package co.cask.cdap.security;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.security.YarnTokenUtils;
import co.cask.cdap.data.security.HBaseTokenUtils;
import co.cask.cdap.hive.ExploreUtils;
import co.cask.cdap.security.hive.HiveTokenUtils;
import co.cask.cdap.security.hive.JobHistoryServerTokenUtils;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.twill.api.RunId;
import org.apache.twill.api.SecureStore;
import org.apache.twill.api.SecureStoreUpdater;
import org.apache.twill.filesystem.FileContextLocationFactory;
import org.apache.twill.filesystem.ForwardingLocationFactory;
import org.apache.twill.filesystem.HDFSLocationFactory;
import org.apache.twill.filesystem.LocationFactory;
import org.apache.twill.internal.yarn.YarnUtils;
import org.apache.twill.yarn.YarnSecureStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/TokenSecureStoreUpdater.class */
public final class TokenSecureStoreUpdater implements SecureStoreUpdater {
    private static final Logger LOG = LoggerFactory.getLogger(TokenSecureStoreUpdater.class);
    private final YarnConfiguration hConf;
    private final LocationFactory locationFactory;
    private final long updateInterval;
    private final boolean secureExplore;

    @Inject
    public TokenSecureStoreUpdater(YarnConfiguration yarnConfiguration, CConfiguration cConfiguration, LocationFactory locationFactory) {
        this.hConf = yarnConfiguration;
        this.locationFactory = locationFactory;
        this.secureExplore = cConfiguration.getBoolean("explore.enabled") && UserGroupInformation.isSecurityEnabled();
        this.updateInterval = calculateUpdateInterval();
    }

    private Credentials refreshCredentials() {
        try {
            Credentials credentials = new Credentials();
            if (User.isSecurityEnabled()) {
                YarnTokenUtils.obtainToken(this.hConf, credentials);
            }
            if (User.isHBaseSecurityEnabled(this.hConf)) {
                HBaseTokenUtils.obtainToken(this.hConf, credentials);
            }
            if (this.secureExplore) {
                HiveTokenUtils.obtainToken(credentials);
                JobHistoryServerTokenUtils.obtainToken(this.hConf, credentials);
            }
            addDelegationTokens(this.hConf, this.locationFactory, credentials);
            return credentials;
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    private static List<Token<?>> addDelegationTokens(Configuration configuration, LocationFactory locationFactory, Credentials credentials) throws IOException {
        if (!UserGroupInformation.isSecurityEnabled()) {
            LOG.debug("Security is not enabled");
            return ImmutableList.of();
        }
        FileSystem fileSystem = getFileSystem(locationFactory, configuration);
        if (fileSystem == null) {
            LOG.warn("Unexpected: LocationFactory is not HDFS. Not getting delegation tokens.");
            return ImmutableList.of();
        }
        Token[] addDelegationTokens = fileSystem.addDelegationTokens(YarnUtils.getYarnTokenRenewer(configuration), credentials);
        LOG.info("Added HDFS DelegationTokens: {}", Arrays.toString(addDelegationTokens));
        return addDelegationTokens == null ? ImmutableList.of() : ImmutableList.copyOf(addDelegationTokens);
    }

    private static FileSystem getFileSystem(LocationFactory locationFactory, Configuration configuration) throws IOException {
        LOG.debug("getFileSystem(): locationFactory is a {}", locationFactory.getClass());
        if (locationFactory instanceof HDFSLocationFactory) {
            return ((HDFSLocationFactory) locationFactory).getFileSystem();
        }
        if (locationFactory instanceof ForwardingLocationFactory) {
            return getFileSystem(((ForwardingLocationFactory) locationFactory).getDelegate(), configuration);
        }
        if (locationFactory instanceof FileContextLocationFactory) {
            return FileSystem.get(configuration);
        }
        return null;
    }

    private Configuration getHiveConf() {
        ClassLoader exploreClassloader = ExploreUtils.getExploreClassloader();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(exploreClassloader);
        try {
            try {
                Configuration configuration = (Configuration) exploreClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf").newInstance();
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                return configuration;
            } catch (Exception e) {
                LOG.error("Could not create an instance of HiveConf. Using default values.", e);
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                return null;
            }
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private long calculateUpdateInterval() {
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.add(Long.valueOf(this.hConf.getLong("dfs.namenode.delegation.token.renew-interval", 86400000L)));
        newArrayList.add(Long.valueOf(this.hConf.getLong("hbase.auth.key.update.interval", TimeUnit.MILLISECONDS.convert(1L, TimeUnit.DAYS))));
        if (this.secureExplore) {
            newArrayList.add(Long.valueOf(this.hConf.getLong("yarn.resourcemanager.delegation.token.renew-interval", 86400000L)));
            Configuration hiveConf = getHiveConf();
            if (hiveConf != null) {
                newArrayList.add(Long.valueOf(hiveConf.getLong("hive.cluster.delegation.token.renew-interval", 86400000L)));
            } else {
                newArrayList.add(86400000L);
            }
            newArrayList.add(Long.valueOf(this.hConf.getLong("mapreduce.cluster.delegation.token.renew-interval", 86400000L)));
        }
        Long l = (Long) Collections.min(newArrayList);
        long longValue = l.longValue() - TimeUnit.MINUTES.toMillis(5L);
        if (longValue <= 0) {
            longValue = l.longValue() <= 2 ? 1L : l.longValue() / 2;
        }
        LOG.info("Setting token renewal time to: {} ms", Long.valueOf(longValue));
        return longValue;
    }

    public long getUpdateInterval() {
        return this.updateInterval;
    }

    public SecureStore update(String str, RunId runId) {
        Credentials refreshCredentials = refreshCredentials();
        LOG.info("Updated credentials {}", refreshCredentials.getAllTokens());
        return YarnSecureStore.create(refreshCredentials);
    }
}
