package org.apache.hadoop.mapreduce.v2.hs.server;

import com.google.protobuf.BlockingService;
import java.io.IOException;
import java.net.InetSocketAddress;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.WritableRpcEngine;
import org.apache.hadoop.mapreduce.v2.hs.HSAuditLogger;
import org.apache.hadoop.mapreduce.v2.hs.JobHistory;
import org.apache.hadoop.mapreduce.v2.hs.proto.HSAdminRefreshProtocolProtos;
import org.apache.hadoop.mapreduce.v2.hs.protocol.HSAdminProtocol;
import org.apache.hadoop.mapreduce.v2.hs.protocolPB.HSAdminRefreshProtocolPB;
import org.apache.hadoop.mapreduce.v2.hs.protocolPB.HSAdminRefreshProtocolServerSideTranslatorPB;
import org.apache.hadoop.mapreduce.v2.jobhistory.JHAdminConfig;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.proto.RefreshUserMappingsProtocolProtos;
import org.apache.hadoop.security.protocolPB.RefreshUserMappingsProtocolPB;
import org.apache.hadoop.security.protocolPB.RefreshUserMappingsProtocolServerSideTranslatorPB;
import org.apache.hadoop.service.AbstractService;
import org.apache.hadoop.tools.proto.GetUserMappingsProtocolProtos;
import org.apache.hadoop.tools.protocolPB.GetUserMappingsProtocolPB;
import org.apache.hadoop.tools.protocolPB.GetUserMappingsProtocolServerSideTranslatorPB;
import org.apache.hadoop.yarn.logaggregation.AggregatedLogDeletionService;

@InterfaceAudience.Private
/* loaded from: input_file:lib/hadoop-mapreduce-client-hs-2.4.1-mapr-1408-SNAPSHOT.jar:org/apache/hadoop/mapreduce/v2/hs/server/HSAdminServer.class */
public class HSAdminServer extends AbstractService implements HSAdminProtocol {
    private static final Log LOG = LogFactory.getLog(HSAdminServer.class);
    private AccessControlList adminAcl;
    private AggregatedLogDeletionService aggLogDelService;
    protected RPC.Server clientRpcServer;
    protected InetSocketAddress clientRpcAddress;
    private static final String HISTORY_ADMIN_SERVER = "HSAdminServer";
    private JobHistory jobHistoryService;

    public HSAdminServer(AggregatedLogDeletionService aggregatedLogDeletionService, JobHistory jobHistory) {
        super(HSAdminServer.class.getName());
        this.aggLogDelService = null;
        this.jobHistoryService = null;
        this.aggLogDelService = aggregatedLogDeletionService;
        this.jobHistoryService = jobHistory;
    }

    @Override // org.apache.hadoop.service.AbstractService
    public void serviceInit(Configuration configuration) throws Exception {
        RPC.setProtocolEngine(configuration, RefreshUserMappingsProtocolPB.class, ProtobufRpcEngine.class);
        BlockingService newReflectiveBlockingService = RefreshUserMappingsProtocolProtos.RefreshUserMappingsProtocolService.newReflectiveBlockingService(new RefreshUserMappingsProtocolServerSideTranslatorPB(this));
        BlockingService newReflectiveBlockingService2 = GetUserMappingsProtocolProtos.GetUserMappingsProtocolService.newReflectiveBlockingService(new GetUserMappingsProtocolServerSideTranslatorPB(this));
        BlockingService newReflectiveBlockingService3 = HSAdminRefreshProtocolProtos.HSAdminRefreshProtocolService.newReflectiveBlockingService(new HSAdminRefreshProtocolServerSideTranslatorPB(this));
        WritableRpcEngine.ensureInitialized();
        this.clientRpcAddress = configuration.getSocketAddr(JHAdminConfig.JHS_ADMIN_ADDRESS, JHAdminConfig.DEFAULT_JHS_ADMIN_ADDRESS, JHAdminConfig.DEFAULT_JHS_ADMIN_PORT);
        this.clientRpcServer = new RPC.Builder(configuration).setProtocol(RefreshUserMappingsProtocolPB.class).setInstance(newReflectiveBlockingService).setBindAddress(this.clientRpcAddress.getHostName()).setPort(this.clientRpcAddress.getPort()).setVerbose(false).build();
        addProtocol(configuration, GetUserMappingsProtocolPB.class, newReflectiveBlockingService2);
        addProtocol(configuration, HSAdminRefreshProtocolPB.class, newReflectiveBlockingService3);
        this.adminAcl = new AccessControlList(configuration.get(JHAdminConfig.JHS_ADMIN_ACL, "*"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.AbstractService
    public void serviceStart() throws Exception {
        this.clientRpcServer.start();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.AbstractService
    public void serviceStop() throws Exception {
        if (this.clientRpcServer != null) {
            this.clientRpcServer.stop();
        }
    }

