\r\u0002\r-LX/\u001e2j\u0015\tI\"$\u0001\u0004ba\u0006\u001c\u0007.\u001a\u0006\u00027\u0005\u0019qN]4\u0004\u0001M!\u0001A\b\u0013,!\ty\"%D\u0001!\u0015\u0005\t\u0013!B:dC2\f\u0017BA\u0012!\u0005\u0019\te.\u001f*fMB\u0011Q%K\u0007\u0002M)\u0011q\u0005K\u0001\tg\u0016\u001cWO]5us*\u0011Q\u0003G\u0005\u0003U\u0019\u0012Q\u0004S1e_>\u0004H)\u001a7fO\u0006$\u0018n\u001c8U_.,g\u000e\u0015:pm&$WM\u001d\t\u0003Y=j\u0011!\f\u0006\u0003]!\n\u0001\"\u001b8uKJt\u0017\r\\\u0005\u0003a5\u0012q\u0001T8hO&tw-\u0001\u0004=S:LGO\u0010\u000b\u0002gA\u0011A\u0007A\u0007\u0002!\u0005Y1/\u001a:wS\u000e,g*Y7f+\u00059\u0004C\u0001\u001d@\u001d\tIT\b\u0005\u0002;A5\t1H\u0003\u0002=9\u00051AH]8pizJ!A\u0010\u0011\u0002\rA\u0013X\rZ3g\u0013\t\u0001\u0015I\u0001\u0004TiJLgn\u001a\u0006\u0003}\u0001\nQc\u00197bgNtu\u000e\u001e$pk:$WI\u001d:peN#(/F\u0001E!\t)%*D\u0001G\u0015\t9\u0005*\u0001\u0003mC:<'\"A%\u0002\t)\fg/Y\u0005\u0003\u0001\u001a\u000bac\u00197bgNtu\u000e\u001e$pk:$WI\u001d:peN#(\u000fI\u0001\tQ&4XmQ8oMR!aJ\u00171h!\ryr*U\u0005\u0003!\u0002\u0012aa\u00149uS>t\u0007C\u0001*Y\u001b\u0005\u0019&B\u0001+V\u0003\u0011\u0019wN\u001c4\u000b\u0005E1&BA,\u0019\u0003\u0019A\u0017\rZ8pa&\u0011\u0011l\u0015\u0002\t\u0011&4XmQ8oM\")1,\u0002a\u00019\u0006I1\u000f]1sW\u000e{gN\u001a\t\u0003;zk\u0011\u0001K\u0005\u0003?\"\u0012\u0011b\u00159be.\u001cuN\u001c4\t\u000b\u0005,\u0001\u0019\u00012\u0002\u0015!\fGm\\8q\u0007>tg\r\u0005\u0002dK6\tAM\u0003\u0002U-&\u0011a\r\u001a\u0002\u000e\u0007>tg-[4ve\u0006$\u0018n\u001c8\t\u000b!,\u0001\u0019A\u001c\u0002\u001f!Lg/Z\"bi\u0006dwn\u001a(b[\u0016\fq#\u001a=ue\u0006\u001cG\u000fS5wK\u000e\u000bG/\u00197pO:\u000bW.Z:\u0015\u0005-t\u0007c\u0001\u001dmo%\u0011Q.\u0011\u0002\u0004'\u0016$\b\"B.\u0007\u0001\u0004a\u0016\u0001\u00073fY\u0016<\u0017\r^5p]R{7.\u001a8t%\u0016\fX/\u001b:fIR\u0019\u0011\u000f^;\u0011\u0005}\u0011\u0018BA:!\u0005\u001d\u0011un\u001c7fC:DQaW\u0004A\u0002qCQ!Y\u0004A\u0002\t$B!]<ys\")1\f\u0003a\u00019\")A\n\u0003a\u0001#\")\u0001\u000e\u0003a\u0001o\u00051rN\u0019;bS:$U\r\\3hCRLwN\u001c+pW\u0016t7\u000fF\u0004}\u0003\u0003\t\u0019!!\u0002\u0011\u0007}yU\u0010\u0005\u0002 }&\u0011q\u0010\t\u0002\u0005\u0019>tw\rC\u0003b\u0013\u0001\u0007!\rC\u0003\\\u0013\u0001\u0007A\fC\u0004\u0002\b%\u0001\r!!\u0003\u0002\u000b\r\u0014X\rZ:\u0011\t\u0005-\u0011qB\u0007\u0003\u0003\u001bQ!a\n,\n\t\u0005E\u0011Q\u0002\u0002\f\u0007J,G-\u001a8uS\u0006d7/\u0001\u0007e_\u0006\u001b(+Z1m+N,'/\u0006\u0003\u0002\u0018\u0005uA\u0003BA\r\u0003_\u0001B!a\u0007\u0002\u001e1\u0001AaBA\u0010\u0015\t\u0007\u0011\u0011\u0005\u0002\u0002)F!\u00111EA\u0015!\ry\u0012QE\u0005\u0004\u0003O\u0001#a\u0002(pi\"Lgn\u001a\t\u0004?\u0005-\u0012bAA\u0017A\t\u0019\u0011I\\=\t\u0011\u0005E\"\u0002\"a\u0001\u0003g\t!A\u001a8\u0011\u000b}\t)$!\u0007\n\u0007\u0005]\u0002E\u0001\u0005=Eft\u0017-\\3?\u0003)Z\u00150^;cS\"Kg/Z\"p]:,7\r^8s\t\u0016dWmZ1uS>tGk\\6f]B\u0013xN^5eKJ\u0004\"\u0001\u000e\u0007\u0014\u00051qBCAA\u001e\u0003]iW\r^1ti>\u0014X\rV8lK:\u001c\u0016n\u001a8biV\u0014X\rF\u00028\u0003\u000bBq!a\u0012\u000f\u0001\u0004\tI%\u0001\bdCR\fGn\\4PaRLwN\\:\u0011\r\u0005-\u0013\u0011K\u001c8\u001b\t\tiEC\u0002\u0002P!\u000bA!\u001e;jY&!\u00111KA'\u0005\ri\u0015\r\u001d")
/* loaded from: input_file:org/apache/kyuubi/spark/connector/hive/KyuubiHiveConnectorDelegationTokenProvider.class */
public class KyuubiHiveConnectorDelegationTokenProvider implements HadoopDelegationTokenProvider, Logging {
    private final String classNotFoundErrorStr;
    private transient Logger org$apache$spark$internal$Logging$$log_;

