package org.elasticsearch.hadoop.mr.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.Collections;
import javax.security.auth.Subject;
import org.apache.commons.logging.impl.NoOpLog;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenRenewer;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.elasticsearch.hadoop.EsHadoopException;
import org.elasticsearch.hadoop.cfg.CompositeSettings;
import org.elasticsearch.hadoop.cfg.HadoopSettingsManager;
import org.elasticsearch.hadoop.cfg.Settings;
import org.elasticsearch.hadoop.rest.InitializationUtils;
import org.elasticsearch.hadoop.rest.RestClient;
import org.elasticsearch.hadoop.security.EsToken;
import org.elasticsearch.hadoop.security.JdkUser;
import org.elasticsearch.hadoop.security.JdkUserProvider;
import org.elasticsearch.hadoop.util.ClusterInfo;
import org.elasticsearch.hadoop.util.ClusterName;

/* loaded from: input_file:org/elasticsearch/hadoop/mr/security/EsTokenIdentifier.class */
public class EsTokenIdentifier extends AbstractDelegationTokenIdentifier {
    public static final Text KIND_NAME = new Text("ELASTICSEARCH_AUTH_TOKEN");

    /* loaded from: input_file:org/elasticsearch/hadoop/mr/security/EsTokenIdentifier$Renewer.class */
    public static class Renewer extends TokenRenewer {
        public boolean handleKind(Text text) {
            return EsTokenIdentifier.KIND_NAME.equals(text);
        }

        public boolean isManaged(Token<?> token) throws IOException {
            return true;
        }

        public long renew(Token<?> token, Configuration configuration) throws IOException, InterruptedException {
            if (EsTokenIdentifier.KIND_NAME.equals(token.getKind())) {
                return new EsToken(new DataInputStream(new ByteArrayInputStream(token.getPassword()))).getExpirationTime();
            }
            throw new IOException("Could not renew token of invalid type [" + token.getKind().toString() + "]");
        }

        public void cancel(Token<?> token, Configuration configuration) throws IOException, InterruptedException {
            if (!EsTokenIdentifier.KIND_NAME.equals(token.getKind())) {
                throw new IOException("Could not renew token of invalid type [" + token.getKind().toString() + "]");
            }
            final EsToken esToken = new EsToken(new DataInputStream(new ByteArrayInputStream(token.getPassword())));
            Settings loadFrom = HadoopSettingsManager.loadFrom(configuration);
            final CompositeSettings compositeSettings = new CompositeSettings(Collections.singletonList(loadFrom));
            compositeSettings.setInternalClusterInfo(new ClusterInfo(new ClusterName(esToken.getClusterName(), null), esToken.getMajorVersion()));
            InitializationUtils.setUserProviderIfNotSet(compositeSettings, JdkUserProvider.class, new NoOpLog());
            JdkUser jdkUser = new JdkUser(new Subject(), loadFrom);
            jdkUser.addEsToken(esToken);
            jdkUser.doAs(new PrivilegedAction<Void>() { // from class: org.elasticsearch.hadoop.mr.security.EsTokenIdentifier.Renewer.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    RestClient restClient = null;
                    try {
                        restClient = Renewer.this.createClient(compositeSettings);
                        restClient.cancelToken(esToken);
                        if (restClient == null) {
                            return null;
                        }
                        restClient.close();
                        return null;
                    } catch (Throwable th) {
                        if (restClient != null) {
                            restClient.close();
                        }
                        throw th;
                    }
                }
            });
        }

        protected RestClient createClient(Settings settings) {
            return new RestClient(settings);
        }
    }

    public static Token<EsTokenIdentifier> createTokenFrom(EsToken esToken) {
        EsTokenIdentifier esTokenIdentifier = new EsTokenIdentifier();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            esToken.writeOut(new DataOutputStream(byteArrayOutputStream));
            return new Token<>(esTokenIdentifier.getBytes(), byteArrayOutputStream.toByteArray(), esTokenIdentifier.getKind(), new Text(esToken.getClusterName()));
        } catch (IOException e) {
            throw new EsHadoopException("Could not serialize token information", e);
        }
    }

    public Text getKind() {
        return KIND_NAME;
    }
}
