package org.apache.hadoop.yarn.server.utils;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Iterator;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.DataInputByteBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
import org.apache.hadoop.yarn.api.records.Token;
import org.apache.hadoop.yarn.client.ClientRMProxy;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.ipc.RPCUtil;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:hadoop-client-2.10.0/share/hadoop/client/lib/hadoop-yarn-server-common-2.10.0.jar:org/apache/hadoop/yarn/server/utils/YarnServerSecurityUtils.class */
public final class YarnServerSecurityUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) YarnServerSecurityUtils.class);

    private YarnServerSecurityUtils() {
    }

    public static AMRMTokenIdentifier authorizeRequest() throws YarnException {
        boolean z;
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            String str = "";
            AMRMTokenIdentifier aMRMTokenIdentifier = null;
            try {
                aMRMTokenIdentifier = selectAMRMTokenIdentifier(currentUser);
                if (aMRMTokenIdentifier == null) {
                    z = false;
                    str = "No AMRMToken found for user " + currentUser.getUserName();
                } else {
                    z = true;
                }
            } catch (IOException e) {
                z = false;
                str = "Got exception while looking for AMRMToken for user " + currentUser.getUserName();
            }
            if (z) {
                return aMRMTokenIdentifier;
            }
            LOG.warn(str);
            throw RPCUtil.getRemoteException(str);
        } catch (IOException e2) {
            String str2 = "Cannot obtain the user-name for authorizing ApplicationMaster. Got exception: " + StringUtils.stringifyException(e2);
            LOG.warn(str2);
            throw RPCUtil.getRemoteException(str2);
        }
    }

    private static AMRMTokenIdentifier selectAMRMTokenIdentifier(UserGroupInformation userGroupInformation) throws IOException {
        AMRMTokenIdentifier aMRMTokenIdentifier = null;
        Iterator<TokenIdentifier> it = userGroupInformation.getTokenIdentifiers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenIdentifier next = it.next();
            if (next instanceof AMRMTokenIdentifier) {
                aMRMTokenIdentifier = (AMRMTokenIdentifier) next;
                break;
            }
        }
        return aMRMTokenIdentifier;
    }

    public static void updateAMRMToken(Token token, UserGroupInformation userGroupInformation, Configuration configuration) {
        org.apache.hadoop.security.token.Token<? extends TokenIdentifier> token2 = new org.apache.hadoop.security.token.Token<>(token.getIdentifier().array(), token.getPassword().array(), new Text(token.getKind()), new Text(token.getService()));
        userGroupInformation.addToken(token2);
        token2.setService(ClientRMProxy.getAMRMTokenService(configuration));
    }

    public static Credentials parseCredentials(ContainerLaunchContext containerLaunchContext) throws IOException {
        Credentials credentials = new Credentials();
        ByteBuffer tokens = containerLaunchContext.getTokens();
        if (tokens != null) {
            DataInputByteBuffer dataInputByteBuffer = new DataInputByteBuffer();
            tokens.rewind();
            dataInputByteBuffer.reset(tokens);
            credentials.readTokenStorageStream(dataInputByteBuffer);
            if (LOG.isDebugEnabled()) {
                for (org.apache.hadoop.security.token.Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
                    LOG.debug(token.getService() + " = " + token.toString());
                }
            }
        }
        return credentials;
    }
}