    public static String metastoreTokenSignature(Map<String, String> map) {
        return KyuubiHiveConnectorDelegationTokenProvider$.MODULE$.metastoreTokenSignature(map);
    }

    public String logName() {
        return Logging.logName$(this);
    }

    public Logger log() {
        return Logging.log$(this);
    }

    public void logInfo(Function0<String> function0) {
        Logging.logInfo$(this, function0);
    }

    public void logDebug(Function0<String> function0) {
        Logging.logDebug$(this, function0);
    }

    public void logTrace(Function0<String> function0) {
        Logging.logTrace$(this, function0);
    }

    public void logWarning(Function0<String> function0) {
        Logging.logWarning$(this, function0);
    }

    public void logError(Function0<String> function0) {
        Logging.logError$(this, function0);
    }

    public void logInfo(Function0<String> function0, Throwable th) {
        Logging.logInfo$(this, function0, th);
    }

    public void logDebug(Function0<String> function0, Throwable th) {
        Logging.logDebug$(this, function0, th);
    }

    public void logTrace(Function0<String> function0, Throwable th) {
        Logging.logTrace$(this, function0, th);
    }

    public void logWarning(Function0<String> function0, Throwable th) {
        Logging.logWarning$(this, function0, th);
    }

    public void logError(Function0<String> function0, Throwable th) {
        Logging.logError$(this, function0, th);
    }

    public boolean isTraceEnabled() {
        return Logging.isTraceEnabled$(this);
    }

    public void initializeLogIfNecessary(boolean z) {
        Logging.initializeLogIfNecessary$(this, z);
    }

    public boolean initializeLogIfNecessary(boolean z, boolean z2) {
        return Logging.initializeLogIfNecessary$(this, z, z2);
    }

    public boolean initializeLogIfNecessary$default$2() {
        return Logging.initializeLogIfNecessary$default$2$(this);
    }

    public void initializeForcefully(boolean z, boolean z2) {
        Logging.initializeForcefully$(this, z, z2);
    }

    public Logger org$apache$spark$internal$Logging$$log_() {
        return this.org$apache$spark$internal$Logging$$log_;
    }

