package org.apache.hadoop.hive.thrift;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jodd.util.StringPool;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLBackgroundPathAndBytesable;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.api.BackgroundPathAndBytesable;
import org.apache.curator.framework.imps.CuratorFrameworkState;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.hive.thrift.DelegationTokenStore;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.class */
public class ZooKeeperTokenStore implements DelegationTokenStore {
    private static final Logger LOGGER = LoggerFactory.getLogger(ZooKeeperTokenStore.class.getName());
    protected static final String ZK_SEQ_FORMAT = "%010d";
    private static final String NODE_KEYS = "/keys";
    private static final String NODE_TOKENS = "/tokens";
    private volatile CuratorFramework zkSession;
    private String zkConnectString;
    private int connectTimeoutMillis;
    private HadoopThriftAuthBridge.Server.ServerMode serverMode;
    private Configuration conf;
    private String rootNode = "";
    private List<ACL> newNodeAcl = Arrays.asList(new ACL(31, ZooDefs.Ids.AUTH_IDS));
    private final ACLProvider aclDefaultProvider = new ACLProvider() { // from class: org.apache.hadoop.hive.thrift.ZooKeeperTokenStore.1
        public List<ACL> getDefaultAcl() {
            return ZooKeeperTokenStore.this.newNodeAcl;
        }

        public List<ACL> getAclForPath(String str) {
            return getDefaultAcl();
        }
    };
    private final String WHEN_ZK_DSTORE_MSG = "when zookeeper based delegation token storage is enabled(hive.cluster.delegation.token.store.class=" + ZooKeeperTokenStore.class.getName() + StringPool.RIGHT_BRACKET;

    protected ZooKeeperTokenStore() {
    }

    private CuratorFramework getSession() {
        if (this.zkSession == null || this.zkSession.getState() == CuratorFrameworkState.STOPPED) {
            synchronized (this) {
                if (this.zkSession == null || this.zkSession.getState() == CuratorFrameworkState.STOPPED) {
                    this.zkSession = CuratorFrameworkFactory.builder().connectString(this.zkConnectString).connectionTimeoutMs(this.connectTimeoutMillis).aclProvider(this.aclDefaultProvider).retryPolicy(new ExponentialBackoffRetry(DateUtils.MILLIS_IN_SECOND, 3)).build();
                    this.zkSession.start();
                }
            }
        }
        return this.zkSession;
    }

    private void setupJAASConfig(Configuration configuration) throws IOException {
        String nonEmptyConfVar;
        String nonEmptyConfVar2;
        if (!UserGroupInformation.getLoginUser().isFromKeytab()) {
            LOGGER.warn("Login is not from keytab");
            return;
        }
        switch (this.serverMode) {
            case METASTORE:
                nonEmptyConfVar = getNonEmptyConfVar(configuration, "hive.metastore.kerberos.principal");
                nonEmptyConfVar2 = getNonEmptyConfVar(configuration, "hive.metastore.kerberos.keytab.file");
                break;
            case HIVESERVER2:
                nonEmptyConfVar = getNonEmptyConfVar(configuration, "hive.server2.authentication.kerberos.principal");
                nonEmptyConfVar2 = getNonEmptyConfVar(configuration, "hive.server2.authentication.kerberos.keytab");
                break;
            default:
                throw new AssertionError("Unexpected server mode " + this.serverMode);
        }
        ShimLoader.getHadoopShims().setZookeeperClientKerberosJaasConfig(nonEmptyConfVar, nonEmptyConfVar2);
    }

    private String getNonEmptyConfVar(Configuration configuration, String str) throws IOException {
        String str2 = configuration.get(str);
        if (str2 == null || str2.trim().isEmpty()) {
            throw new IOException("Configuration parameter " + str + " should be set, " + this.WHEN_ZK_DSTORE_MSG);
        }
        return str2;
    }

    public void ensurePath(String str, List<ACL> list) throws DelegationTokenStore.TokenStoreException {
        try {
            LOGGER.info("Created path: {} ", (String) ((BackgroundPathAndBytesable) ((ACLBackgroundPathAndBytesable) getSession().create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT)).withACL(list)).forPath(str));
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Error creating path " + str, e);
        } catch (KeeperException.NodeExistsException e2) {
        }
    }

