package org.apache.oozie.util;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.Configuration;
import org.apache.curator.RetryPolicy;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.curator.framework.state.ConnectionState;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.curator.utils.EnsurePath;
import org.apache.curator.x.discovery.ServiceCache;
import org.apache.curator.x.discovery.ServiceDiscovery;
import org.apache.curator.x.discovery.ServiceDiscoveryBuilder;
import org.apache.curator.x.discovery.ServiceInstance;
import org.apache.oozie.ErrorCode;
import org.apache.oozie.event.listener.ZKConnectionListener;
import org.apache.oozie.service.ConfigurationService;
import org.apache.oozie.service.HadoopAccessorService;
import org.apache.oozie.service.ServiceException;
import org.apache.oozie.service.Services;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.client.ZooKeeperSaslClient;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;

/* loaded from: input_file:WEB-INF/lib/oozie-core-4.2.0-mapr-1510.jar:org/apache/oozie/util/ZKUtils.class */
public class ZKUtils {
    public static final String ZK_CONNECTION_STRING = "oozie.zookeeper.connection.string";
    public static final String ZK_NAMESPACE = "oozie.zookeeper.namespace";
    public static final String ZK_CONNECTION_TIMEOUT = "oozie.zookeeper.connection.timeout";
    public static final String OOZIE_INSTANCE_ID = "oozie.instance.id";
    public static final String ZK_SECURE = "oozie.zookeeper.secure";
    private static final String ZK_OOZIE_SERVICE = "servers";
    public static final String ZK_BASE_SERVICES_PATH = "/services";
    private String zkId;
    private long zkRegTime;
    private ServiceDiscovery<Map> sDiscovery;
    private ServiceCache<Map> sCache;
    private List<ACL> saslACL;
    private static int zkConnectionTimeout;
    private static Set<Object> users = new HashSet();
    private static ZKUtils zk = null;
    private CuratorFramework client = null;
    private XLog log = XLog.getLog(getClass());

    /* loaded from: input_file:WEB-INF/lib/oozie-core-4.2.0-mapr-1510.jar:org/apache/oozie/util/ZKUtils$SASLOwnerACLProvider.class */
    public class SASLOwnerACLProvider implements ACLProvider {
        public SASLOwnerACLProvider() {
        }

        @Override // org.apache.curator.framework.api.ACLProvider, org.apache.curator.utils.InternalACLProvider
        public List<ACL> getDefaultAcl() {
            return ZKUtils.this.saslACL;
        }

        @Override // org.apache.curator.framework.api.ACLProvider, org.apache.curator.utils.InternalACLProvider
        public List<ACL> getAclForPath(String str) {
            return ZKUtils.this.saslACL;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oozie-core-4.2.0-mapr-1510.jar:org/apache/oozie/util/ZKUtils$ZKMetadataKeys.class */
    public abstract class ZKMetadataKeys {
        public static final String OOZIE_ID = "OOZIE_ID";
        public static final String OOZIE_URL = "OOZIE_URL";

        public ZKMetadataKeys() {
        }
    }

    private ZKUtils() throws Exception {
        this.zkId = ConfigurationService.get(OOZIE_INSTANCE_ID);
        if (this.zkId.isEmpty()) {
            this.zkId = ConfigurationService.get("oozie.http.hostname");
        }
        createClient();
        advertiseService();
        checkAndSetACLs();
    }

    public static synchronized ZKUtils register(Object obj) throws Exception {
        if (zk == null) {
            zk = new ZKUtils();
        }
        users.add(obj);
        return zk;
    }

    public synchronized void unregister(Object obj) {
        users.remove(obj);
        if (!users.isEmpty() || zk == null) {
            return;
        }
        if (ZKConnectionListener.getZKConnectionState() != ConnectionState.LOST) {
            zk.teardown();
        }
        zk = null;
    }

    private void createClient() throws Exception {
        ACLProvider defaultACLProvider;
        RetryPolicy retryPolicy = getRetryPolicy();
        String str = ConfigurationService.get(ZK_CONNECTION_STRING);
        String zKNameSpace = getZKNameSpace();
        zkConnectionTimeout = ConfigurationService.getInt(ZK_CONNECTION_TIMEOUT);
        if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
            this.log.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
            setJaasConfiguration();
            System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
            System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
            this.saslACL = Collections.singletonList(new ACL(31, new Id("sasl", getServicePrincipal())));
            defaultACLProvider = new SASLOwnerACLProvider();
        } else {
            this.log.info("Connecting to ZooKeeper without authentication");
            defaultACLProvider = new DefaultACLProvider();
        }
        this.client = CuratorFrameworkFactory.builder().namespace(zKNameSpace).connectString(str).retryPolicy(retryPolicy).aclProvider(defaultACLProvider).connectionTimeoutMs(zkConnectionTimeout * 1000).build();
        this.client.start();
        this.client.getConnectionStateListenable().addListener(new ZKConnectionListener());
    }

