package org.apache.hadoop.hdfs.tools;

import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.HftpFileSystem;
import org.apache.hadoop.hdfs.HsftpFileSystem;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.namenode.CancelDelegationTokenServlet;
import org.apache.hadoop.hdfs.server.namenode.GetDelegationTokenServlet;
import org.apache.hadoop.hdfs.server.namenode.RenewDelegationTokenServlet;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.Krb5AndCertsSslSocketConnector;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.GenericOptionsParser;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;

/* loaded from: input_file:WEB-INF/lib/hadoop-core-1.1.2.jar:org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.class */
public class DelegationTokenFetcher {
    private static final Log LOG;
    private static final String WEBSERVICE = "webservice";
    private static final String CANCEL = "cancel";
    private static final String RENEW = "renew";

    private static void printUsage(PrintStream printStream) throws IOException {
        printStream.println("fetchdt retrieves delegation tokens from the NameNode");
        printStream.println();
        printStream.println("fetchdt <opts> <token file>");
        printStream.println("Options:");
        printStream.println("  --webservice <url>  Url to contact NN on");
        printStream.println("  --cancel            Cancel the delegation token");
        printStream.println("  --renew             Renew the delegation token");
        printStream.println();
        GenericOptionsParser.printGenericCommandUsage(printStream);
        System.exit(1);
    }

    private static Collection<Token<?>> readTokens(Path path, Configuration configuration) throws IOException {
        return Credentials.readTokenStorageFile(path, configuration).getAllTokens();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void main(String[] strArr) throws Exception {
        Configuration configuration = new Configuration();
        setupSsl(configuration);
        Options options = new Options();
        options.addOption(WEBSERVICE, true, "HTTP/S url to reach the NameNode at");
        options.addOption("cancel", false, "cancel the token");
        options.addOption(RENEW, false, "renew the token");
        GenericOptionsParser genericOptionsParser = new GenericOptionsParser(configuration, options, strArr);
        CommandLine commandLine = genericOptionsParser.getCommandLine();
        String optionValue = commandLine.hasOption(WEBSERVICE) ? commandLine.getOptionValue(WEBSERVICE) : null;
        boolean hasOption = commandLine.hasOption("cancel");
        boolean hasOption2 = commandLine.hasOption(RENEW);
        String[] remainingArgs = genericOptionsParser.getRemainingArgs();
        if (hasOption && hasOption2) {
            System.err.println("ERROR: Only specify cancel or renew.");
            printUsage(System.err);
        }
        if (remainingArgs.length != 1 || remainingArgs[0].charAt(0) == '-') {
            System.err.println("ERROR: Must specify exactly one token file");
            printUsage(System.err);
        }
        Path path = new Path(FileSystem.getLocal(configuration).getWorkingDirectory(), remainingArgs[0]);
        if (hasOption) {
            for (Token<?> token : readTokens(path, configuration)) {
                if (token.isManaged()) {
                    token.cancel(configuration);
                }
            }
            return;
        }
        if (hasOption2) {
            for (Token<?> token2 : readTokens(path, configuration)) {
                if (token2.isManaged()) {
                    token2.renew(configuration);
                }
            }
            return;
        }
        if (optionValue != null) {
            URI uri = new URI(optionValue);
            getDTfromRemote(uri.getScheme(), new InetSocketAddress(uri.getHost(), uri.getPort()), null, configuration).writeTokenStorageFile(path, configuration);
            return;
        }
        FileSystem fileSystem = FileSystem.get(configuration);
        Token<?> delegationToken = fileSystem.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName());
        Credentials credentials = new Credentials();
        credentials.addToken(delegationToken.getService(), delegationToken);
        credentials.writeTokenStorageFile(path, configuration);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Fetched token for " + fileSystem.getUri() + " into " + path);
        }
    }

    public static void setupSsl(Configuration configuration) {
        Configuration configuration2 = new Configuration(false);
        configuration2.addResource(configuration.get("dfs.https.client.keystore.resource", DFSConfigKeys.DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_DEFAULT));
        System.setProperty("javax.net.ssl.trustStore", configuration2.get("ssl.client.truststore.location", ""));
        System.setProperty("javax.net.ssl.trustStorePassword", configuration2.get("ssl.client.truststore.password", ""));
        System.setProperty("javax.net.ssl.trustStoreType", configuration2.get("ssl.client.truststore.type", "jks"));
        System.setProperty("javax.net.ssl.keyStore", configuration2.get("ssl.client.keystore.location", ""));
        System.setProperty("javax.net.ssl.keyStorePassword", configuration2.get("ssl.client.keystore.password", ""));
        System.setProperty("javax.net.ssl.keyPassword", configuration2.get("ssl.client.keystore.keypassword", ""));
        System.setProperty("javax.net.ssl.keyStoreType", configuration2.get("ssl.client.keystore.type", "jks"));
    }

    public static Credentials getDTfromRemote(String str, final InetSocketAddress inetSocketAddress, String str2, Configuration configuration) throws IOException {
        String renewAddress = getRenewAddress(str, inetSocketAddress, configuration);
        final boolean equals = PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT.equals(str);
        try {
            StringBuffer stringBuffer = new StringBuffer(renewAddress);
            stringBuffer.append(GetDelegationTokenServlet.PATH_SPEC);
            if (str2 != null) {
                stringBuffer.append("?").append("renewer").append("=").append(str2);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Retrieving token from: " + ((Object) stringBuffer));
            }
            final URL url = new URL(stringBuffer.toString());
            return (Credentials) UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Credentials>() { // from class: org.apache.hadoop.hdfs.tools.DelegationTokenFetcher.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Credentials run() throws Exception {
                    InputStream inputStream = SecurityUtil.openSecureHttpConnection(url).getInputStream();
                    Credentials credentials = new Credentials();
                    DataInputStream dataInputStream = new DataInputStream(inputStream);
                    try {
                        credentials.readFields(dataInputStream);
                        for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
                            if (equals) {
                                token.setKind(HsftpFileSystem.TOKEN_KIND);
                            } else {
                                token.setKind(HftpFileSystem.TOKEN_KIND);
                            }
                            SecurityUtil.setTokenService(token, inetSocketAddress);
                        }
                        dataInputStream.close();
                    } catch (IOException e) {
                        IOUtils.cleanup(DelegationTokenFetcher.LOG, dataInputStream);
                    }
                    return credentials;
                }
            });
        } catch (InterruptedException e) {
            return null;
        }
    }