    public static int getPermFromString(String str) {
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            switch (str.charAt(i2)) {
                case 'a':
                    i |= 16;
                    break;
                case 'c':
                    i |= 4;
                    break;
                case 'd':
                    i |= 8;
                    break;
                case 'r':
                    i |= 1;
                    break;
                case 'w':
                    i |= 2;
                    break;
                default:
                    LOGGER.error("Unknown perm type: " + str.charAt(i2));
                    break;
            }
        }
        return i;
    }

    public static List<ACL> parseACLs(String str) {
        String[] splitByWholeSeparator = StringUtils.splitByWholeSeparator(str, ",");
        ArrayList arrayList = new ArrayList(splitByWholeSeparator.length);
        for (String str2 : splitByWholeSeparator) {
            if (!StringUtils.isBlank(str2)) {
                String trim = str2.trim();
                int indexOf = trim.indexOf(58);
                int lastIndexOf = trim.lastIndexOf(58);
                if (indexOf == -1 || lastIndexOf == -1 || indexOf == lastIndexOf) {
                    LOGGER.error(trim + " does not have the form scheme:id:perm");
                } else {
                    ACL acl = new ACL();
                    acl.setId(new Id(trim.substring(0, indexOf), trim.substring(indexOf + 1, lastIndexOf)));
                    acl.setPerms(getPermFromString(trim.substring(lastIndexOf + 1)));
                    arrayList.add(acl);
                }
            }
        }
        return arrayList;
    }

    private void initClientAndPaths() {
        if (this.zkSession != null) {
            this.zkSession.close();
        }
        try {
            ensurePath(this.rootNode + NODE_KEYS, this.newNodeAcl);
            ensurePath(this.rootNode + NODE_TOKENS, this.newNodeAcl);
        } catch (DelegationTokenStore.TokenStoreException e) {
            throw e;
        }
    }

    public void setConf(Configuration configuration) {
        if (configuration == null) {
            throw new IllegalArgumentException("conf is null");
        }
        this.conf = configuration;
    }

    public Configuration getConf() {
        return null;
    }

    private Map<Integer, byte[]> getAllKeys() throws KeeperException, InterruptedException {
        String str = this.rootNode + NODE_KEYS;
        List<String> zkGetChildren = zkGetChildren(str);
        HashMap hashMap = new HashMap();
        for (String str2 : zkGetChildren) {
            byte[] zkGetData = zkGetData(str + "/" + str2);
            if (zkGetData != null) {
                hashMap.put(Integer.valueOf(getSeq(str2)), zkGetData);
            }
        }
        return hashMap;
    }

    private List<String> zkGetChildren(String str) {
        try {
            return (List) getSession().getChildren().forPath(str);
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Error getting children for " + str, e);
        }
    }

    private byte[] zkGetData(String str) {
        try {
            return (byte[]) getSession().getData().forPath(str);
        } catch (KeeperException.NoNodeException e) {
            return null;
        } catch (Exception e2) {
            throw new DelegationTokenStore.TokenStoreException("Error reading " + str, e2);
        }
    }

    private int getSeq(String str) {
        String[] split = str.split("/");
        return Integer.parseInt(split[split.length - 1]);
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public int addMasterKey(String str) {
        String str2 = this.rootNode + NODE_KEYS + "/";
        try {
            String str3 = (String) ((BackgroundPathAndBytesable) ((ACLBackgroundPathAndBytesable) getSession().create().withMode(CreateMode.PERSISTENT_SEQUENTIAL)).withACL(this.newNodeAcl)).forPath(str2, str.getBytes());
            LOGGER.info("Added key {}", str3);
            return getSeq(str3);
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Error creating new node with path " + str2, e);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public void updateMasterKey(int i, String str) {
        CuratorFramework session = getSession();
        String str2 = this.rootNode + NODE_KEYS + "/" + String.format(ZK_SEQ_FORMAT, Integer.valueOf(i));
        try {
            session.setData().forPath(str2, str.getBytes());
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Error setting data in " + str2, e);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public boolean removeMasterKey(int i) {
        zkDelete(this.rootNode + NODE_KEYS + "/" + String.format(ZK_SEQ_FORMAT, Integer.valueOf(i)));
        return true;
    }

