package org.apache.hadoop.hdfs.tools;

import com.facebook.presto.hadoop.shaded.org.apache.commons.cli.CommandLine;
import com.facebook.presto.hadoop.shaded.org.apache.commons.cli.Options;
import com.facebook.presto.hadoop.shaded.org.apache.commons.logging.Log;
import com.facebook.presto.hadoop.shaded.org.apache.commons.logging.LogFactory;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.HftpFileSystem;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.hdfs.server.namenode.CancelDelegationTokenServlet;
import org.apache.hadoop.hdfs.server.namenode.GetDelegationTokenServlet;
import org.apache.hadoop.hdfs.server.namenode.RenewDelegationTokenServlet;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.GenericOptionsParser;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.class */
public class DelegationTokenFetcher {
    private static final Log LOG = LogFactory.getLog(DelegationTokenFetcher.class);
    private static final String WEBSERVICE = "webservice";
    private static final String RENEWER = "renewer";
    private static final String CANCEL = "cancel";
    private static final String RENEW = "renew";
    private static final String PRINT = "print";
    private static final String HELP = "help";
    private static final String HELP_SHORT = "h";

    private static void printUsage(PrintStream printStream) {
        printStream.println("fetchdt retrieves delegation tokens from the NameNode");
        printStream.println();
        printStream.println("fetchdt <opts> <token file>");
        printStream.println("Options:");
        printStream.println("  --webservice <url>  Url to contact NN on");
        printStream.println("  --renewer <name>    Name of the delegation token renewer");
        printStream.println("  --cancel            Cancel the delegation token");
        printStream.println("  --renew             Renew the delegation token.  Delegation token must have been fetched using the --renewer <name> option.");
        printStream.println("  --print             Print the delegation token");
        printStream.println();
        GenericOptionsParser.printGenericCommandUsage(printStream);
        System.exit(1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Collection<Token<?>> readTokens(Path path, Configuration configuration) throws IOException {
        return Credentials.readTokenStorageFile(path, configuration).getAllTokens();
    }

    public static void main(String[] strArr) throws Exception {
        final HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        Options options = new Options();
        options.addOption(WEBSERVICE, true, "HTTP url to reach the NameNode at");
        options.addOption("renewer", true, "Name of the delegation token renewer");
        options.addOption(CANCEL, false, "cancel the token");
        options.addOption(RENEW, false, "renew the token");
        options.addOption(PRINT, false, "print the token");
        options.addOption(HELP_SHORT, "help", false, "print out help information");
        GenericOptionsParser genericOptionsParser = new GenericOptionsParser(hdfsConfiguration, options, strArr);
        CommandLine commandLine = genericOptionsParser.getCommandLine();
        final String optionValue = commandLine.hasOption(WEBSERVICE) ? commandLine.getOptionValue(WEBSERVICE) : null;
        final String optionValue2 = commandLine.hasOption("renewer") ? commandLine.getOptionValue("renewer") : null;
        final boolean hasOption = commandLine.hasOption(CANCEL);
        final boolean hasOption2 = commandLine.hasOption(RENEW);
        final boolean hasOption3 = commandLine.hasOption(PRINT);
        boolean hasOption4 = commandLine.hasOption("help");
        String[] remainingArgs = genericOptionsParser.getRemainingArgs();
        if (hasOption4) {
            printUsage(System.out);
            System.exit(0);
        }
        if ((hasOption && hasOption2) || ((hasOption && hasOption3) || ((hasOption2 && hasOption3) || (hasOption && hasOption2 && hasOption3)))) {
            System.err.println("ERROR: Only specify cancel, renew or print.");
            printUsage(System.err);
        }
        if (remainingArgs.length != 1 || remainingArgs[0].charAt(0) == '-') {
            System.err.println("ERROR: Must specify exacltly one token file");
            printUsage(System.err);
        }
        final Path path = new Path(FileSystem.getLocal(hdfsConfiguration).getWorkingDirectory(), remainingArgs[0]);
        UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.tools.DelegationTokenFetcher.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                if (hasOption3) {
                    DelegationTokenIdentifier createIdentifier = new DelegationTokenSecretManager(0L, 0L, 0L, 0L, null).createIdentifier();
                    for (Token token : DelegationTokenFetcher.readTokens(path, hdfsConfiguration)) {
                        createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
                        System.out.println("Token (" + createIdentifier + ") for " + token.getService());
                    }
                    return null;
                }
                if (hasOption2) {
                    for (Token token2 : DelegationTokenFetcher.readTokens(path, hdfsConfiguration)) {
                        if (token2.isManaged()) {
                            long renew = token2.renew(hdfsConfiguration);
                            if (DelegationTokenFetcher.LOG.isDebugEnabled()) {
                                DelegationTokenFetcher.LOG.debug("Renewed token for " + token2.getService() + " until: " + new Date(renew));
                            }
                        }
                    }
                    return null;
                }
                if (hasOption) {
                    for (Token token3 : DelegationTokenFetcher.readTokens(path, hdfsConfiguration)) {
                        if (token3.isManaged()) {
                            token3.cancel(hdfsConfiguration);
                            if (DelegationTokenFetcher.LOG.isDebugEnabled()) {
                                DelegationTokenFetcher.LOG.debug("Cancelled token for " + token3.getService());
                            }
                        }
                    }
                    return null;
                }
                if (optionValue != null) {
                    Credentials dTfromRemote = DelegationTokenFetcher.getDTfromRemote(optionValue, optionValue2);
                    dTfromRemote.writeTokenStorageFile(path, hdfsConfiguration);
                    Iterator<Token<? extends TokenIdentifier>> it = dTfromRemote.getAllTokens().iterator();
                    while (it.hasNext()) {
                        System.out.println("Fetched token via " + optionValue + " for " + it.next().getService() + " into " + path);
                    }
                    return null;
                }
                FileSystem fileSystem = FileSystem.get(hdfsConfiguration);
                Credentials credentials = new Credentials();
                Token<?>[] addDelegationTokens = fileSystem.addDelegationTokens(optionValue2, credentials);
                credentials.writeTokenStorageFile(path, hdfsConfiguration);
                if (!DelegationTokenFetcher.LOG.isDebugEnabled()) {
                    return null;
                }
                for (Token<?> token4 : addDelegationTokens) {
                    DelegationTokenFetcher.LOG.debug("Fetched token for " + token4.getService() + " into " + path);
                }
                return null;
            }
        });
    }

