package org.apache.slider.core.launch;

import com.google.common.base.Preconditions;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.yarn.client.ClientRMProxy;
import org.apache.hadoop.yarn.client.api.TimelineClient;
import org.apache.hadoop.yarn.client.api.YarnClient;
import org.apache.hadoop.yarn.conf.HAUtil;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.common.tools.MapRSecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/slider/core/launch/CredentialUtils.class */
public final class CredentialUtils {
    public static final String JOB_CREDENTIALS_BINARY = "mapreduce.job.credentials.binary";
    private static final Logger LOG = LoggerFactory.getLogger(CredentialUtils.class);

    /* loaded from: input_file:org/apache/slider/core/launch/CredentialUtils$TokenComparator.class */
    private static class TokenComparator implements Comparator<Token<? extends TokenIdentifier>>, Serializable {
        private TokenComparator() {
        }

        @Override // java.util.Comparator
        public int compare(Token<? extends TokenIdentifier> token, Token<? extends TokenIdentifier> token2) {
            return token.getKind().toString().compareTo(token2.getKind().toString());
        }

        /* synthetic */ TokenComparator(TokenComparator tokenComparator) {
            this();
        }
    }

    private CredentialUtils() {
    }

    public static ByteBuffer marshallCredentials(Credentials credentials) throws IOException {
        ByteBuffer byteBuffer = null;
        if (!credentials.getAllTokens().isEmpty()) {
            DataOutputBuffer dataOutputBuffer = new DataOutputBuffer();
            try {
                credentials.writeTokenStorageToStream(dataOutputBuffer);
                dataOutputBuffer.close();
                byteBuffer = ByteBuffer.wrap(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength());
            } catch (Throwable th) {
                dataOutputBuffer.close();
                throw th;
            }
        }
        return byteBuffer;
    }

    public static File locateEnvCredentials(Map<String, String> map, Configuration configuration, StringBuffer stringBuffer) throws FileNotFoundException {
        String str = map.get("HADOOP_TOKEN_FILE_LOCATION");
        Object obj = "environment variable HADOOP_TOKEN_FILE_LOCATION";
        if (str == null) {
            str = configuration.get("mapreduce.job.credentials.binary");
            obj = "configuration option mapreduce.job.credentials.binary";
        }
        if (str == null) {
            return null;
        }
        File file = new File(str.trim());
        String format = String.format("Token File %s from %s", file, obj);
        if (!file.exists()) {
            throw new FileNotFoundException("No " + format);
        }
        if (!file.isFile() && !file.canRead()) {
            throw new FileNotFoundException("Cannot read " + format);
        }
        stringBuffer.append(format);
        return file;
    }

    public static Credentials loadTokensFromEnvironment(Map<String, String> map, Configuration configuration) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        File locateEnvCredentials = locateEnvCredentials(map, configuration, stringBuffer);
        if (locateEnvCredentials == null) {
            return null;
        }
        LOG.debug("Using {}", stringBuffer);
        return Credentials.readTokenStorageFile(locateEnvCredentials, configuration);
    }

    public static void saveTokens(File file, Credentials credentials) throws IOException {
        Throwable th = null;
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(new FileOutputStream(file));
            try {
                credentials.writeTokenStorageToStream(dataOutputStream);
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
            } catch (Throwable th2) {
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public static String getRMPrincipal(Configuration configuration) throws IOException {
        String hostName;
        String str = configuration.get("yarn.resourcemanager.principal", SliderKeys.DEFAULT_GC_OPTS);
        Preconditions.checkState(!str.isEmpty(), "Not set: yarn.resourcemanager.principal");
        if (HAUtil.isHAEnabled(configuration)) {
            YarnConfiguration yarnConfiguration = new YarnConfiguration(configuration);
            if (yarnConfiguration.get("yarn.resourcemanager.ha.id") == null) {
                String[] strings = yarnConfiguration.getStrings("yarn.resourcemanager.ha.rm-ids");
                Preconditions.checkState(strings != null && strings.length > 0, "Not set yarn.resourcemanager.ha.rm-ids");
                yarnConfiguration.set("yarn.resourcemanager.ha.id", strings[0]);
            }
            hostName = yarnConfiguration.getSocketAddr("yarn.resourcemanager.address", "0.0.0.0:8032", 8032).getHostName();
        } else {
            hostName = configuration.getSocketAddr("yarn.resourcemanager.address", "0.0.0.0:8032", 8032).getHostName();
        }
        return SecurityUtil.getServerPrincipal(str, hostName);
    }

