package org.apache.hive.hcatalog.mapreduce;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.hive.thrift.DelegationTokenSelector;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.mapreduce.JobContext;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hive.hcatalog.common.HCatConstants;
import org.apache.hive.hcatalog.common.HCatUtil;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/hive-hcatalog-core-2.3.6-mapr-2009.jar:org/apache/hive/hcatalog/mapreduce/Security.class */
public final class Security {
    private static final Logger LOG = LoggerFactory.getLogger(HCatOutputFormat.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hive-hcatalog-core-2.3.6-mapr-2009.jar:org/apache/hive/hcatalog/mapreduce/Security$LazyHolder.class */
    public static final class LazyHolder {
        public static final Security INSTANCE = new Security();

        private LazyHolder() {
        }
    }

    Security() {
    }

    public static Security getInstance() {
        return LazyHolder.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSecurityEnabled() {
        try {
            return ((Boolean) UserGroupInformation.class.getMethod("isSecurityEnabled", new Class[0]).invoke(null, (Object[]) null)).booleanValue();
        } catch (IllegalAccessException e) {
            LOG.info("Failed to call isSecurityEnabled()", (Throwable) e);
            throw new IllegalStateException("Failed to call isSecurityEnabled()", e);
        } catch (NoSuchMethodException e2) {
            LOG.info("Security is not supported by this version of hadoop.", (Throwable) e2);
            return false;
        } catch (InvocationTargetException e3) {
            LOG.info("Failed to call isSecurityEnabled()", (Throwable) e3);
            throw new IllegalStateException("Failed to call isSecurityEnabled()", e3);
        }
    }

    String getTokenSignature(OutputJobInfo outputJobInfo) {
        StringBuilder sb = new StringBuilder("");
        String databaseName = outputJobInfo.getDatabaseName();
        if (databaseName != null) {
            sb.append(databaseName);
        }
        String tableName = outputJobInfo.getTableName();
        if (tableName != null) {
            sb.append("." + tableName);
        }
        Map<String, String> partitionValues = outputJobInfo.getPartitionValues();
        if (partitionValues != null) {
            for (Map.Entry<String, String> entry : partitionValues.entrySet()) {
                sb.append("/");
                sb.append(entry.getKey());
                sb.append("=");
                sb.append(entry.getValue());
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleSecurity(Credentials credentials, OutputJobInfo outputJobInfo, IMetaStoreClient iMetaStoreClient, Configuration configuration, boolean z) throws IOException, MetaException, TException, Exception {
        if (UserGroupInformation.isSecurityEnabled()) {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            if (new DelegationTokenSelector().selectToken(new Text(), currentUser.getTokens()) != null || iMetaStoreClient.isLocalMetaStore()) {
                return;
            }
            String tokenSignature = getTokenSignature(outputJobInfo);
            Token<? extends AbstractDelegationTokenIdentifier> extractThriftToken = HCatUtil.extractThriftToken(iMetaStoreClient.getDelegationToken(currentUser.getUserName(), currentUser.getUserName()), tokenSignature);
            if (z && new org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenSelector().selectToken(SecurityUtil.buildTokenService(ShimLoader.getHadoopShims().getHCatShim().getResourceManagerAddress(configuration)), currentUser.getTokens()) == null) {
                credentials.addToken(new Text("hcat jt token"), HCatUtil.getJobTrackerDelegationToken(configuration, currentUser.getUserName()));
            }
            credentials.addToken(new Text(currentUser.getUserName() + "_" + tokenSignature), extractThriftToken);
            configuration.set(HCatConstants.HCAT_KEY_TOKEN_SIGNATURE, tokenSignature);
        }
    }

    void handleSecurity(Job job, OutputJobInfo outputJobInfo, IMetaStoreClient iMetaStoreClient, Configuration configuration, boolean z) throws IOException, MetaException, TException, Exception {
        handleSecurity(job.getCredentials(), outputJobInfo, iMetaStoreClient, configuration, z);
    }

    void cancelToken(IMetaStoreClient iMetaStoreClient, JobContext jobContext) throws IOException, MetaException {
        String tokenStrForm = iMetaStoreClient.getTokenStrForm();
        if (tokenStrForm == null || jobContext.getConfiguration().get(HCatConstants.HCAT_KEY_TOKEN_SIGNATURE) == null) {
            return;
        }
        try {
            iMetaStoreClient.cancelDelegationToken(tokenStrForm);
        } catch (TException e) {
            LOG.error("Failed to cancel delegation token", (Throwable) e);
            throw new IOException("Failed to cancel delegation token", e);
        }
    }
}
