package org.apache.hadoop.security.token.delegation.web;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901.jar:org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.class */
public class DelegationTokenManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DelegationTokenManager.class);
    public static final String ENABLE_ZK_KEY = "zk-dt-secret-manager.enable";
    public static final String PREFIX = "delegation-token.";
    public static final String UPDATE_INTERVAL = "delegation-token.update-interval.sec";
    public static final long UPDATE_INTERVAL_DEFAULT = 86400;
    public static final String MAX_LIFETIME = "delegation-token.max-lifetime.sec";
    public static final long MAX_LIFETIME_DEFAULT = 604800;
    public static final String RENEW_INTERVAL = "delegation-token.renew-interval.sec";
    public static final long RENEW_INTERVAL_DEFAULT = 86400;
    public static final String REMOVAL_SCAN_INTERVAL = "delegation-token.removal-scan-interval.sec";
    public static final long REMOVAL_SCAN_INTERVAL_DEFAULT = 3600;
    private AbstractDelegationTokenSecretManager secretManager;
    private boolean managedSecretManager;

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901.jar:org/apache/hadoop/security/token/delegation/web/DelegationTokenManager$DelegationTokenSecretManager.class */
    private static class DelegationTokenSecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
        private Text tokenKind;

        public DelegationTokenSecretManager(Configuration configuration, Text text) {
            super(configuration.getLong(DelegationTokenManager.UPDATE_INTERVAL, 86400L) * 1000, configuration.getLong(DelegationTokenManager.MAX_LIFETIME, DelegationTokenManager.MAX_LIFETIME_DEFAULT) * 1000, configuration.getLong(DelegationTokenManager.RENEW_INTERVAL, 86400L) * 1000, configuration.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL, 3600L) * 1000);
            this.tokenKind = text;
        }

        @Override // org.apache.hadoop.security.token.SecretManager
        public DelegationTokenIdentifier createIdentifier() {
            return new DelegationTokenIdentifier(this.tokenKind);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
        public DelegationTokenIdentifier decodeTokenIdentifier(Token<DelegationTokenIdentifier> token) throws IOException {
            return DelegationTokenManager.decodeToken(token, this.tokenKind);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901.jar:org/apache/hadoop/security/token/delegation/web/DelegationTokenManager$ZKSecretManager.class */
    private static class ZKSecretManager extends ZKDelegationTokenSecretManager<DelegationTokenIdentifier> {
        private Text tokenKind;

        public ZKSecretManager(Configuration configuration, Text text) {
            super(configuration);
            this.tokenKind = text;
        }

        @Override // org.apache.hadoop.security.token.SecretManager
        public DelegationTokenIdentifier createIdentifier() {
            return new DelegationTokenIdentifier(this.tokenKind);
        }

        @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
        public DelegationTokenIdentifier decodeTokenIdentifier(Token<DelegationTokenIdentifier> token) throws IOException {
            return DelegationTokenManager.decodeToken(token, this.tokenKind);
        }

        @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
        public /* bridge */ /* synthetic */ AbstractDelegationTokenIdentifier decodeTokenIdentifier(Token token) throws IOException {
            return decodeTokenIdentifier((Token<DelegationTokenIdentifier>) token);
        }
    }

    public DelegationTokenManager(Configuration configuration, Text text) {
        this.secretManager = null;
        if (configuration.getBoolean(ENABLE_ZK_KEY, false)) {
            this.secretManager = new ZKSecretManager(configuration, text);
        } else {
            this.secretManager = new DelegationTokenSecretManager(configuration, text);
        }
        this.managedSecretManager = true;
    }

    public void setExternalDelegationTokenSecretManager(AbstractDelegationTokenSecretManager abstractDelegationTokenSecretManager) {
        this.secretManager.stopThreads();
        this.secretManager = abstractDelegationTokenSecretManager;
        this.managedSecretManager = false;
    }

    public void init() {
        if (this.managedSecretManager) {
            try {
                this.secretManager.startThreads();
            } catch (IOException e) {
                throw new RuntimeException("Could not start " + this.secretManager.getClass() + ": " + e.toString(), e);
            }
        }
    }

    public void destroy() {
        if (this.managedSecretManager) {
            this.secretManager.stopThreads();
        }
    }

    public Token<? extends AbstractDelegationTokenIdentifier> createToken(UserGroupInformation userGroupInformation, String str) {
        return createToken(userGroupInformation, str, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Token<? extends AbstractDelegationTokenIdentifier> createToken(UserGroupInformation userGroupInformation, String str, String str2) {
        Logger logger = LOG;
        Object[] objArr = new Object[3];
        objArr[0] = userGroupInformation;
        objArr[1] = str;
        objArr[2] = str2 != null ? str2 : "";
        logger.debug("Creating token with ugi:{}, renewer:{}, service:{}.", objArr);
        String shortUserName = str == null ? userGroupInformation.getShortUserName() : str;
        Text text = new Text(userGroupInformation.getUserName());
        Text text2 = null;
        if (userGroupInformation.getRealUser() != null) {
            text2 = new Text(userGroupInformation.getRealUser().getUserName());
        }
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) this.secretManager.createIdentifier();
        abstractDelegationTokenIdentifier.setOwner(text);
        abstractDelegationTokenIdentifier.setRenewer(new Text(shortUserName));
        abstractDelegationTokenIdentifier.setRealUser(text2);
        Token<? extends AbstractDelegationTokenIdentifier> token = new Token<>(abstractDelegationTokenIdentifier, this.secretManager);
        if (str2 != null) {
            token.setService(new Text(str2));
        }
        return token;
    }

    public long renewToken(Token<? extends AbstractDelegationTokenIdentifier> token, String str) throws IOException {
        LOG.debug("Renewing token:{} with renewer:{}.", token, str);
        return this.secretManager.renewToken(token, str);
    }

    public void cancelToken(Token<? extends AbstractDelegationTokenIdentifier> token, String str) throws IOException {
        LOG.debug("Cancelling token:{} with canceler:{}.", token, str);
        this.secretManager.cancelToken(token, str != null ? str : verifyToken(token).getShortUserName());
    }

    public UserGroupInformation verifyToken(Token<? extends AbstractDelegationTokenIdentifier> token) throws IOException {
        AbstractDelegationTokenIdentifier decodeTokenIdentifier = this.secretManager.decodeTokenIdentifier(token);
        this.secretManager.verifyToken(decodeTokenIdentifier, token.getPassword());
        return decodeTokenIdentifier.getUser();
    }

    @VisibleForTesting
    public AbstractDelegationTokenSecretManager getDelegationTokenSecretManager() {
        return this.secretManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DelegationTokenIdentifier decodeToken(Token<DelegationTokenIdentifier> token, Text text) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier(text);
        delegationTokenIdentifier.readFields(dataInputStream);
        dataInputStream.close();
        return delegationTokenIdentifier;
    }
}
