package org.apache.storm.hbase.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.InetAddress;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.bind.DatatypeConverter;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.security.token.TokenUtil;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.storm.security.INimbusCredentialPlugin;
import org.apache.storm.security.auth.IAutoCredentials;
import org.apache.storm.security.auth.ICredentialsRenewer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/hbase/security/AutoHBase.class */
public class AutoHBase implements IAutoCredentials, ICredentialsRenewer, INimbusCredentialPlugin {
    private static final Logger LOG = LoggerFactory.getLogger(AutoHBase.class);
    public static final String HBASE_CREDENTIALS = "HBASE_CREDENTIALS";
    public static final String HBASE_KEYTAB_FILE_KEY = "hbase.keytab.file";
    public static final String HBASE_PRINCIPAL_KEY = "hbase.kerberos.principal";
    public String hbaseKeytab;
    public String hbasePrincipal;

    public void prepare(Map map) {
        if (map.containsKey(HBASE_KEYTAB_FILE_KEY) && map.containsKey(HBASE_PRINCIPAL_KEY)) {
            this.hbaseKeytab = (String) map.get(HBASE_KEYTAB_FILE_KEY);
            this.hbasePrincipal = (String) map.get(HBASE_PRINCIPAL_KEY);
        }
    }

    public void shutdown() {
    }

    public void populateCredentials(Map<String, String> map, Map map2) {
        try {
            map.put(getCredentialKey(), DatatypeConverter.printBase64Binary(getHadoopCredentials(map2)));
        } catch (Exception e) {
            LOG.error("Could not populate HBase credentials.", (Throwable) e);
        }
    }

    public void populateCredentials(Map<String, String> map) {
        map.put(HBASE_CREDENTIALS, DatatypeConverter.printBase64Binary("dummy place holder".getBytes()));
    }

    protected Object getCredentials(Map<String, String> map) {
        Credentials credentials = null;
        if (map != null && map.containsKey(getCredentialKey())) {
            try {
                ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(map.get(getCredentialKey()))));
                credentials = new Credentials();
                credentials.readFields(objectInputStream);
                LOG.info("Got hbase credentials from credentials Map.");
            } catch (Exception e) {
                LOG.error("Could not obtain credentials from credentials map.", (Throwable) e);
            }
        }
        return credentials;
    }

    public void updateSubject(Subject subject, Map<String, String> map) {
        addCredentialToSubject(subject, map);
        addTokensToUGI(subject);
    }

    public void populateSubject(Subject subject, Map<String, String> map) {
        addCredentialToSubject(subject, map);
        addTokensToUGI(subject);
    }

    private void addCredentialToSubject(Subject subject, Map<String, String> map) {
        try {
            Object credentials = getCredentials(map);
            if (credentials != null) {
                subject.getPrivateCredentials().add(credentials);
                LOG.info("Hbase credentials added to subject.");
            } else {
                LOG.info("No credential found in credentials map.");
            }
        } catch (Exception e) {
            LOG.error("Failed to initialize and get UserGroupInformation.", (Throwable) e);
        }
    }

    public void addTokensToUGI(Subject subject) {
        Set privateCredentials;
        if (subject == null || (privateCredentials = subject.getPrivateCredentials(Credentials.class)) == null) {
            return;
        }
        Iterator it = privateCredentials.iterator();
        while (it.hasNext()) {
            Collection<Token<? extends TokenIdentifier>> allTokens = ((Credentials) it.next()).getAllTokens();
            if (allTokens != null) {
                Iterator<Token<? extends TokenIdentifier>> it2 = allTokens.iterator();
                while (it2.hasNext()) {
                    try {
                        UserGroupInformation.getCurrentUser().addToken(it2.next());
                        LOG.info("Added delegation tokens to UGI.");
                    } catch (IOException e) {
                        LOG.error("Exception while trying to add tokens to ugi", (Throwable) e);
                    }
                }
            }
        }
    }

    protected byte[] getHadoopCredentials(Map map) {
        try {
            Configuration create = HBaseConfiguration.create();
            if (!UserGroupInformation.isSecurityEnabled()) {
                throw new RuntimeException("Security is not enabled for Hadoop");
            }
            String str = (String) map.get("topology.submitter.principal");
            UserProvider instantiate = UserProvider.instantiate(create);
            create.set(HBASE_KEYTAB_FILE_KEY, this.hbaseKeytab);
            create.set(HBASE_PRINCIPAL_KEY, this.hbasePrincipal);
            instantiate.login(HBASE_KEYTAB_FILE_KEY, HBASE_PRINCIPAL_KEY, InetAddress.getLocalHost().getCanonicalHostName());
            LOG.info("Logged into Hbase as principal = " + map.get(HBASE_PRINCIPAL_KEY));
            UserGroupInformation.setConfiguration(create);
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser(str, currentUser);
            User.create(currentUser);
            if (!User.isHBaseSecurityEnabled(create)) {
                throw new RuntimeException("Security is not enabled for HBase.");
            }
            TokenUtil.obtainAndCacheToken(create, createProxyUser);
            LOG.info("Obtained HBase tokens, adding to user credentials.");
            Credentials credentials = createProxyUser.getCredentials();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            credentials.write(objectOutputStream);
            objectOutputStream.flush();
            objectOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new RuntimeException("Failed to get delegation tokens.", e);
        }
    }

    public void renew(Map<String, String> map, Map map2) {
        populateCredentials(map, map2);
    }

    protected String getCredentialKey() {
        return HBASE_CREDENTIALS;
    }

    public static void main(String[] strArr) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("topology.submitter.principal", strArr[0]);
        hashMap.put(HBASE_PRINCIPAL_KEY, strArr[1]);
        hashMap.put(HBASE_KEYTAB_FILE_KEY, strArr[2]);
        AutoHBase autoHBase = new AutoHBase();
        autoHBase.prepare(hashMap);
        HashMap hashMap2 = new HashMap();
        autoHBase.populateCredentials(hashMap2, hashMap);
        LOG.info("Got HBase credentials" + autoHBase.getCredentials(hashMap2));
        Subject subject = new Subject();
        autoHBase.populateSubject(subject, hashMap2);
        LOG.info("Got a Subject " + subject);
        autoHBase.renew(hashMap2, hashMap);
        LOG.info("renewed credentials" + autoHBase.getCredentials(hashMap2));
    }
}