    protected static String getRenewAddress(String str, InetSocketAddress inetSocketAddress, Configuration configuration) {
        if (SecurityUtil.useKsslAuth() && "http".equals(str)) {
            str = PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT;
            inetSocketAddress = new InetSocketAddress(inetSocketAddress.getAddress(), configuration.getInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_DEFAULT));
        }
        return DFSUtil.createUri(str, inetSocketAddress).toString();
    }

    public static long renewDelegationToken(String str, InetSocketAddress inetSocketAddress, Token<DelegationTokenIdentifier> token, Configuration configuration) throws IOException {
        final String renewAddress = getRenewAddress(str, inetSocketAddress, configuration);
        final StringBuilder sb = new StringBuilder(renewAddress);
        final String text = token.getService().toString();
        sb.append(RenewDelegationTokenServlet.PATH_SPEC);
        sb.append("?");
        sb.append("token");
        sb.append("=");
        sb.append(token.encodeToUrlString());
        try {
            return ((Long) UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Long>() { // from class: org.apache.hadoop.hdfs.tools.DelegationTokenFetcher.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Long run() throws Exception {
                    BufferedReader bufferedReader = null;
                    HttpURLConnection httpURLConnection = null;
                    try {
                        httpURLConnection = (HttpURLConnection) SecurityUtil.openSecureHttpConnection(new URL(sb.toString()));
                        bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                        long parseLong = Long.parseLong(bufferedReader.readLine());
                        bufferedReader.close();
                        if (DelegationTokenFetcher.LOG.isDebugEnabled()) {
                            DelegationTokenFetcher.LOG.debug("Renewed token for " + text + " via " + renewAddress);
                        }
                        return Long.valueOf(parseLong);
                    } catch (IOException e) {
                        DelegationTokenFetcher.LOG.info("Error renewing token for " + renewAddress, e);
                        IOException iOException = null;
                        if (httpURLConnection != null) {
                            iOException = DelegationTokenFetcher.getExceptionFromResponse(httpURLConnection.getResponseMessage());
                        }
                        IOUtils.cleanup(DelegationTokenFetcher.LOG, bufferedReader);
                        if (iOException == null) {
                            throw e;
                        }
                        DelegationTokenFetcher.LOG.info("rethrowing exception from HTTP request: " + iOException.getLocalizedMessage());
                        throw iOException;
                    }
                }
            })).longValue();
        } catch (InterruptedException e) {
            return 0L;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static IOException getExceptionFromResponse(String str) {
        String str2 = "";
        String str3 = "";
        if (str != null && !str.isEmpty()) {
            String[] split = str.split(";");
            str2 = split[0];
            str3 = split[1];
        }
        LOG.info("Error response from HTTP request=" + str + ";ec=" + str2 + ";em=" + str3);
        IOException iOException = null;
        if (str2 != null && !str2.isEmpty()) {
            if (str2.contains("InvalidToken")) {
                iOException = new SecretManager.InvalidToken(str3);
                iOException.setStackTrace(new StackTraceElement[0]);
            } else if (str2.contains("AccessControlException")) {
                iOException = new AccessControlException(str3);
                iOException.setStackTrace(new StackTraceElement[0]);
            }
        }
        LOG.info("Exception from HTTP response=" + iOException.getLocalizedMessage());
        return iOException;
    }

    public static void cancelDelegationToken(String str, InetSocketAddress inetSocketAddress, Token<DelegationTokenIdentifier> token, Configuration configuration) throws IOException {
        final String renewAddress = getRenewAddress(str, inetSocketAddress, configuration);
        StringBuilder sb = new StringBuilder(renewAddress);
        sb.append(CancelDelegationTokenServlet.PATH_SPEC);
        sb.append("?");
        sb.append("token");
        sb.append("=");
        sb.append(token.encodeToUrlString());
        try {
            final URL url = new URL(sb.toString());
            if (LOG.isDebugEnabled()) {
                LOG.debug("cancelling token at " + sb.toString());
            }
            UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.tools.DelegationTokenFetcher.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    HttpURLConnection httpURLConnection = (HttpURLConnection) SecurityUtil.openSecureHttpConnection(url);
                    if (httpURLConnection.getResponseCode() != 200) {
                        throw new IOException("Error cancelling token for " + renewAddress + " response: " + httpURLConnection.getResponseMessage());
                    }
                    return null;
                }
            });
            if (LOG.isDebugEnabled()) {
                LOG.debug("Cancelled token for " + token.getService() + " via " + renewAddress);
            }
        } catch (IOException e) {
            LOG.warn("Error cancelling token for " + renewAddress, e);
            IOUtils.cleanup(LOG, null);
            throw e;
        } catch (InterruptedException e2) {
        }
    }

    static {
        Configuration.addDefaultResource("hdfs-default.xml");
        Configuration.addDefaultResource("hdfs-site.xml");
        LOG = LogFactory.getLog(DelegationTokenFetcher.class);
        Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES.size();
    }
}
