package com.mapr.hadoop.yarn.resourcemanager;

import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.fs.proto.Security;
import com.mapr.hadoop.yarn.util.YarnAppUtil;
import com.mapr.security.MutableInt;
import com.mapr.security.Security;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
import org.apache.hadoop.yarn.conf.YarnDefaultProperties;
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;

/* loaded from: input_file:com/mapr/hadoop/yarn/resourcemanager/MapRTicketGenerator.class */
public class MapRTicketGenerator {
    private static final Log LOG = LogFactory.getLog(MapRTicketGenerator.class);

    public void generateToken(ApplicationSubmissionContext applicationSubmissionContext, String str, Configuration configuration) {
        if (UserGroupInformation.isSecurityEnabled()) {
            try {
                generateMapRLoginTicket(applicationSubmissionContext.getApplicationId(), str, configuration);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public void removeToken(ApplicationId applicationId, Configuration configuration) {
        if (UserGroupInformation.isSecurityEnabled()) {
            try {
                FileSystem fileSystem = FileSystem.get(configuration);
                Path rMSystemDir = YarnAppUtil.getRMSystemDir(applicationId.toString(), fileSystem, configuration);
                fileSystem.delete(rMSystemDir, true);
                if (LOG.isDebugEnabled()) {
                    LOG.error("Removed system ticket dir from MFS: " + rMSystemDir);
                }
                fileSystem.delete(YarnAppUtil.getRMStagingDir(applicationId.toString(), fileSystem, configuration), true);
                if (LOG.isDebugEnabled()) {
                    LOG.error("Removed staging ticket dir from MFS: " + rMSystemDir);
                }
            } catch (IOException e) {
                throw new YarnRuntimeException(e);
            }
        }
    }

    private void generateMapRLoginTicket(ApplicationId applicationId, String str, Configuration configuration) throws IOException {
        String applicationId2 = applicationId.toString();
        FileSystem fileSystem = FileSystem.get(configuration);
        Path rMStagingDir = YarnAppUtil.getRMStagingDir(applicationId2, fileSystem, configuration);
        Path mapRTicketPath = YarnAppUtil.getMapRTicketPath(rMStagingDir);
        boolean z = false;
        FSDataInputStream fSDataInputStream = null;
        if (fileSystem.isFile(mapRTicketPath)) {
            fSDataInputStream = fileSystem.open(mapRTicketPath);
        }
        if (fSDataInputStream != null) {
            try {
                if (!Security.IsTicketAndKeyUsable(Security.GetTicketAndKeyForCluster(Security.ServerKeyType.ServerKey, CLDBRpcCommonUtils.getInstance().getCurrentClusterName(), new MutableInt()))) {
                    fSDataInputStream.close();
                    fSDataInputStream = null;
                    z = true;
                    LOG.debug("Existing ticket " + mapRTicketPath + " has expired. Closing input stream");
                }
            } catch (Throwable th) {
                throw new IOException("Getting expiry time for existing security ticket for app: " + applicationId + " and user: " + str + " failed", th);
            }
        }
        Path rMSystemDir = YarnAppUtil.getRMSystemDir(applicationId2, fileSystem, configuration);
        FileSystem.mkdirs(fileSystem, rMSystemDir, YarnAppUtil.APP_DIR_PERMISSION);
        Path mapRTicketPath2 = YarnAppUtil.getMapRTicketPath(rMSystemDir);
        FSDataOutputStream create = FileSystem.create(fileSystem, mapRTicketPath2, new FsPermission(YarnAppUtil.APP_FILE_PERMISSION));
        long currentTimeMillis = System.currentTimeMillis() + Long.parseLong(configuration.get(YarnDefaultProperties.MAPR_TICKET_EXPIRY));
        try {
            if (fSDataInputStream != null) {
                try {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Cloning MapR ticket for app: " + applicationId + " user: " + str + " at " + mapRTicketPath2);
                    }
                    try {
                        com.mapr.security.Security.CloneAndGenerateTicketFile(fSDataInputStream, currentTimeMillis, create);
                    } catch (IOException e) {
                        String message = e.getMessage();
                        if (message != null && message.contains("62")) {
                            fSDataInputStream.close();
                            fSDataInputStream = null;
                            z = true;
                        }
                        if (!z) {
                            throw new IOException(e);
                        }
                    }
                } catch (Throwable th2) {
                    throw new IOException("Security Ticket for app: " + applicationId + " and user: " + str + " failed", th2);
                }
            }
            if (fSDataInputStream == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Generating MapR ticket for app: " + applicationId + " user: " + str + " at " + mapRTicketPath2);
                }
                com.mapr.security.Security.MergeAndGenerateTicketFile(fSDataInputStream, str, currentTimeMillis, create);
                if (z) {
                    LOG.debug("Deleting existing expired ticket: " + mapRTicketPath);
                    fileSystem.delete(mapRTicketPath, true);
                }
            }
        } finally {
            if (fSDataInputStream != null) {
                fSDataInputStream.close();
            }
            create.close();
            if (LOG.isDebugEnabled()) {
                LOG.error("Retained staged ticket dir from MFS: " + rMStagingDir);
            }
        }
    }
}
