package org.apache.oozie.service;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.filecache.DistributedCache;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobClient;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.oozie.ErrorCode;
import org.apache.oozie.util.ParamChecker;
import org.apache.oozie.util.XConfiguration;
import org.apache.oozie.util.XLog;

/* loaded from: input_file:org/apache/oozie/service/KerberosHadoopAccessorService.class */
public class KerberosHadoopAccessorService extends HadoopAccessorService {
    public static final String CONF_PREFIX = "oozie.service.HadoopAccessorService.";
    public static final String KERBEROS_AUTH_ENABLED = "oozie.service.HadoopAccessorService.kerberos.enabled";
    public static final String KERBEROS_KEYTAB = "oozie.service.HadoopAccessorService.keytab.file";
    public static final String KERBEROS_PRINCIPAL = "oozie.service.HadoopAccessorService.kerberos.principal";
    private ConcurrentMap<String, UserGroupInformation> userUgiMap;
    private String localRealm;

    @Override // org.apache.oozie.service.HadoopAccessorService
    public void init(Configuration configuration) throws ServiceException {
        boolean z = configuration.getBoolean(KERBEROS_AUTH_ENABLED, true);
        XLog log = XLog.getLog(getClass());
        Object[] objArr = new Object[1];
        objArr[0] = z ? "enabled" : "disabled";
        log.info("Oozie Kerberos Authentication [{0}]", objArr);
        if (z) {
            try {
                String trim = configuration.get(KERBEROS_KEYTAB, System.getProperty("user.home") + "/oozie.keytab").trim();
                if (trim.length() == 0) {
                    throw new ServiceException(ErrorCode.E0026, KERBEROS_KEYTAB);
                }
                String str = configuration.get(KERBEROS_PRINCIPAL, "oozie/localhost@LOCALHOST");
                if (str.length() == 0) {
                    throw new ServiceException(ErrorCode.E0026, KERBEROS_PRINCIPAL);
                }
                Configuration configuration2 = new Configuration();
                configuration2.set("hadoop.security.authentication", "kerberos");
                UserGroupInformation.setConfiguration(configuration2);
                UserGroupInformation.loginUserFromKeytab(str, trim);
                XLog.getLog(getClass()).info("Got Kerberos ticket, keytab [{0}], Oozie principal principal [{1}]", trim, str);
            } catch (ServiceException e) {
                throw e;
            } catch (Exception e2) {
                throw new ServiceException(ErrorCode.E0100, getClass().getName(), e2.getMessage(), e2);
            }
        } else {
            Configuration configuration3 = new Configuration();
            configuration3.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(configuration3);
        }
        this.localRealm = configuration.get("local.realm");
        this.userUgiMap = new ConcurrentHashMap();
    }

    @Override // org.apache.oozie.service.HadoopAccessorService, org.apache.oozie.service.Service
    public void destroy() {
        this.userUgiMap = null;
        super.destroy();
    }

    private UserGroupInformation getUGI(String str) throws IOException {
        UserGroupInformation userGroupInformation = this.userUgiMap.get(str);
        if (userGroupInformation == null) {
            userGroupInformation = UserGroupInformation.createProxyUser(str, UserGroupInformation.getLoginUser());
            this.userUgiMap.putIfAbsent(str, userGroupInformation);
        }
        return userGroupInformation;
    }

    @Override // org.apache.oozie.service.HadoopAccessorService
    public JobClient createJobClient(String str, String str2, final JobConf jobConf) throws HadoopAccessorException {
        ParamChecker.notEmpty(str, "user");
        ParamChecker.notEmpty(str2, "group");
        validateJobTracker(jobConf.get("mapred.job.tracker"));
        try {
            JobClient jobClient = (JobClient) getUGI(str).doAs(new PrivilegedExceptionAction<JobClient>() { // from class: org.apache.oozie.service.KerberosHadoopAccessorService.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public JobClient run() throws Exception {
                    return new JobClient(jobConf);
                }
            });
            jobConf.getCredentials().addToken(new Text("mr token"), jobClient.getDelegationToken(new Text("mr token")));
            return jobClient;
        } catch (IOException e) {
            throw new HadoopAccessorException(ErrorCode.E0902, e);
        } catch (InterruptedException e2) {
            throw new HadoopAccessorException(ErrorCode.E0902, e2);
        }
    }

    @Override // org.apache.oozie.service.HadoopAccessorService
    public FileSystem createFileSystem(String str, String str2, final Configuration configuration) throws HadoopAccessorException {
        ParamChecker.notEmpty(str, "user");
        ParamChecker.notEmpty(str2, "group");
        try {
            validateNameNode(new URI(configuration.get("fs.default.name")).getAuthority());
            return (FileSystem) getUGI(str).doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.oozie.service.KerberosHadoopAccessorService.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    Configuration configuration2 = new Configuration();
                    XConfiguration.copy(configuration, configuration2);
                    return FileSystem.get(configuration2);
                }
            });
        } catch (IOException e) {
            throw new HadoopAccessorException(ErrorCode.E0902, e);
        } catch (InterruptedException e2) {
            throw new HadoopAccessorException(ErrorCode.E0902, e2);
        } catch (URISyntaxException e3) {
            throw new HadoopAccessorException(ErrorCode.E0902, e3);
        }
    }

    @Override // org.apache.oozie.service.HadoopAccessorService
    public FileSystem createFileSystem(String str, String str2, final URI uri, final Configuration configuration) throws HadoopAccessorException {
        ParamChecker.notEmpty(str, "user");
        ParamChecker.notEmpty(str2, "group");
        validateNameNode(uri.getAuthority());
        try {
            return (FileSystem) getUGI(str).doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.oozie.service.KerberosHadoopAccessorService.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    Configuration configuration2 = new Configuration();
                    configuration2.set(WorkflowAppService.HADOOP_JT_KERBEROS_NAME, "mapred/_HOST@" + KerberosHadoopAccessorService.this.localRealm);
                    configuration2.set(WorkflowAppService.HADOOP_NN_KERBEROS_NAME, "hdfs/_HOST@" + KerberosHadoopAccessorService.this.localRealm);
                    XConfiguration.copy(configuration, configuration2);
                    return FileSystem.get(uri, configuration2);
                }
            });
        } catch (IOException e) {
            throw new HadoopAccessorException(ErrorCode.E0902, e);
        } catch (InterruptedException e2) {
            throw new HadoopAccessorException(ErrorCode.E0902, e2);
        }
    }

    @Override // org.apache.oozie.service.HadoopAccessorService
    public void addFileToClassPath(String str, String str2, final Path path, final Configuration configuration) throws IOException {
        ParamChecker.notEmpty(str, "user");
        ParamChecker.notEmpty(str2, "group");
        try {
            getUGI(str).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.oozie.service.KerberosHadoopAccessorService.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Configuration configuration2 = new Configuration();
                    XConfiguration.copy(configuration, configuration2);
                    DistributedCache.addFileToClassPath(path, configuration2);
                    DistributedCache.addFileToClassPath(path, configuration);
                    return null;
                }
            });
        } catch (InterruptedException e) {
            throw new IOException(e);
        }
    }
}
