package org.apache.slider.server.services.security;

import java.io.IOException;
import java.net.InetAddress;
import java.security.PrivilegedExceptionAction;
import java.text.DateFormat;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.apache.slider.common.tools.SliderUtils;
import org.apache.slider.server.appmaster.SliderAppMaster;
import org.apache.slider.server.appmaster.actions.AsyncAction;
import org.apache.slider.server.appmaster.actions.QueueAccess;
import org.apache.slider.server.appmaster.actions.RenewingAction;
import org.apache.slider.server.appmaster.state.AppState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/slider/server/services/security/FsDelegationTokenManager.class */
public class FsDelegationTokenManager {
    private final QueueAccess queue;
    private RenewingAction<RenewAction> renewingAction;
    private UserGroupInformation remoteUser;
    private UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
    private static final Logger log = LoggerFactory.getLogger(FsDelegationTokenManager.class);
    private long renewInterval;
    private RenewAction renewAction;
    private String tokenName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/slider/server/services/security/FsDelegationTokenManager$RenewAction.class */
    public class RenewAction extends AsyncAction {
        Configuration configuration;
        Token<?> token;
        private long tokenExpiryTime;
        private final FileSystem fs;

        RenewAction(String str, Configuration configuration) throws IOException, InterruptedException {
            super(str);
            this.configuration = configuration;
            this.fs = getFileSystem();
            Throwable th = this.fs;
            synchronized (th) {
                this.token = (Token) FsDelegationTokenManager.this.remoteUser.doAs(new PrivilegedExceptionAction<Token<?>>() { // from class: org.apache.slider.server.services.security.FsDelegationTokenManager.RenewAction.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Token<?> run() throws Exception {
                        FsDelegationTokenManager.log.info("Obtaining HDFS delgation token with user {}", FsDelegationTokenManager.this.remoteUser.getShortUserName());
                        Token<?> delegationToken = RenewAction.this.fs.getDelegationToken(FsDelegationTokenManager.this.remoteUser.getShortUserName());
                        RenewAction.this.tokenExpiryTime = RenewAction.this.getTokenExpiryTime(delegationToken);
                        FsDelegationTokenManager.log.info("Initial delegation token obtained with expiry time of {}", RenewAction.this.getPrintableExpirationTime(RenewAction.this.tokenExpiryTime));
                        return delegationToken;
                    }
                });
                th = th;
                FsDelegationTokenManager.log.info("Initial request returned delegation token {}", this.token);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public long getTokenExpiryTime(Token token) throws IOException {
            return token.decodeIdentifier().getMaxDate();
        }

        protected FileSystem getFileSystem() throws IOException, InterruptedException {
            return (FileSystem) FsDelegationTokenManager.this.remoteUser.doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.slider.server.services.security.FsDelegationTokenManager.RenewAction.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    Configuration configuration = new Configuration(RenewAction.this.configuration);
                    configuration.setBoolean("fs.hdfs.impl.disable.cache", true);
                    return FsDelegationTokenManager.this.getRemoteFileSystemForRenewal(configuration);
                }
            });
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v20 */
        /* JADX WARN: Type inference failed for: r0v23 */
        /* JADX WARN: Type inference failed for: r0v24 */
        /* JADX WARN: Type inference failed for: r0v3, types: [org.apache.hadoop.fs.FileSystem] */
        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v7 */
        @Override // org.apache.slider.server.appmaster.actions.AsyncAction
        public void execute(SliderAppMaster sliderAppMaster, QueueAccess queueAccess, AppState appState) throws Exception {
            if (this.fs != null) {
                ?? r0 = this.fs;
                synchronized (r0) {
                    try {
                        ((Long) FsDelegationTokenManager.this.remoteUser.doAs(new PrivilegedExceptionAction<Long>() { // from class: org.apache.slider.server.services.security.FsDelegationTokenManager.RenewAction.3
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public Long run() throws Exception {
                                long renew = RenewAction.this.token.renew(RenewAction.this.fs.getConf());
                                FsDelegationTokenManager.log.info("HDFS delegation token renewed.  Renewal cycle ends at {}", RenewAction.this.getPrintableExpirationTime(renew));
                                return Long.valueOf(renew);
                            }
                        })).longValue();
                        long now = this.tokenExpiryTime - Time.now();
                        if (now < FsDelegationTokenManager.this.renewInterval) {
                            FsDelegationTokenManager.log.info("Interval of {} less than renew interval.  Getting new token", Long.valueOf(now));
                            RenewAction renewAction = this;
                            renewAction.getNewToken();
                            r0 = renewAction;
                        } else {
                            RenewAction renewAction2 = this;
                            renewAction2.updateRenewalTime(FsDelegationTokenManager.this.renewInterval);
                            r0 = renewAction2;
                        }
                    } catch (IOException e) {
                        FsDelegationTokenManager.log.info("Exception raised by renew", e);
                        getNewToken();
                    }
                    r0 = r0;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getPrintableExpirationTime(long j) {
            return DateFormat.getDateTimeInstance().format(new Date(j));
        }

