package org.apache.storm.hdfs.security;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.net.URI;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.commons.math3.util.Pair;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.storm.common.AbstractAutoCreds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/hdfs/security/AutoHDFS.class */
public class AutoHDFS extends AbstractAutoCreds {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AutoHDFS.class);
    public static final String HDFS_CREDENTIALS = "HDFS_CREDENTIALS";
    public static final String TOPOLOGY_HDFS_URI = "topology.hdfs.uri";
    private String hdfsKeyTab;
    private String hdfsPrincipal;

    @Override // org.apache.storm.common.AbstractAutoCreds
    public void doPrepare(Map map) {
        if (map.containsKey(HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY) && map.containsKey(HdfsSecurityUtil.STORM_USER_NAME_KEY)) {
            this.hdfsKeyTab = (String) map.get(HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY);
            this.hdfsPrincipal = (String) map.get(HdfsSecurityUtil.STORM_USER_NAME_KEY);
        }
    }

    @Override // org.apache.storm.common.AbstractAutoCreds
    protected String getConfigKeyString() {
        return HdfsSecurityUtil.HDFS_CREDENTIALS_CONFIG_KEYS;
    }

    public void shutdown() {
    }

    @Override // org.apache.storm.common.AbstractAutoCreds
    protected byte[] getHadoopCredentials(Map<String, Object> map, String str, String str2) {
        return getHadoopCredentials(map, getHadoopConfiguration(map, str), str2);
    }

    @Override // org.apache.storm.common.AbstractAutoCreds
    protected byte[] getHadoopCredentials(Map<String, Object> map, String str) {
        return getHadoopCredentials(map, new Configuration(), str);
    }

    private Configuration getHadoopConfiguration(Map map, String str) {
        Configuration configuration = new Configuration();
        fillHadoopConfiguration(map, str, configuration);
        return configuration;
    }

    private byte[] getHadoopCredentials(Map<String, Object> map, final Configuration configuration, final String str) {
        try {
            if (!UserGroupInformation.isSecurityEnabled()) {
                throw new RuntimeException("Security is not enabled for HDFS");
            }
            login(configuration);
            final URI uri = map.containsKey(TOPOLOGY_HDFS_URI) ? new URI(map.get(TOPOLOGY_HDFS_URI).toString()) : FileSystem.getDefaultUri(configuration);
            final UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser(str, UserGroupInformation.getCurrentUser());
            Credentials credentials = (Credentials) createProxyUser.doAs(new PrivilegedAction<Object>() { // from class: org.apache.storm.hdfs.security.AutoHDFS.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        FileSystem fileSystem = FileSystem.get(uri, configuration);
                        Credentials credentials2 = createProxyUser.getCredentials();
                        if (configuration.get(HdfsSecurityUtil.STORM_USER_NAME_KEY) == null) {
                            configuration.set(HdfsSecurityUtil.STORM_USER_NAME_KEY, AutoHDFS.this.hdfsPrincipal);
                        }
                        fileSystem.addDelegationTokens(configuration.get(HdfsSecurityUtil.STORM_USER_NAME_KEY), credentials2);
                        AutoHDFS.LOG.info("Delegation tokens acquired for user {}", str);
                        return credentials2;
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                }
            });
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            credentials.write(objectOutputStream);
            objectOutputStream.flush();
            objectOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new RuntimeException("Failed to get delegation tokens.", e);
        }
    }

    @Override // org.apache.storm.common.AbstractAutoCreds
    public void doRenew(Map<String, String> map, Map<String, Object> map2, String str) {
        for (Pair<String, Credentials> pair : getCredentials(map)) {
            try {
                Configuration hadoopConfiguration = getHadoopConfiguration(map2, pair.getFirst());
                Collection<Token<? extends TokenIdentifier>> allTokens = pair.getSecond().getAllTokens();
                if (allTokens == null || allTokens.isEmpty()) {
                    LOG.debug("No tokens found for credentials, skipping renewal.");
                } else {
                    for (Token<? extends TokenIdentifier> token : allTokens) {
                        login(hadoopConfiguration);
                        LOG.info("HDFS delegation token renewed, new expiration time {}", Long.valueOf(token.renew(hadoopConfiguration)));
                    }
                }
            } catch (Exception e) {
                LOG.warn("could not renew the credentials, one of the possible reason is tokens are beyond renewal period so attempting to get new tokens.", (Throwable) e);
                populateCredentials(map, map2, str);
            }
        }
    }

    private void login(Configuration configuration) throws IOException {
        if (configuration.get(HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY) == null) {
            configuration.set(HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY, this.hdfsKeyTab);
        }
        if (configuration.get(HdfsSecurityUtil.STORM_USER_NAME_KEY) == null) {
            configuration.set(HdfsSecurityUtil.STORM_USER_NAME_KEY, this.hdfsPrincipal);
        }
        SecurityUtil.login(configuration, HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY, HdfsSecurityUtil.STORM_USER_NAME_KEY);
        LOG.info("Logged into hdfs with principal {}", configuration.get(HdfsSecurityUtil.STORM_USER_NAME_KEY));
    }

    @Override // org.apache.storm.common.AbstractAutoCreds
    protected String getCredentialKey(String str) {
        return HDFS_CREDENTIALS + str;
    }

    public static void main(String[] strArr) throws Exception {
        HashMap hashMap = new HashMap();
        String str = strArr[0];
        hashMap.put(HdfsSecurityUtil.STORM_USER_NAME_KEY, strArr[1]);
        hashMap.put(HdfsSecurityUtil.STORM_KEYTAB_FILE_KEY, strArr[2]);
        new Configuration();
        AutoHDFS autoHDFS = new AutoHDFS();
        autoHDFS.prepare(hashMap);
        HashMap hashMap2 = new HashMap();
        autoHDFS.populateCredentials(hashMap2, hashMap, str);
        LOG.info("Got HDFS credentials", autoHDFS.getCredentials(hashMap2));
        Subject subject = new Subject();
        autoHDFS.populateSubject(subject, hashMap2);
        LOG.info("Got a Subject " + subject);
        autoHDFS.renew(hashMap2, hashMap, str);
        LOG.info("renewed credentials", autoHDFS.getCredentials(hashMap2));
    }

    public void populateCredentials(Map<String, String> map, Map map2) {
        throw new IllegalStateException("SHOULD NOT BE CALLED");
    }

    public void renew(Map<String, String> map, Map map2) {
        throw new IllegalStateException("SHOULD NOT BE CALLED");
    }
}