    public static Token<?>[] addRMRenewableFSDelegationTokens(Configuration configuration, FileSystem fileSystem, Credentials credentials) throws IOException {
        Preconditions.checkArgument(configuration != null);
        Preconditions.checkArgument(credentials != null);
        if (MapRSecurityUtil.isMapRSecurityEnabled() || MapRSecurityUtil.isKerberosEnabled()) {
            return fileSystem.addDelegationTokens(getRMPrincipal(configuration), credentials);
        }
        return null;
    }

    public static void addSelfRenewableFSDelegationTokens(FileSystem fileSystem, Credentials credentials) throws IOException {
        Preconditions.checkArgument(fileSystem != null);
        Preconditions.checkArgument(credentials != null);
        fileSystem.addDelegationTokens(getSelfRenewer(), credentials);
    }

    public static String getSelfRenewer() throws IOException {
        return UserGroupInformation.getLoginUser().getShortUserName();
    }

    public static Token<TokenIdentifier> addRMDelegationToken(YarnClient yarnClient, Credentials credentials) throws IOException, YarnException {
        Configuration config = yarnClient.getConfig();
        Text text = new Text(getRMPrincipal(config));
        Token<TokenIdentifier> convertFromYarn = ConverterUtils.convertFromYarn(yarnClient.getRMDelegationToken(text), ClientRMProxy.getRMDelegationTokenService(config));
        credentials.addToken(convertFromYarn.getService(), convertFromYarn);
        return convertFromYarn;
    }

    public static Token<TimelineDelegationTokenIdentifier> maybeAddTimelineToken(Configuration configuration, Credentials credentials) throws IOException, YarnException {
        if (!configuration.getBoolean("yarn.timeline-service.enabled", false)) {
            LOG.debug("Timeline service is disabled");
            return null;
        }
        LOG.debug("Timeline service enabled -fetching token");
        Throwable th = null;
        try {
            TimelineClient createTimelineClient = TimelineClient.createTimelineClient();
            try {
                createTimelineClient.init(configuration);
                createTimelineClient.start();
                Token<TimelineDelegationTokenIdentifier> delegationToken = createTimelineClient.getDelegationToken(getRMPrincipal(configuration));
                credentials.addToken(delegationToken.getService(), delegationToken);
                if (createTimelineClient != null) {
                    createTimelineClient.close();
                }
                return delegationToken;
            } catch (Throwable th2) {
                if (createTimelineClient != null) {
                    createTimelineClient.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public static Credentials filterTokens(Credentials credentials, List<Text> list) {
        Credentials credentials2 = new Credentials(credentials);
        Iterator it = credentials2.getAllTokens().iterator();
        while (it.hasNext()) {
            Token token = (Token) it.next();
            LOG.debug("Token {}", token.getKind());
            if (list.contains(token.getKind())) {
                LOG.debug("Filtering token {}", token.getKind());
                it.remove();
            }
        }
        return credentials2;
    }

    public static String dumpTokens(Credentials credentials, String str) {
        ArrayList arrayList = new ArrayList(credentials.getAllTokens());
        Collections.sort(arrayList, new TokenComparator(null));
        StringBuilder sb = new StringBuilder(arrayList.size() * 128);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append(tokenToString((Token) it.next())).append(str);
        }
        return sb.toString();
    }

    public static String tokenToString(Token<? extends TokenIdentifier> token) {
        DateFormat dateTimeInstance = DateFormat.getDateTimeInstance(3, 3);
        StringBuilder sb = new StringBuilder(128);
        sb.append(token.toString());
        try {
            AbstractDelegationTokenIdentifier decodeIdentifier = token.decodeIdentifier();
            sb.append("; ").append(decodeIdentifier);
            if (decodeIdentifier instanceof AbstractDelegationTokenIdentifier) {
                AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = decodeIdentifier;
                sb.append("; Renewer: ").append(abstractDelegationTokenIdentifier.getRenewer());
                sb.append("; Issued: ").append(dateTimeInstance.format(new Date(abstractDelegationTokenIdentifier.getIssueDate())));
                sb.append("; Max Date: ").append(dateTimeInstance.format(new Date(abstractDelegationTokenIdentifier.getMaxDate())));
            }
        } catch (IOException e) {
            LOG.debug("Failed to decode {}: {}", new Object[]{token, e, e});
        }
        return sb.toString();
    }

    public static long getTokenExpiryTime(Token token) throws IOException {
        AbstractDelegationTokenIdentifier decodeIdentifier = token.decodeIdentifier();
        Preconditions.checkState(decodeIdentifier instanceof AbstractDelegationTokenIdentifier, "Token %s of type: %s has an identifier which cannot be examined: %s", token, token.getClass(), decodeIdentifier);
        return decodeIdentifier.getMaxDate();
    }
}