    public void org$apache$spark$internal$Logging$$log__$eq(Logger logger) {
        this.org$apache$spark$internal$Logging$$log_ = logger;
    }

    public String serviceName() {
        return "kyuubi-hive-connector";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String classNotFoundErrorStr() {
        return this.classNotFoundErrorStr;
    }

    private Option<HiveConf> hiveConf(SparkConf sparkConf, Configuration configuration, String str) {
        None$ none$;
        try {
            HiveConf hiveConf = new HiveConf(configuration, HiveConf.class);
            ArrayOps$.MODULE$.foreach$extension(Predef$.MODULE$.refArrayOps(sparkConf.getAllWithPrefix(new StringBuilder(19).append("spark.sql.catalog.").append(str).append(".").toString())), tuple2 -> {
                $anonfun$hiveConf$1(hiveConf, tuple2);
                return BoxedUnit.UNIT;
            });
            hiveConf.set("hive.metastore.fastpath", "false");
            return new Some(hiveConf);
        } catch (Throwable th) {
            if (th != null) {
                Option unapply = NonFatal$.MODULE$.unapply(th);
                if (!unapply.isEmpty()) {
                    logWarning(() -> {
                        return "Fail to create Hive Configuration";
                    }, (Throwable) unapply.get());
                    none$ = None$.MODULE$;
                    return none$;
                }
            }
            if (!(th instanceof NoClassDefFoundError)) {
                throw th;
            }
            logWarning(() -> {
                return this.classNotFoundErrorStr();
            }, (NoClassDefFoundError) th);
            none$ = None$.MODULE$;
            return none$;
        }
    }

    private Set<String> extractHiveCatalogNames(SparkConf sparkConf) {
        return Predef$.MODULE$.wrapRefArray((Object[]) ArrayOps$.MODULE$.distinct$extension(Predef$.MODULE$.refArrayOps((Object[]) ArrayOps$.MODULE$.flatMap$extension(Predef$.MODULE$.refArrayOps((Object[]) ArrayOps$.MODULE$.filter$extension(Predef$.MODULE$.refArrayOps(sparkConf.getAllWithPrefix("spark.sql.catalog.")), tuple2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$extractHiveCatalogNames$1(tuple2));
        })), tuple22 -> {
            if (tuple22 == null) {
                throw new MatchError(tuple22);
            }
            return ArrayOps$.MODULE$.headOption$extension(Predef$.MODULE$.refArrayOps(StringOps$.MODULE$.stripPrefix$extension(Predef$.MODULE$.augmentString((String) tuple22._1()), "spark.sql.catalog.").split("\\.")));
        }, ClassTag$.MODULE$.apply(String.class))))).toSet();
    }

    public boolean delegationTokensRequired(SparkConf sparkConf, Configuration configuration) {
        Set<String> extractHiveCatalogNames = extractHiveCatalogNames(sparkConf);
        logDebug(() -> {
            return new StringBuilder(43).append("Recognized Kyuubi Hive Connector catalogs: ").append(extractHiveCatalogNames).toString();
        });
        return extractHiveCatalogNames.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$delegationTokensRequired$2(this, sparkConf, configuration, str));
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean delegationTokensRequired(SparkConf sparkConf, HiveConf hiveConf, String str) {
        boolean z = sparkConf.getBoolean(new StringBuilder(51).append("spark.sql.catalog.").append(str).append(".delegation.token.renewal.enabled").toString(), true);
        String str2 = sparkConf.get(new StringBuilder(38).append("spark.sql.catalog.").append(str).append(".hive.metastore.uris").toString(), "");
        Token token = UserGroupInformation.getCurrentUser().getCredentials().getToken(new Text(str2));
        if (z && StringOps$.MODULE$.nonEmpty$extension(Predef$.MODULE$.augmentString(str2)) && token == null) {
            UserGroupInformation.AuthenticationMethod authenticationMethod = SecurityUtil.getAuthenticationMethod(hiveConf);
            UserGroupInformation.AuthenticationMethod authenticationMethod2 = UserGroupInformation.AuthenticationMethod.SIMPLE;
            if (authenticationMethod != null ? !authenticationMethod.equals(authenticationMethod2) : authenticationMethod2 != null) {
                if (hiveConf.getBoolean("hive.metastore.sasl.enabled", false) && (HiveBridgeHelper$.MODULE$.SparkHadoopUtil().get().isProxyUser(UserGroupInformation.getCurrentUser()) || (!HiveBridgeHelper$.MODULE$.Utils().isClientMode(sparkConf) && !sparkConf.contains("spark.kerberos.keytab")))) {
                    return true;
                }
            }
        }
        return false;
    }