    private void addProtocol(Configuration configuration, Class<?> cls, BlockingService blockingService) throws IOException {
        RPC.setProtocolEngine(configuration, cls, ProtobufRpcEngine.class);
        this.clientRpcServer.addProtocol(RPC.RpcKind.RPC_PROTOCOL_BUFFER, cls, blockingService);
    }

    private UserGroupInformation checkAcls(String str) throws IOException {
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            if (this.adminAcl.isUserAllowed(currentUser)) {
                LOG.info("HS Admin: " + str + " invoked by user " + currentUser.getShortUserName());
                return currentUser;
            }
            LOG.warn("User " + currentUser.getShortUserName() + " doesn't have permission to call '" + str + "'");
            HSAuditLogger.logFailure(currentUser.getShortUserName(), str, this.adminAcl.toString(), HISTORY_ADMIN_SERVER, HSAuditLogger.AuditConstants.UNAUTHORIZED_USER);
            throw new AccessControlException("User " + currentUser.getShortUserName() + " doesn't have permission to call '" + str + "'");
        } catch (IOException e) {
            LOG.warn("Couldn't get current user", e);
            HSAuditLogger.logFailure("UNKNOWN", str, this.adminAcl.toString(), HISTORY_ADMIN_SERVER, "Couldn't get current user");
            throw e;
        }
    }

    @Override // org.apache.hadoop.tools.GetUserMappingsProtocol
    public String[] getGroupsForUser(String str) throws IOException {
        return UserGroupInformation.createRemoteUser(str).getGroupNames();
    }

    @Override // org.apache.hadoop.security.RefreshUserMappingsProtocol
    public void refreshUserToGroupsMappings() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshUserToGroupsMappings");
        Groups.getUserToGroupsMappingService().refresh();
        HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshUserToGroupsMappings", HISTORY_ADMIN_SERVER);
    }

    @Override // org.apache.hadoop.security.RefreshUserMappingsProtocol
    public void refreshSuperUserGroupsConfiguration() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshSuperUserGroupsConfiguration");
        ProxyUsers.refreshSuperUserGroupsConfiguration(createConf());
        HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshSuperUserGroupsConfiguration", HISTORY_ADMIN_SERVER);
    }

    protected Configuration createConf() {
        return new Configuration();
    }

    @Override // org.apache.hadoop.mapreduce.v2.hs.protocol.HSAdminRefreshProtocol
    public void refreshAdminAcls() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshAdminAcls");
        this.adminAcl = new AccessControlList(createConf().get(JHAdminConfig.JHS_ADMIN_ACL, "*"));
        HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshAdminAcls", HISTORY_ADMIN_SERVER);
    }

    @Override // org.apache.hadoop.mapreduce.v2.hs.protocol.HSAdminRefreshProtocol
    public void refreshLoadedJobCache() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshLoadedJobCache");
        try {
            this.jobHistoryService.refreshLoadedJobCache();
            HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshLoadedJobCache", HISTORY_ADMIN_SERVER);
        } catch (UnsupportedOperationException e) {
            HSAuditLogger.logFailure(checkAcls.getShortUserName(), "refreshLoadedJobCache", this.adminAcl.toString(), HISTORY_ADMIN_SERVER, e.getMessage());
            throw e;
        }
    }

    @Override // org.apache.hadoop.mapreduce.v2.hs.protocol.HSAdminRefreshProtocol
    public void refreshLogRetentionSettings() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshLogRetentionSettings");
        this.aggLogDelService.refreshLogRetentionSettings();
        HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshLogRetentionSettings", HISTORY_ADMIN_SERVER);
    }

    @Override // org.apache.hadoop.mapreduce.v2.hs.protocol.HSAdminRefreshProtocol
    public void refreshJobRetentionSettings() throws IOException {
        UserGroupInformation checkAcls = checkAcls("refreshJobRetentionSettings");
        this.jobHistoryService.refreshJobRetentionSettings();
        HSAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshJobRetentionSettings", HISTORY_ADMIN_SERVER);
    }
}
