package org.apache.hadoop.hive.metastore.security;

import java.io.IOException;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
import org.apache.hadoop.hive.metastore.utils.SecurityUtils;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.ReflectionUtils;

/* loaded from: input_file:org/apache/hadoop/hive/metastore/security/MetastoreDelegationTokenManager.class */
public class MetastoreDelegationTokenManager {
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_STR = "hive.cluster.delegation.token.store.zookeeper.connectString";
    protected DelegationTokenSecretManager secretManager;
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE = "hive.zookeeper.quorum";
    public static final String DELEGATION_TOKEN_STORE_ZK_CONNECT_TIMEOUTMILLIS = "hive.cluster.delegation.token.store.zookeeper.connectTimeoutMillis";
    public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE = "hive.cluster.delegation.token.store.zookeeper.znode";
    public static final String DELEGATION_TOKEN_STORE_ZK_ACL = "hive.cluster.delegation.token.store.zookeeper.acl";
    public static final String DELEGATION_TOKEN_STORE_ZK_ZNODE_DEFAULT = "/hivedelegation";
    public static final String DELEGATION_TOKEN_STORE_ZK_SSL_ENABLE = "hive.cluster.delegation.token.store.zookeeper.ssl.client.enable";
    public static final String DELEGATION_TOKEN_STORE_ZK_KEYSTORE_LOCATION = "hive.cluster.delegation.token.store.zookeeper.keystore.location";
    public static final String DELEGATION_TOKEN_STORE_ZK_KEYSTORE_PASSWORD = "hive.cluster.delegation.token.store.zookeeper.keystore.password";
    public static final String DELEGATION_TOKEN_STORE_ZK_TRUSTSTORE_LOCATION = "hive.cluster.delegation.token.store.zookeeper.truststore.location";
    public static final String DELEGATION_TOKEN_STORE_ZK_TRUSTSTORE_PASSWORD = "hive.cluster.delegation.token.store.zookeeper.truststore.password";

    public DelegationTokenSecretManager getSecretManager() {
        return this.secretManager;
    }

    public void startDelegationTokenSecretManager(Configuration configuration, Object obj) throws IOException {
        startDelegationTokenSecretManager(configuration, obj, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
    }

    public void startDelegationTokenSecretManager(Configuration configuration, Object obj, HadoopThriftAuthBridge.Server.ServerMode serverMode) throws IOException {
        long timeVar = MetastoreConf.getTimeVar(configuration, MetastoreConf.ConfVars.DELEGATION_KEY_UPDATE_INTERVAL, TimeUnit.MILLISECONDS);
        long timeVar2 = MetastoreConf.getTimeVar(configuration, MetastoreConf.ConfVars.DELEGATION_TOKEN_MAX_LIFETIME, TimeUnit.MILLISECONDS);
        long timeVar3 = MetastoreConf.getTimeVar(configuration, MetastoreConf.ConfVars.DELEGATION_TOKEN_RENEW_INTERVAL, TimeUnit.MILLISECONDS);
        long timeVar4 = MetastoreConf.getTimeVar(configuration, MetastoreConf.ConfVars.DELEGATION_TOKEN_GC_INTERVAL, TimeUnit.MILLISECONDS);
        DelegationTokenStore tokenStore = getTokenStore(configuration);
        tokenStore.setConf(configuration);
        tokenStore.init(obj, serverMode);
        this.secretManager = new TokenStoreDelegationTokenSecretManager(timeVar, timeVar2, timeVar3, timeVar4, tokenStore);
        this.secretManager.startThreads();
    }

    public String getDelegationToken(String str, String str2, String str3) throws IOException, InterruptedException {
        if (!UserGroupInformation.createRemoteUser(str).getShortUserName().equals(UserGroupInformation.getCurrentUser().getShortUserName())) {
            ProxyUsers.authorize(UserGroupInformation.createProxyUser(str, UserGroupInformation.getCurrentUser()), str3, null);
        }
        return this.secretManager.getDelegationToken(str, str2);
    }

    public String getDelegationTokenWithService(String str, String str2, String str3, String str4) throws IOException, InterruptedException {
        return addServiceToToken(getDelegationToken(str, str2, str4), str3);
    }

    public long renewDelegationToken(String str) throws IOException {
        return this.secretManager.renewDelegationToken(str);
    }

    public String getUserFromToken(String str) throws IOException {
        return this.secretManager.getUserFromToken(str);
    }

    public void cancelDelegationToken(String str) throws IOException {
        this.secretManager.cancelDelegationToken(str);
    }

    public String verifyDelegationToken(String str) throws IOException {
        return this.secretManager.verifyDelegationToken(str);
    }

    private DelegationTokenStore getTokenStore(Configuration configuration) throws IOException {
        String tokenStoreClassName = SecurityUtils.getTokenStoreClassName(configuration);
        try {
            return (DelegationTokenStore) ReflectionUtils.newInstance(Class.forName(tokenStoreClassName).asSubclass(DelegationTokenStore.class), configuration);
        } catch (ClassNotFoundException e) {
            throw new IOException("Error initializing delegation token store: " + tokenStoreClassName, e);
        }
    }

    public static String addServiceToToken(String str, String str2) throws IOException {
        return createToken(str, str2).encodeToUrlString();
    }

    private static Token<DelegationTokenIdentifier> createToken(String str, String str2) throws IOException {
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(str);
        token.setService(new Text(str2));
        return token;
    }
}
