package org.apache.hadoop.hive.thrift;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.shims.Utils;
import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.util.ReflectionUtils;

/* loaded from: input_file:WEB-INF/lib/hive-shims-common-2.3.6-mapr-2201-r8.jar:org/apache/hadoop/hive/thrift/HiveDelegationTokenManager.class */
public class HiveDelegationTokenManager {
    public static final String DELEGATION_TOKEN_GC_INTERVAL = "hive.cluster.delegation.token.gc-interval";
    private static final long DELEGATION_TOKEN_GC_INTERVAL_DEFAULT = 3600000;
    public static final String DELEGATION_KEY_UPDATE_INTERVAL_KEY = "hive.cluster.delegation.key.update-interval";
    public static final long DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT = 86400000;
    public static final String DELEGATION_TOKEN_RENEW_INTERVAL_KEY = "hive.cluster.delegation.token.renew-interval";
    public static final long DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT = 86400000;
    public static final String DELEGATION_TOKEN_MAX_LIFETIME_KEY = "hive.cluster.delegation.token.max-lifetime";
    public static final long DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT = 604800000;
    public static final String DELEGATION_TOKEN_STORE_CLS = "hive.cluster.delegation.token.store.class";
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_STR = "hive.cluster.delegation.token.store.zookeeper.connectString";
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE = "hive.zookeeper.quorum";
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_TIMEOUTMILLIS = "hive.cluster.delegation.token.store.zookeeper.connectTimeoutMillis";
    public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE = "hive.cluster.delegation.token.store.zookeeper.znode";
    public static final String DELEGATION_TOKEN_STORE_ZK_ACL = "hive.cluster.delegation.token.store.zookeeper.acl";
    public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE_DEFAULT = "/hivedelegation";
    protected DelegationTokenSecretManager secretManager;

    public DelegationTokenSecretManager getSecretManager() {
        return this.secretManager;
    }

    public void startDelegationTokenSecretManager(Configuration configuration, Object obj, HadoopThriftAuthBridge.Server.ServerMode serverMode) throws IOException {
        long j = configuration.getLong(DELEGATION_KEY_UPDATE_INTERVAL_KEY, 86400000L);
        long j2 = configuration.getLong(DELEGATION_TOKEN_MAX_LIFETIME_KEY, 604800000L);
        long j3 = configuration.getLong(DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 86400000L);
        long j4 = configuration.getLong(DELEGATION_TOKEN_GC_INTERVAL, 3600000L);
        DelegationTokenStore tokenStore = getTokenStore(configuration);
        tokenStore.setConf(configuration);
        tokenStore.init(obj, serverMode);
        this.secretManager = new TokenStoreDelegationTokenSecretManager(j, j2, j3, j4, tokenStore);
        this.secretManager.startThreads();
    }

    public String getDelegationToken(String str, final String str2, String str3) throws IOException, InterruptedException {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str);
        if (!createRemoteUser.getShortUserName().equals(currentUser.getShortUserName())) {
            createRemoteUser = UserGroupInformation.createProxyUser(str, UserGroupInformation.getCurrentUser());
            ProxyUsers.authorize(createRemoteUser, str3, null);
        }
        return (String) createRemoteUser.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.hive.thrift.HiveDelegationTokenManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws IOException {
                return HiveDelegationTokenManager.this.secretManager.getDelegationToken(str2);
            }
        });
    }

    public String getDelegationTokenWithService(String str, String str2, String str3, String str4) throws IOException, InterruptedException {
        return Utils.addServiceToToken(getDelegationToken(str, str2, str4), str3);
    }

    public long renewDelegationToken(String str) throws IOException {
        return this.secretManager.renewDelegationToken(str);
    }

    public String getUserFromToken(String str) throws IOException {
        return this.secretManager.getUserFromToken(str);
    }

    public void cancelDelegationToken(String str) throws IOException {
        this.secretManager.cancelDelegationToken(str);
    }

    public String verifyDelegationToken(String str) throws IOException {
        return this.secretManager.verifyDelegationToken(str);
    }

    private DelegationTokenStore getTokenStore(Configuration configuration) throws IOException {
        String str = configuration.get(DELEGATION_TOKEN_STORE_CLS, "");
        if (StringUtils.isBlank(str)) {
            return new MemoryTokenStore();
        }
        try {
            return (DelegationTokenStore) ReflectionUtils.newInstance(Class.forName(str).asSubclass(DelegationTokenStore.class), configuration);
        } catch (ClassNotFoundException e) {
            throw new IOException("Error initializing delegation token store: " + str, e);
        }
    }
}
