package org.apache.hive.hcatalog.templeton;

import java.io.File;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.thrift.TException;

/* loaded from: input_file:org/apache/hive/hcatalog/templeton/SecureProxySupport.class */
public class SecureProxySupport {
    private Path tokenPath;
    private final String HCAT_SERVICE = "hcat";
    private boolean isEnabled = UserGroupInformation.isSecurityEnabled();
    private String user;
    private static final Log LOG = LogFactory.getLog(SecureProxySupport.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hive/hcatalog/templeton/SecureProxySupport$TokenWrapper.class */
    public class TokenWrapper {
        Token<?> token;

        TokenWrapper() {
        }
    }

    public Path getTokenPath() {
        return this.tokenPath;
    }

    public String getHcatServiceStr() {
        return "hcat";
    }

    public Path open(String str, Configuration configuration) throws IOException, InterruptedException {
        close();
        if (this.isEnabled) {
            this.user = str;
            this.tokenPath = new Path(File.createTempFile(Main.SERVLET_PATH, null).toURI());
            Token<?> fSDelegationToken = getFSDelegationToken(str, configuration);
            try {
                String buildHcatDelegationToken = buildHcatDelegationToken(str);
                Token<?> token = new Token<>();
                token.decodeFromUrlString(buildHcatDelegationToken);
                token.setService(new Text("hcat"));
                writeProxyDelegationTokens(fSDelegationToken, token, configuration, str, this.tokenPath);
            } catch (Exception e) {
                throw new IOException(e);
            }
        }
        return this.tokenPath;
    }

    public void close() {
        if (this.tokenPath != null) {
            new File(this.tokenPath.toUri()).delete();
            this.tokenPath = null;
        }
    }

    public void addEnv(Map<String, String> map) {
        if (this.isEnabled) {
            map.put("HADOOP_TOKEN_FILE_LOCATION", getTokenPath().toUri().getPath());
        }
    }

    public void addArgs(List<String> list) {
        if (this.isEnabled) {
            list.add("-D");
            list.add("hive.metastore.token.signature=" + getHcatServiceStr());
            list.add("-D");
            list.add("proxy.user.name=" + this.user);
        }
    }

    private Token<?> getFSDelegationToken(String str, final Configuration configuration) throws IOException, InterruptedException {
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        final UserGroupInformation ugi = UgiFactory.getUgi(str);
        final TokenWrapper tokenWrapper = new TokenWrapper();
        ugi.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                FileSystem fileSystem = FileSystem.get(configuration);
                tokenWrapper.token = fileSystem.getDelegationToken(ugi.getShortUserName());
                return null;
            }
        });
        return tokenWrapper.token;
    }

    private void writeProxyDelegationTokens(Token<?> token, final Token<?> token2, final Configuration configuration, String str, final Path path) throws IOException, InterruptedException {
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        UgiFactory.getUgi(str).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                Credentials credentials = new Credentials();
                credentials.addToken(token2.getService(), token2);
                credentials.writeTokenStorageFile(path, configuration);
                return null;
            }
        });
    }

    private String buildHcatDelegationToken(String str) throws IOException, InterruptedException, MetaException, TException {
        final HiveMetaStoreClient hiveMetaStoreClient = new HiveMetaStoreClient(new HiveConf());
        LOG.info("user: " + str + " loginUser: " + UserGroupInformation.getLoginUser().getUserName());
        new TokenWrapper();
        final UserGroupInformation ugi = UgiFactory.getUgi(str);
        return (String) ugi.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hive.hcatalog.templeton.SecureProxySupport.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws IOException, MetaException, TException {
                return hiveMetaStoreClient.getDelegationToken(ugi.getUserName());
            }
        });
    }
}