    public Option<Object> obtainDelegationTokens(Configuration configuration, SparkConf sparkConf, Credentials credentials) {
        None$ none$;
        HashSet empty = HashSet$.MODULE$.empty();
        try {
            try {
                Set<String> extractHiveCatalogNames = extractHiveCatalogNames(sparkConf);
                logDebug(() -> {
                    return new StringBuilder(26).append("Recognized Hive catalogs: ").append(extractHiveCatalogNames).toString();
                });
                Set set = (Set) extractHiveCatalogNames.filter(str -> {
                    return BoxesRunTime.boxToBoolean($anonfun$obtainDelegationTokens$2(this, sparkConf, configuration, str));
                });
                logDebug(() -> {
                    return new StringBuilder(29).append("Require token Hive catalogs: ").append(set).toString();
                });
                set.foreach(str2 -> {
                    $anonfun$obtainDelegationTokens$5(this, sparkConf, configuration, empty, credentials, str2);
                    return BoxedUnit.UNIT;
                });
                none$ = None$.MODULE$;
            } catch (NoClassDefFoundError unused) {
                logWarning(() -> {
                    return this.classNotFoundErrorStr();
                });
                none$ = None$.MODULE$;
            }
            return none$;
        } finally {
            empty.foreach(iMetaStoreClient -> {
                $anonfun$obtainDelegationTokens$13(iMetaStoreClient);
                return BoxedUnit.UNIT;
            });
        }
    }

    private <T> T doAsRealUser(final Function0<T> function0) {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        try {
            final KyuubiHiveConnectorDelegationTokenProvider kyuubiHiveConnectorDelegationTokenProvider = null;
            return (T) ((UserGroupInformation) Option$.MODULE$.apply(currentUser.getRealUser()).getOrElse(() -> {
                return currentUser;
            })).doAs(new PrivilegedExceptionAction<T>(kyuubiHiveConnectorDelegationTokenProvider, function0) { // from class: org.apache.kyuubi.spark.connector.hive.KyuubiHiveConnectorDelegationTokenProvider$$anon$1
                private final Function0 fn$1;

                @Override // java.security.PrivilegedExceptionAction
                public T run() {
                    return (T) this.fn$1.apply();
                }

                {
                    this.fn$1 = function0;
                }
            });
        } catch (UndeclaredThrowableException e) {
            throw ((Throwable) Option$.MODULE$.apply(e.getCause()).getOrElse(() -> {
                return e;
            }));
        }
    }

    public static final /* synthetic */ void $anonfun$hiveConf$1(HiveConf hiveConf, Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        hiveConf.set((String) tuple2._1(), (String) tuple2._2());
        BoxedUnit boxedUnit = BoxedUnit.UNIT;
    }

    public static final /* synthetic */ boolean $anonfun$extractHiveCatalogNames$1(Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        String str = (String) tuple2._2();
        String name = HiveTableCatalog.class.getName();
        return str != null ? str.equals(name) : name == null;
    }

    public static final /* synthetic */ boolean $anonfun$delegationTokensRequired$2(KyuubiHiveConnectorDelegationTokenProvider kyuubiHiveConnectorDelegationTokenProvider, SparkConf sparkConf, Configuration configuration, String str) {
        return kyuubiHiveConnectorDelegationTokenProvider.hiveConf(sparkConf, configuration, str).exists(hiveConf -> {
            return BoxesRunTime.boxToBoolean(kyuubiHiveConnectorDelegationTokenProvider.delegationTokensRequired(sparkConf, hiveConf, str));
        });
    }

    public static final /* synthetic */ boolean $anonfun$obtainDelegationTokens$2(KyuubiHiveConnectorDelegationTokenProvider kyuubiHiveConnectorDelegationTokenProvider, SparkConf sparkConf, Configuration configuration, String str) {
        return kyuubiHiveConnectorDelegationTokenProvider.hiveConf(sparkConf, configuration, str).exists(hiveConf -> {
            return BoxesRunTime.boxToBoolean(kyuubiHiveConnectorDelegationTokenProvider.delegationTokensRequired(sparkConf, hiveConf, str));
        });
    }

