package org.apache.kyuubi.flink.security.token.utils;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kyuubi/flink/security/token/utils/KyuubiUtils.class */
public class KyuubiUtils {
    private static final Logger LOG;
    public static final String KYUUBI_ENGINE_CREDENTIALS_KEY = "kyuubi.engine.credentials";
    public static final String KYUUBI_CREDENTIALS_RENEWAL_INTERVAL_KEY = "kyuubi.credentials.renewal.interval";
    public static final Long KYUUBI_CREDENTIALS_RENEWAL_INTERVAL_DEFAULT;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static Map<String, String> fromCommandLineArgs(List<String> list) {
        if (!$assertionsDisabled && list.size() % 2 != 0) {
            throw new AssertionError("Illegal size of arguments.");
        }
        HashMap hashMap = new HashMap();
        int i = 0;
        while (i < list.size()) {
            String str = list.get(i);
            int i2 = i + 1;
            String str2 = list.get(i2);
            if (!$assertionsDisabled && !str.equals("--conf")) {
                throw new AssertionError("Unrecognized main arguments prefix " + str + ", the argument format is '--conf k=v'.");
            }
            String[] split = str2.split("=", 2);
            if (split.length != 2) {
                throw new IllegalArgumentException("Illegal argument: " + str2 + ".");
            }
            hashMap.put(split[0].trim(), split[1].trim());
            i = i2 + 1;
        }
        return hashMap;
    }

    public static void renewDelegationToken(String str) throws NoSuchFieldException, IllegalAccessException, IOException {
        Credentials decodeCredentials = decodeCredentials(str);
        Map<Text, Token<? extends TokenIdentifier>> tokenMap = getTokenMap(decodeCredentials);
        Credentials credentials = new Credentials();
        Credentials credentials2 = UserGroupInformation.getCurrentUser().getCredentials();
        for (Map.Entry<Text, Token<? extends TokenIdentifier>> entry : tokenMap.entrySet()) {
            Text key = entry.getKey();
            Token<? extends TokenIdentifier> value = entry.getValue();
            Token token = credentials2.getToken(entry.getKey());
            if (token == null) {
                LOG.info("Add new unknown token {}", value);
                credentials.addToken(key, value);
            } else if (compareIssueDate(value, token) > 0) {
                credentials.addToken(key, value);
            } else {
                LOG.warn("Ignore token with earlier issue date: {}", value);
            }
        }
        if (credentials.numberOfTokens() > 0) {
            LOG.info("Update delegation tokens. The number of tokens sent by the server is {}. The actual number of updated tokens is {}.", Integer.valueOf(decodeCredentials.numberOfTokens()), Integer.valueOf(credentials.numberOfTokens()));
            UserGroupInformation.getCurrentUser().addCredentials(credentials);
        }
    }

    public static Credentials decodeCredentials(String str) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str));
        Credentials credentials = new Credentials();
        credentials.readTokenStorageStream(new DataInputStream(byteArrayInputStream));
        return credentials;
    }

    public static Map<Text, Token<? extends TokenIdentifier>> getTokenMap(Credentials credentials) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = Credentials.class.getDeclaredField("tokenMap");
        declaredField.setAccessible(true);
        return (Map) declaredField.get(credentials);
    }

    public static int compareIssueDate(Token<? extends TokenIdentifier> token, Token<? extends TokenIdentifier> token2) throws IOException {
        Optional<Long> tokenIssueDate = getTokenIssueDate(token);
        Optional<Long> tokenIssueDate2 = getTokenIssueDate(token2);
        return (tokenIssueDate.isPresent() && tokenIssueDate2.isPresent() && tokenIssueDate.get().longValue() <= tokenIssueDate2.get().longValue()) ? -1 : 1;
    }

    public static Optional<Long> getTokenIssueDate(Token<? extends TokenIdentifier> token) throws IOException {
        AbstractDelegationTokenIdentifier decodeIdentifier = token.decodeIdentifier();
        if (decodeIdentifier instanceof AbstractDelegationTokenIdentifier) {
            return Optional.of(Long.valueOf(decodeIdentifier.getIssueDate()));
        }
        if (decodeIdentifier != null) {
            LOG.debug("Unsupported TokenIdentifier kind: {}", decodeIdentifier.getKind());
            return Optional.empty();
        }
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        try {
            delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
            return Optional.of(Long.valueOf(delegationTokenIdentifier.getIssueDate()));
        } catch (Exception e) {
            LOG.warn("Can not decode identifier of token {}, error: {}", token, e);
            return Optional.empty();
        }
    }

    static {
        $assertionsDisabled = !KyuubiUtils.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(KyuubiUtils.class);
        KYUUBI_CREDENTIALS_RENEWAL_INTERVAL_DEFAULT = 360000L;
    }
}