    private void advertiseService() throws Exception {
        new EnsurePath(ZK_BASE_SERVICES_PATH).ensure(this.client.getZookeeperClient());
        this.sDiscovery = ServiceDiscoveryBuilder.builder(Map.class).basePath(ZK_BASE_SERVICES_PATH).client(this.client).serializer(new FixedJsonInstanceSerializer(Map.class)).build();
        this.sDiscovery.start();
        this.sDiscovery.registerService(getMetadataInstance());
        this.sCache = this.sDiscovery.serviceCacheBuilder().name("servers").build();
        this.sCache.start();
        this.zkRegTime = this.sDiscovery.queryForInstance("servers", this.zkId).getRegistrationTimeUTC();
    }

    private void unadvertiseService() throws Exception {
        this.sCache.close();
        this.sDiscovery.unregisterService(getMetadataInstance());
        this.sDiscovery.close();
    }

    private void teardown() {
        try {
            zk.unadvertiseService();
        } catch (Exception e) {
            this.log.warn("Exception occurred while unadvertising: " + e.getMessage(), e);
        }
        this.client.close();
        this.client = null;
    }

    private ServiceInstance<Map> getMetadataInstance() throws Exception {
        String oozieEffectiveUrl = ConfigUtils.getOozieEffectiveUrl();
        HashMap hashMap = new HashMap();
        hashMap.put(ZKMetadataKeys.OOZIE_ID, this.zkId);
        hashMap.put("OOZIE_URL", oozieEffectiveUrl);
        return ServiceInstance.builder().name("servers").id(this.zkId).payload(hashMap).build();
    }

    public List<ServiceInstance<Map>> getAllMetaData() {
        List<ServiceInstance<Map>> list = null;
        if (this.sCache != null) {
            list = this.sCache.getInstances();
        }
        return list;
    }

    public String getZKId() {
        return this.zkId;
    }

    public CuratorFramework getClient() {
        return this.client;
    }

    public int getZKIdIndex(List<ServiceInstance<Map>> list) {
        int i = 0;
        Iterator<ServiceInstance<Map>> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getRegistrationTimeUTC() < this.zkRegTime) {
                i++;
            }
        }
        return i;
    }

    private void checkAndSetACLs() throws Exception {
        if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
            String str = "/" + this.client.getNamespace();
            if (this.client.getZookeeperClient().getZooKeeper().exists(str, (Watcher) null) == null || this.client.getZookeeperClient().getZooKeeper().getACL(str, new Stat()).get(0).getId().getScheme().equals("sasl")) {
                return;
            }
            this.log.info("'sasl' ACLs not set; setting...");
            Iterator<String> it = this.client.getZookeeperClient().getZooKeeper().getChildren(str, (Watcher) null).iterator();
            while (it.hasNext()) {
                checkAndSetACLs("/" + it.next());
            }
            this.client.getZookeeperClient().getZooKeeper().setACL(str, this.saslACL, -1);
        }
    }

    private void checkAndSetACLs(String str) throws Exception {
        Iterator<String> it = this.client.getChildren().forPath(str).iterator();
        while (it.hasNext()) {
            checkAndSetACLs(str + "/" + it.next());
        }
        this.client.setACL().withACL(this.saslACL).forPath(str);
    }

    private void setJaasConfiguration() throws ServiceException, IOException {
        String trim = Services.get().getConf().get(HadoopAccessorService.KERBEROS_KEYTAB, System.getProperty("user.home") + "/oozie.keytab").trim();
        if (trim.length() == 0) {
            throw new ServiceException(ErrorCode.E0026, HadoopAccessorService.KERBEROS_KEYTAB);
        }
        String str = Services.get().getConf().get(HadoopAccessorService.KERBEROS_PRINCIPAL, "oozie/localhost@LOCALHOST");
        if (str.length() == 0) {
            throw new ServiceException(ErrorCode.E0026, HadoopAccessorService.KERBEROS_PRINCIPAL);
        }
        JaasConfiguration.addEntry("Client", str, trim);
        Configuration.setConfiguration(JaasConfiguration.getInstance());
    }

    private String getServicePrincipal() throws ServiceException {
        String str = Services.get().getConf().get(HadoopAccessorService.KERBEROS_PRINCIPAL, "oozie/localhost@LOCALHOST");
        if (str.length() == 0) {
            throw new ServiceException(ErrorCode.E0026, HadoopAccessorService.KERBEROS_PRINCIPAL);
        }
        return str.split("[/@]")[0];
    }

    @VisibleForTesting
    public static Set<Object> getUsers() {
        return users;
    }

    public static RetryPolicy getRetryPolicy() {
        return new ExponentialBackoffRetry(1000, 3);
    }

    public static String getZKNameSpace() {
        return ConfigurationService.get(ZK_NAMESPACE);
    }

    public static int getZKConnectionTimeout() {
        return zkConnectionTimeout;
    }
}