    public static Credentials getDTfromRemote(String str, String str2) throws IOException {
        DataInputStream dataInputStream = null;
        InetSocketAddress createSocketAddr = NetUtils.createSocketAddr(str);
        try {
            try {
                StringBuffer stringBuffer = new StringBuffer();
                if (str2 != null) {
                    stringBuffer.append(str).append(GetDelegationTokenServlet.PATH_SPEC).append("?").append("renewer").append(AbstractGangliaSink.EQUAL).append(str2);
                } else {
                    stringBuffer.append(str).append(GetDelegationTokenServlet.PATH_SPEC);
                }
                InputStream inputStream = SecurityUtil.openSecureHttpConnection(new URL(stringBuffer.toString())).getInputStream();
                Credentials credentials = new Credentials();
                dataInputStream = new DataInputStream(inputStream);
                credentials.readFields(dataInputStream);
                for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
                    token.setKind(HftpFileSystem.TOKEN_KIND);
                    SecurityUtil.setTokenService(token, createSocketAddr);
                }
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
                return credentials;
            } catch (Exception e) {
                throw new IOException("Unable to obtain remote token", e);
            }
        } catch (Throwable th) {
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            throw th;
        }
    }

    public static long renewDelegationToken(String str, Token<DelegationTokenIdentifier> token) throws IOException {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) SecurityUtil.openSecureHttpConnection(new URL(str + RenewDelegationTokenServlet.PATH_SPEC + "?token" + AbstractGangliaSink.EQUAL + token.encodeToUrlString()));
            if (httpURLConnection.getResponseCode() != 200) {
                throw new IOException("Error renewing token: " + httpURLConnection.getResponseMessage());
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            long parseLong = Long.parseLong(bufferedReader.readLine());
            bufferedReader.close();
            return parseLong;
        } catch (IOException e) {
            LOG.info("error in renew over HTTP", e);
            IOException exceptionFromResponse = getExceptionFromResponse(null);
            IOUtils.cleanup(LOG, null);
            if (exceptionFromResponse == null) {
                throw e;
            }
            LOG.info("rethrowing exception from HTTP request: " + exceptionFromResponse.getLocalizedMessage());
            throw exceptionFromResponse;
        }
    }

    private static IOException getExceptionFromResponse(HttpURLConnection httpURLConnection) {
        IOException iOException = null;
        if (httpURLConnection == null) {
            return null;
        }
        try {
            String responseMessage = httpURLConnection.getResponseMessage();
            if (responseMessage == null || responseMessage.isEmpty()) {
                return null;
            }
            String[] split = responseMessage.split(";");
            if (split.length < 2) {
                return null;
            }
            String str = split[0];
            String str2 = split[1];
            LOG.info("Error response from HTTP request=" + responseMessage + ";ec=" + str + ";em=" + str2);
            if (str == null || str.isEmpty()) {
                return null;
            }
            try {
                iOException = (IOException) Class.forName(str).asSubclass(Exception.class).getConstructor(String.class).newInstance(str2);
            } catch (Exception e) {
                LOG.warn("failed to create object of this class", e);
            }
            if (iOException == null) {
                return null;
            }
            iOException.setStackTrace(new StackTraceElement[0]);
            LOG.info("Exception from HTTP response=" + iOException.getLocalizedMessage());
            return iOException;
        } catch (IOException e2) {
            return null;
        }
    }

    public static void cancelDelegationToken(String str, Token<DelegationTokenIdentifier> token) throws IOException {
        HttpURLConnection httpURLConnection = null;
        try {
            httpURLConnection = (HttpURLConnection) SecurityUtil.openSecureHttpConnection(new URL(str + CancelDelegationTokenServlet.PATH_SPEC + "?token" + AbstractGangliaSink.EQUAL + token.encodeToUrlString()));
            if (httpURLConnection.getResponseCode() != 200) {
                throw new IOException("Error cancelling token: " + httpURLConnection.getResponseMessage());
            }
        } catch (IOException e) {
            LOG.info("error in cancel over HTTP", e);
            IOException exceptionFromResponse = getExceptionFromResponse(httpURLConnection);
            IOUtils.cleanup(LOG, null);
            if (exceptionFromResponse == null) {
                throw e;
            }
            LOG.info("rethrowing exception from HTTP request: " + exceptionFromResponse.getLocalizedMessage());
            throw exceptionFromResponse;
        }
    }
}
