package org.apache.hadoop.security.token.delegation.web;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URL;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.Authenticator;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.hadoop.util.HttpExceptionUtils;
import org.apache.hadoop.util.StringUtils;
import org.apache.log4j.spi.LocationInfo;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.ObjectReader;
import org.mortbay.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Public
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.class */
public abstract class DelegationTokenAuthenticator implements Authenticator {
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String APPLICATION_JSON_MIME = "application/json";
    private static final String HTTP_GET = "GET";
    private static final String HTTP_PUT = "PUT";
    public static final String OP_PARAM = "op";
    private static final String OP_PARAM_EQUALS = "op=";
    public static final String DELEGATION_TOKEN_HEADER = "X-Hadoop-Delegation-Token";
    public static final String DELEGATION_PARAM = "delegation";
    public static final String TOKEN_PARAM = "token";
    public static final String RENEWER_PARAM = "renewer";
    public static final String SERVICE_PARAM = "service";
    public static final String DELEGATION_TOKEN_JSON = "Token";
    public static final String DELEGATION_TOKEN_URL_STRING_JSON = "urlString";
    public static final String RENEW_DELEGATION_TOKEN_JSON = "long";
    private Authenticator authenticator;
    private ConnectionConfigurator connConfigurator;
    private static Logger LOG = LoggerFactory.getLogger((Class<?>) DelegationTokenAuthenticator.class);
    private static final ObjectReader READER = new ObjectMapper().reader(Map.class);

    @InterfaceAudience.Private
    /* loaded from: input_file:org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator$DelegationTokenOperation.class */
    public enum DelegationTokenOperation {
        GETDELEGATIONTOKEN("GET", true),
        RENEWDELEGATIONTOKEN("PUT", true),
        CANCELDELEGATIONTOKEN("PUT", false);

        private String httpMethod;
        private boolean requiresKerberosCredentials;

        DelegationTokenOperation(String str, boolean z) {
            this.httpMethod = str;
            this.requiresKerberosCredentials = z;
        }

        public String getHttpMethod() {
            return this.httpMethod;
        }

        public boolean requiresKerberosCredentials() {
            return this.requiresKerberosCredentials;
        }
    }

    public DelegationTokenAuthenticator(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    @Override // org.apache.hadoop.security.authentication.client.Authenticator
    public void setConnectionConfigurator(ConnectionConfigurator connectionConfigurator) {
        this.authenticator.setConnectionConfigurator(connectionConfigurator);
        this.connConfigurator = connectionConfigurator;
    }

    private boolean hasDelegationToken(URL url, AuthenticatedURL.Token token) {
        boolean z = false;
        if (token instanceof DelegationTokenAuthenticatedURL.Token) {
            z = ((DelegationTokenAuthenticatedURL.Token) token).getDelegationToken() != null;
            if (z) {
                LOG.trace("Delegation token found: {}", ((DelegationTokenAuthenticatedURL.Token) token).getDelegationToken());
            }
        }
        if (!z) {
            String query = url.getQuery();
            z = query != null && query.contains("delegation=");
            LOG.trace("hasDt={}, queryStr={}", Boolean.valueOf(z), query);
        }
        return z;
    }

    @Override // org.apache.hadoop.security.authentication.client.Authenticator
    public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException {
        if (hasDelegationToken(url, token)) {
            LOG.debug("Authenticated from delegation token. url={}, token={}", url, token);
            return;
        }
        UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
        LOG.debug("No delegation token found for url={}, token={}, authenticating with {}", url, token, this.authenticator.getClass());
        this.authenticator.authenticate(url, token);
    }

    public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, AuthenticatedURL.Token token, String str) throws IOException, AuthenticationException {
        return getDelegationToken(url, token, str, null);
    }

    public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, AuthenticatedURL.Token token, String str, String str2) throws IOException, AuthenticationException {
        String str3 = (String) ((Map) doDelegationTokenOperation(url, token, DelegationTokenOperation.GETDELEGATIONTOKEN, str, null, true, str2).get(DELEGATION_TOKEN_JSON)).get(DELEGATION_TOKEN_URL_STRING_JSON);
        Token<AbstractDelegationTokenIdentifier> token2 = new Token<>();
        token2.decodeFromUrlString(str3);
        SecurityUtil.setTokenService(token2, new InetSocketAddress(url.getHost(), url.getPort()));
        return token2;
    }