    public static final /* synthetic */ void $anonfun$obtainDelegationTokens$7(KyuubiHiveConnectorDelegationTokenProvider kyuubiHiveConnectorDelegationTokenProvider, String str, SparkConf sparkConf, HashSet hashSet, Credentials credentials, HiveConf hiveConf) {
        String str2 = sparkConf.get(new StringBuilder(38).append("spark.sql.catalog.").append(str).append(".hive.metastore.uris").toString(), "");
        Predef$.MODULE$.assert(StringOps$.MODULE$.nonEmpty$extension(Predef$.MODULE$.augmentString(str2)));
        String metastoreTokenSignature = KyuubiHiveConnectorDelegationTokenProvider$.MODULE$.metastoreTokenSignature((Map) JavaConverters$.MODULE$.mapAsJavaMapConverter(Predef$.MODULE$.wrapRefArray(sparkConf.getAllWithPrefix(new StringBuilder(19).append("spark.sql.catalog.").append(str).append(".").toString())).toMap($less$colon$less$.MODULE$.refl())).asJava());
        String str3 = "hive.metastore.kerberos.principal";
        String trimmed = hiveConf.getTrimmed("hive.metastore.kerberos.principal", "");
        Predef$.MODULE$.require(StringOps$.MODULE$.nonEmpty$extension(Predef$.MODULE$.augmentString(trimmed)), () -> {
            return new StringBuilder(25).append("Hive principal ").append(str3).append(" undefined").toString();
        });
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        kyuubiHiveConnectorDelegationTokenProvider.logInfo(() -> {
            return new StringBuilder(0).append(new StringBuilder(43).append("Getting Hive delegation token for ").append(currentUser.getUserName()).append(" against ").toString()).append(new StringBuilder(4).append(trimmed).append(" at ").append(str2).toString()).toString();
        });
        kyuubiHiveConnectorDelegationTokenProvider.doAsRealUser(() -> {
            HiveMetaStoreClient hiveMetaStoreClient = new HiveMetaStoreClient(hiveConf, (HiveMetaHookLoader) null, Predef$.MODULE$.boolean2Boolean(false));
            hashSet.$plus$eq(hiveMetaStoreClient);
            String delegationToken = hiveMetaStoreClient.getDelegationToken(currentUser.getUserName(), trimmed);
            Token token = new Token();
            token.decodeFromUrlString(delegationToken);
            token.setService(new Text(metastoreTokenSignature));
            kyuubiHiveConnectorDelegationTokenProvider.logDebug(() -> {
                return new StringBuilder(31).append("Get Token from hive metastore: ").append(token.toString()).toString();
            });
            credentials.addToken(new Text(str2), token);
        });
    }

    public static final /* synthetic */ void $anonfun$obtainDelegationTokens$5(KyuubiHiveConnectorDelegationTokenProvider kyuubiHiveConnectorDelegationTokenProvider, SparkConf sparkConf, Configuration configuration, HashSet hashSet, Credentials credentials, String str) {
        HiveBridgeHelper$.MODULE$.Utils().tryLogNonFatalError(() -> {
            kyuubiHiveConnectorDelegationTokenProvider.hiveConf(sparkConf, configuration, str).foreach(hiveConf -> {
                $anonfun$obtainDelegationTokens$7(kyuubiHiveConnectorDelegationTokenProvider, str, sparkConf, hashSet, credentials, hiveConf);
                return BoxedUnit.UNIT;
            });
        });
    }

    public static final /* synthetic */ void $anonfun$obtainDelegationTokens$13(IMetaStoreClient iMetaStoreClient) {
        HiveBridgeHelper$.MODULE$.Utils().tryLogNonFatalError(() -> {
            iMetaStoreClient.close();
        });
    }

    public KyuubiHiveConnectorDelegationTokenProvider() {
        Logging.$init$(this);
        logInfo(() -> {
            return new StringBuilder(63).append("Hadoop Delegation Token provider for service [").append(this.serviceName()).append("] is initialized.").toString();
        });
        this.classNotFoundErrorStr = new StringBuilder(30).append("You are attempting to use the ").append(new StringBuilder(63).append(getClass().getCanonicalName()).append(", but your Spark distribution is not built with Hive libraries.").toString()).toString();
    }
}