    private void zkDelete(String str) {
        try {
            getSession().delete().forPath(str);
        } catch (KeeperException.NoNodeException e) {
        } catch (Exception e2) {
            throw new DelegationTokenStore.TokenStoreException("Error deleting " + str, e2);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public String[] getMasterKeys() {
        try {
            Map<Integer, byte[]> allKeys = getAllKeys();
            String[] strArr = new String[allKeys.size()];
            int i = 0;
            Iterator<byte[]> it = allKeys.values().iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                strArr[i2] = new String(it.next());
            }
            return strArr;
        } catch (InterruptedException e) {
            throw new DelegationTokenStore.TokenStoreException(e);
        } catch (KeeperException e2) {
            throw new DelegationTokenStore.TokenStoreException(e2);
        }
    }

    private String getTokenPath(DelegationTokenIdentifier delegationTokenIdentifier) {
        try {
            return this.rootNode + NODE_TOKENS + "/" + TokenStoreDelegationTokenSecretManager.encodeWritable(delegationTokenIdentifier);
        } catch (IOException e) {
            throw new DelegationTokenStore.TokenStoreException("Failed to encode token identifier", e);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public boolean addToken(DelegationTokenIdentifier delegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation) {
        byte[] encodeDelegationTokenInformation = HiveDelegationTokenSupport.encodeDelegationTokenInformation(delegationTokenInformation);
        String tokenPath = getTokenPath(delegationTokenIdentifier);
        try {
            LOGGER.info("Added token: {}", (String) ((BackgroundPathAndBytesable) ((ACLBackgroundPathAndBytesable) getSession().create().withMode(CreateMode.PERSISTENT)).withACL(this.newNodeAcl)).forPath(tokenPath, encodeDelegationTokenInformation));
            return true;
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Error creating new node with path " + tokenPath, e);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public boolean removeToken(DelegationTokenIdentifier delegationTokenIdentifier) {
        zkDelete(getTokenPath(delegationTokenIdentifier));
        return true;
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public AbstractDelegationTokenSecretManager.DelegationTokenInformation getToken(DelegationTokenIdentifier delegationTokenIdentifier) {
        try {
            return HiveDelegationTokenSupport.decodeDelegationTokenInformation(zkGetData(getTokenPath(delegationTokenIdentifier)));
        } catch (Exception e) {
            throw new DelegationTokenStore.TokenStoreException("Failed to decode token", e);
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public List<DelegationTokenIdentifier> getAllDelegationTokenIdentifiers() {
        List<String> zkGetChildren = zkGetChildren(this.rootNode + NODE_TOKENS);
        ArrayList arrayList = new ArrayList(zkGetChildren.size());
        for (String str : zkGetChildren) {
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
            try {
                TokenStoreDelegationTokenSecretManager.decodeWritable(delegationTokenIdentifier, str);
                arrayList.add(delegationTokenIdentifier);
            } catch (Exception e) {
                LOGGER.warn("Failed to decode token '{}'", str);
            }
        }
        return arrayList;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.zkSession != null) {
            this.zkSession.close();
        }
    }

    @Override // org.apache.hadoop.hive.thrift.DelegationTokenStore
    public void init(Object obj, HadoopThriftAuthBridge.Server.ServerMode serverMode) {
        this.serverMode = serverMode;
        this.zkConnectString = this.conf.get(HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR, (String) null);
        if (this.zkConnectString == null || this.zkConnectString.trim().isEmpty()) {
            this.zkConnectString = this.conf.get(HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE, (String) null);
            if (this.zkConnectString == null || this.zkConnectString.trim().isEmpty()) {
                throw new IllegalArgumentException("Zookeeper connect string has to be specifed through either hive.cluster.delegation.token.store.zookeeper.connectString or hive.zookeeper.quorum" + this.WHEN_ZK_DSTORE_MSG);
            }
        }
        this.connectTimeoutMillis = this.conf.getInt(HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_CONNECT_TIMEOUTMILLIS, CuratorFrameworkFactory.builder().getConnectionTimeoutMs());
        String str = this.conf.get(HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_ACL, (String) null);
        if (StringUtils.isNotBlank(str)) {
            this.newNodeAcl = parseACLs(str);
        }
        this.rootNode = this.conf.get(HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_ZNODE, HadoopThriftAuthBridge20S.Server.DELEGATION_TOKEN_STORE_ZK_ZNODE_DEFAULT) + this.serverMode;
        try {
            setupJAASConfig(this.conf);
            initClientAndPaths();
        } catch (IOException e) {
            throw new DelegationTokenStore.TokenStoreException("Error setting up JAAS configuration for zookeeper client " + e.getMessage(), e);
        }
    }
}