        private void getNewToken() throws InterruptedException, IOException {
            try {
                Text service = this.token.getService();
                Token<?>[] tokenArr = (Token[]) FsDelegationTokenManager.this.remoteUser.doAs(new PrivilegedExceptionAction<Token<?>[]>() { // from class: org.apache.slider.server.services.security.FsDelegationTokenManager.RenewAction.4
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Token<?>[] run() throws Exception {
                        return RenewAction.this.fs.addDelegationTokens(FsDelegationTokenManager.this.remoteUser.getShortUserName(), (Credentials) null);
                    }
                });
                if (tokenArr.length == 0) {
                    throw new IOException("addDelegationTokens returned no tokens");
                }
                this.token = findMatchingToken(service, tokenArr);
                FsDelegationTokenManager.this.currentUser.addToken(this.token.getService(), this.token);
                this.tokenExpiryTime = getTokenExpiryTime(this.token);
                FsDelegationTokenManager.log.info("Expired HDFS delegation token replaced and added as credential to current user.  Token expires at {}", getPrintableExpirationTime(this.tokenExpiryTime));
                updateRenewalTime(FsDelegationTokenManager.this.renewInterval);
            } catch (IOException e) {
                throw new IOException("Can't get new delegation token ", e);
            }
        }

        private void updateRenewalTime(long j) {
            long j2 = j - (j / 10);
            FsDelegationTokenManager.this.renewingAction.updateInterval(j2, TimeUnit.MILLISECONDS);
            FsDelegationTokenManager.log.info("Token renewal set for {} ms from now", Long.valueOf(j2));
        }

        private Token<?> findMatchingToken(Text text, Token<?>[] tokenArr) {
            Token<?> token = null;
            for (int i = 0; token == null && i < tokenArr.length; i++) {
                if (tokenArr[i].getService().equals(text)) {
                    token = tokenArr[i];
                }
            }
            return token;
        }

        Token<?> getToken() {
            Token<?> token = this.fs;
            synchronized (token) {
                token = this.token;
            }
            return token;
        }
    }

    public FsDelegationTokenManager(QueueAccess queueAccess) throws IOException {
        this.queue = queueAccess;
    }

    private void createRemoteUser(Configuration configuration) throws IOException {
        Configuration configuration2 = new Configuration(configuration);
        configuration2.set("hadoop.security.authentication", "kerberos");
        this.remoteUser = UserGroupInformation.loginUserFromKeytabAndReturnUGI(SecurityUtil.getServerPrincipal(configuration2.get("dfs.namenode.kerberos.principal"), InetAddress.getLocalHost().getCanonicalHostName()), configuration2.get("dfs.namenode.keytab.file"));
        log.info("Created remote user {}.  UGI reports current user is {}", this.remoteUser, UserGroupInformation.getCurrentUser());
    }

    public void acquireDelegationToken(Configuration configuration) throws IOException, InterruptedException {
        if (this.remoteUser == null) {
            createRemoteUser(configuration);
        }
        if (SliderUtils.isHadoopClusterSecure(configuration) && this.renewingAction == null) {
            this.renewInterval = configuration.getLong("dfs.namenode.delegation.token.renew-interval", 86400000L);
            this.renewAction = new RenewAction("HDFS renew", configuration);
            Token<?> token = this.renewAction.getToken();
            this.currentUser.addToken(token.getService(), token);
            log.info("HDFS delegation token {} acquired and set as credential for current user", token);
            this.renewingAction = new RenewingAction<>(this.renewAction, (int) this.renewInterval, (int) this.renewInterval, TimeUnit.MILLISECONDS, getRenewingLimit());
            log.info("queuing HDFS delegation token renewal interval of {} milliseconds", Long.valueOf(this.renewInterval));
            queue(this.renewingAction);
        }
    }

    public void cancelDelegationToken(Configuration configuration) throws IOException, InterruptedException {
        this.queue.removeRenewingAction(getRenewingActionName());
        if (this.renewAction != null) {
            this.renewAction.getToken().cancel(configuration);
        }
        log.info("Renewing action {} removed and HDFS delegation token renewal cancelled", getRenewingActionName());
    }

    protected int getRenewingLimit() {
        return 0;
    }

    protected void queue(RenewingAction<RenewAction> renewingAction) {
        this.queue.renewing(getRenewingActionName(), renewingAction);
    }

    protected String getRenewingActionName() {
        if (this.tokenName == null) {
            this.tokenName = "HDFS renewing token " + UUID.randomUUID();
        }
        return this.tokenName;
    }

    protected FileSystem getRemoteFileSystemForRenewal(Configuration configuration) throws IOException {
        return FileSystem.get(configuration);
    }
}
