package org.apache.hadoop.hdfs.server.datanode.web.webhdfs;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.thirdparty.com.google.common.cache.Cache;
import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-3.3.4.2-eep-900.jar:org/apache/hadoop/hdfs/server/datanode/web/webhdfs/DataNodeUGIProvider.class */
public class DataNodeUGIProvider {
    private final ParameterParser params;

    @VisibleForTesting
    static Cache<String, UserGroupInformation> ugiCache;
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) Client.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public DataNodeUGIProvider(ParameterParser parameterParser) {
        this.params = parameterParser;
    }

    public static synchronized void init(Configuration configuration) {
        if (ugiCache == null) {
            ugiCache = CacheBuilder.newBuilder().expireAfterAccess(configuration.getInt(DFSConfigKeys.DFS_WEBHDFS_UGI_EXPIRE_AFTER_ACCESS_KEY, 600000), TimeUnit.MILLISECONDS).build();
        }
    }

    @VisibleForTesting
    void clearCache() throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            this.params.delegationToken().decodeIdentifier().clearCache();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserGroupInformation ugi() throws IOException {
        UserGroupInformation userGroupInformation;
        try {
            if (UserGroupInformation.isSecurityEnabled()) {
                final Token<DelegationTokenIdentifier> delegationToken = this.params.delegationToken();
                userGroupInformation = ugiCache.get(buildTokenCacheKey(delegationToken), new Callable<UserGroupInformation>() { // from class: org.apache.hadoop.hdfs.server.datanode.web.webhdfs.DataNodeUGIProvider.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public UserGroupInformation call() throws Exception {
                        return DataNodeUGIProvider.this.tokenUGI(delegationToken);
                    }
                });
            } else {
                final String userName = this.params.userName();
                final String doAsUser = this.params.doAsUser();
                final String defaultWebUserName = userName == null ? JspHelper.getDefaultWebUserName(this.params.conf()) : userName;
                userGroupInformation = ugiCache.get(buildNonTokenCacheKey(doAsUser, defaultWebUserName), new Callable<UserGroupInformation>() { // from class: org.apache.hadoop.hdfs.server.datanode.web.webhdfs.DataNodeUGIProvider.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public UserGroupInformation call() throws Exception {
                        return DataNodeUGIProvider.this.nonTokenUGI(userName, doAsUser, defaultWebUserName);
                    }
                });
            }
            return userGroupInformation;
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            throw new IOException(cause);
        }
    }

    private String buildTokenCacheKey(Token<DelegationTokenIdentifier> token) {
        return token.buildCacheKey();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserGroupInformation tokenUGI(Token<DelegationTokenIdentifier> token) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        delegationTokenIdentifier.readFields(dataInputStream);
        UserGroupInformation user = delegationTokenIdentifier.getUser();
        user.addToken(token);
        return user;
    }

    private String buildNonTokenCacheKey(String str, String str2) throws IOException {
        return str == null ? String.format("{%s}", str2) : String.format("{%s}:{%s}", str2, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserGroupInformation nonTokenUGI(String str, String str2, String str3) throws IOException {
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str3);
        JspHelper.checkUsername(createRemoteUser.getShortUserName(), str);
        if (str2 != null) {
            createRemoteUser = UserGroupInformation.createProxyUser(str2, createRemoteUser);
        }
        return createRemoteUser;
    }
}
