package org.apache.oozie.client;

import com.google.common.base.Charsets;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.lang.management.ManagementFactory;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.HashMap;
import java.util.Map;
import org.apache.derby.iapi.store.raw.data.DataFactory;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.Authenticator;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.tools.ant.launch.Launcher;

/* loaded from: input_file:WEB-INF/lib/oozie-client-5.1.0.801-mapr-636.jar:org/apache/oozie/client/AuthOozieClient.class */
public class AuthOozieClient extends XOozieClient {
    public static final String AUTHENTICATOR_CLASS_SYS_PROP = "authenticator.class";
    public static final String USE_AUTH_TOKEN_CACHE_SYS_PROP = "oozie.auth.token.cache";
    public static final File AUTH_TOKEN_CACHE_FILE = new File(System.getProperty(Launcher.USER_HOMEDIR), ".oozie-auth-token");
    private String authOption;

    /* loaded from: input_file:WEB-INF/lib/oozie-client-5.1.0.801-mapr-636.jar:org/apache/oozie/client/AuthOozieClient$AuthType.class */
    public enum AuthType {
        KERBEROS,
        SIMPLE
    }

    public AuthOozieClient(String str) {
        this(str, null);
    }

    public AuthOozieClient(String str, String str2) {
        super(str);
        this.authOption = null;
        this.authOption = str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.oozie.client.OozieClient
    public HttpURLConnection createConnection(URL url, String str) throws IOException, OozieClientException {
        boolean equalsIgnoreCase = System.getProperty(USE_AUTH_TOKEN_CACHE_SYS_PROP, "false").equalsIgnoreCase("true");
        AuthenticatedURL.Token token = null;
        if (equalsIgnoreCase) {
            token = readAuthToken();
        }
        AuthenticatedURL.Token token2 = token == null ? new AuthenticatedURL.Token() : new AuthenticatedURL.Token(token.toString());
        if (token2.isSet() && getExpirationTime(token2) < System.currentTimeMillis() + 300000) {
            if (equalsIgnoreCase) {
                AUTH_TOKEN_CACHE_FILE.delete();
            }
            token2 = new AuthenticatedURL.Token();
        }
        if (token2.isSet()) {
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setRequestMethod("OPTIONS");
            AuthenticatedURL.injectToken(httpURLConnection, token2);
            if (httpURLConnection.getResponseCode() == 401 || httpURLConnection.getResponseCode() == 403) {
                if (equalsIgnoreCase) {
                    AUTH_TOKEN_CACHE_FILE.delete();
                }
                token2 = new AuthenticatedURL.Token();
            } else {
                try {
                    AuthenticatedURL.extractToken(httpURLConnection, token2);
                } catch (AuthenticationException e) {
                    if (equalsIgnoreCase) {
                        AUTH_TOKEN_CACHE_FILE.delete();
                    }
                    token2 = new AuthenticatedURL.Token();
                }
            }
        }
        if (!token2.isSet()) {
            try {
                getAuthenticator().authenticate(url, token2);
            } catch (AuthenticationException e2) {
                if (equalsIgnoreCase) {
                    AUTH_TOKEN_CACHE_FILE.delete();
                }
                throw new OozieClientException(OozieClientException.AUTHENTICATION, "Could not authenticate, " + e2.getMessage(), e2);
            }
        }
        if (equalsIgnoreCase && token2.isSet() && !token2.equals(token)) {
            writeAuthToken(token2);
        }
        HttpURLConnection createConnection = super.createConnection(url, str);
        AuthenticatedURL.injectToken(createConnection, token2);
        return createConnection;
    }

    private static long getExpirationTime(AuthenticatedURL.Token token) {
        long j = 0;
        for (String str : token.toString().split("&")) {
            if (str.startsWith("e=")) {
                try {
                    j = Long.parseLong(str.substring(2));
                } catch (Exception e) {
                }
            }
        }
        return j;
    }

    protected AuthenticatedURL.Token readAuthToken() {
        AuthenticatedURL.Token token = null;
        if (AUTH_TOKEN_CACHE_FILE.exists()) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(AUTH_TOKEN_CACHE_FILE), Charsets.UTF_8));
                String readLine = bufferedReader.readLine();
                bufferedReader.close();
                if (readLine != null) {
                    token = new AuthenticatedURL.Token(readLine);
                }
            } catch (IOException e) {
            }
        }
        return token;
    }

    protected void writeAuthToken(AuthenticatedURL.Token token) {
        try {
            File createTempFile = File.createTempFile(".oozie-auth-token", ManagementFactory.getRuntimeMXBean().getName() + DataFactory.TEMP_SEGMENT_NAME, new File(System.getProperty(Launcher.USER_HOMEDIR)));
            createTempFile.deleteOnExit();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(createTempFile), Charsets.UTF_8);
            outputStreamWriter.write(token.toString());
            outputStreamWriter.close();
            Files.move(createTempFile.toPath(), AUTH_TOKEN_CACHE_FILE.toPath(), StandardCopyOption.ATOMIC_MOVE);
            AUTH_TOKEN_CACHE_FILE.setReadable(false, false);
            AUTH_TOKEN_CACHE_FILE.setReadable(true, true);
            AUTH_TOKEN_CACHE_FILE.setWritable(true, true);
        } catch (IOException e) {
            AUTH_TOKEN_CACHE_FILE.delete();
        }
    }

    protected Authenticator getAuthenticator() throws OozieClientException {
        if (this.authOption != null) {
            try {
                Class<? extends Authenticator> cls = getAuthenticators().get(this.authOption.toUpperCase());
                if (cls == null) {
                    throw new OozieClientException(OozieClientException.AUTHENTICATION, "Authenticator class not found [" + cls + "]");
                }
                return cls.newInstance();
            } catch (IllegalAccessException | InstantiationException e) {
                throw new OozieClientException(OozieClientException.AUTHENTICATION, "Could not instantiate Authenticator for option [" + this.authOption + "], " + e.getMessage(), e);
            } catch (IllegalArgumentException e2) {
                throw new OozieClientException(OozieClientException.AUTHENTICATION, "Invalid options provided for auth: " + this.authOption + ", (" + AuthType.KERBEROS + " or " + AuthType.SIMPLE + " expected.)");
            }
        }
        String property = System.getProperty(AUTHENTICATOR_CLASS_SYS_PROP, KerberosAuthenticator.class.getName());
        if (property == null) {
            throw new OozieClientException(OozieClientException.AUTHENTICATION, "Authenticator class not found [" + property + "]");
        }
        try {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Class<?> loadClass = contextClassLoader != null ? contextClassLoader.loadClass(property) : getClass().getClassLoader().loadClass(property);
            if (loadClass == null) {
                throw new OozieClientException(OozieClientException.AUTHENTICATION, "Authenticator class not found [" + property + "]");
            }
            return (Authenticator) loadClass.newInstance();
        } catch (Exception e3) {
            throw new OozieClientException(OozieClientException.AUTHENTICATION, "Could not instantiate Authenticator [" + property + "], " + e3.getMessage(), e3);
        }
    }

    protected Map<String, Class<? extends Authenticator>> getAuthenticators() {
        HashMap hashMap = new HashMap();
        hashMap.put(AuthType.KERBEROS.toString(), KerberosAuthenticator.class);
        hashMap.put(AuthType.SIMPLE.toString(), PseudoAuthenticator.class);
        hashMap.put(null, KerberosAuthenticator.class);
        return hashMap;
    }

    public String getAuthOption() {
        return this.authOption;
    }
}