    public long renewDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> token2) throws IOException, AuthenticationException {
        return renewDelegationToken(url, token, token2, null);
    }

    public long renewDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> token2, String str) throws IOException, AuthenticationException {
        return ((Long) doDelegationTokenOperation(url, token, DelegationTokenOperation.RENEWDELEGATIONTOKEN, null, token2, true, str).get(RENEW_DELEGATION_TOKEN_JSON)).longValue();
    }

    public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> token2) throws IOException {
        cancelDelegationToken(url, token, token2, null);
    }

    public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> token2, String str) throws IOException {
        try {
            doDelegationTokenOperation(url, token, DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, token2, false, str);
        } catch (AuthenticationException e) {
            throw new IOException("This should not happen: " + e.getMessage(), e);
        }
    }

    /* JADX WARN: Finally extract failed */
    private Map doDelegationTokenOperation(URL url, AuthenticatedURL.Token token, DelegationTokenOperation delegationTokenOperation, String str, Token<?> token2, boolean z, String str2) throws IOException, AuthenticationException {
        Map map = null;
        HashMap hashMap = new HashMap();
        hashMap.put("op", delegationTokenOperation.toString());
        if (str != null) {
            hashMap.put("renewer", str);
        }
        if (token2 != null) {
            hashMap.put("token", token2.encodeToUrlString());
        }
        if (str2 != null) {
            hashMap.put("doAs", URLEncoder.encode(str2, "UTF-8"));
        }
        String externalForm = url.toExternalForm();
        StringBuilder sb = new StringBuilder(externalForm);
        String str3 = externalForm.contains(LocationInfo.NA) ? "&" : LocationInfo.NA;
        for (Map.Entry entry : hashMap.entrySet()) {
            sb.append(str3).append((String) entry.getKey()).append(AbstractGangliaSink.EQUAL).append(URLEncoder.encode((String) entry.getValue(), StringUtil.__UTF8Alt));
            str3 = "&";
        }
        URL url2 = new URL(sb.toString());
        AuthenticatedURL authenticatedURL = new AuthenticatedURL(this, this.connConfigurator);
        Token<AbstractDelegationTokenIdentifier> token3 = null;
        if ((token instanceof DelegationTokenAuthenticatedURL.Token) && delegationTokenOperation.requiresKerberosCredentials()) {
            token3 = ((DelegationTokenAuthenticatedURL.Token) token).getDelegationToken();
            ((DelegationTokenAuthenticatedURL.Token) token).setDelegationToken(null);
        }
        try {
            HttpURLConnection openConnection = authenticatedURL.openConnection(url2, token);
            openConnection.setRequestMethod(delegationTokenOperation.getHttpMethod());
            HttpExceptionUtils.validateResponse(openConnection, 200);
            if (z) {
                String headerField = openConnection.getHeaderField("Content-Type");
                String lowerCase = headerField != null ? StringUtils.toLowerCase(headerField) : null;
                if (lowerCase == null || !lowerCase.contains("application/json")) {
                    throw new AuthenticationException(String.format("'%s' did not respond with JSON to the '%s' delegation token operation", url2.getAuthority(), delegationTokenOperation));
                }
                try {
                    map = (Map) READER.readValue(openConnection.getInputStream());
                } catch (Exception e) {
                    throw new AuthenticationException(String.format("'%s' did not handle the '%s' delegation token operation: %s", url2.getAuthority(), delegationTokenOperation, e.getMessage()), e);
                }
            }
            if (token3 != null) {
                ((DelegationTokenAuthenticatedURL.Token) token).setDelegationToken(token3);
            }
            return map;
        } catch (Throwable th) {
            if (token3 != null) {
                ((DelegationTokenAuthenticatedURL.Token) token).setDelegationToken(token3);
            }
            throw th;
        }
    }
}
