package org.apache.tez.dag.api.client;

import com.google.common.annotations.VisibleForTesting;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HttpURLConnectionFactory;
import com.sun.jersey.client.urlconnection.URLConnectionClientHandler;
import com.sun.jersey.json.impl.provider.entity.JSONRootElementProvider;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.Authenticator;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.tez.common.ReflectionUtils;
import org.apache.tez.dag.api.TezException;
import org.apache.tez.dag.api.TezUncheckedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory.class */
public class TimelineReaderFactory {
    private static final String KERBEROS_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME = "org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator";
    private static final String PSEUDO_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME = "org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticator";
    private static final String DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME = "org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL";
    private static final String DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME = "org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator";
    private static final String DELEGATION_TOKEN_AUTHENTICATED_URL_TOKEN_CLASS_NAME = "org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL$Token";
    private static final Logger LOG = LoggerFactory.getLogger(TimelineReaderFactory.class);
    private static Class<?> delegationTokenAuthenticatorClazz = null;
    private static Method delegationTokenAuthenticateURLOpenConnectionMethod = null;
    private static boolean isTokenDelegationSupportChecksDone = false;
    private static boolean isTokenDelegationClassesPresent = false;

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    /* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory$TimelineReaderPseudoAuthenticatedStrategy.class */
    public static class TimelineReaderPseudoAuthenticatedStrategy implements TimelineReaderStrategy {
        private final ConnectionConfigurator connectionConf;

        @VisibleForTesting
        /* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory$TimelineReaderPseudoAuthenticatedStrategy$PseudoAuthenticatedURLConnectionFactory.class */
        protected static class PseudoAuthenticatedURLConnectionFactory implements HttpURLConnectionFactory {
            private final ConnectionConfigurator connectionConf;

            public PseudoAuthenticatedURLConnectionFactory(ConnectionConfigurator connectionConfigurator) {
                this.connectionConf = connectionConfigurator;
            }

            public HttpURLConnection getHttpURLConnection(URL url) throws IOException {
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(url.toString() + ((url.getQuery() == null ? "?" : "&") + "user.name=" + URLEncoder.encode(UserGroupInformation.getCurrentUser().getShortUserName(), "UTF8"))).openConnection();
                this.connectionConf.configure(httpURLConnection);
                return httpURLConnection;
            }
        }

        public TimelineReaderPseudoAuthenticatedStrategy(Configuration configuration, boolean z, int i) {
            this.connectionConf = TimelineReaderFactory.getNewConnectionConf(configuration, z, i);
        }

        @Override // org.apache.tez.dag.api.client.TimelineReaderFactory.TimelineReaderStrategy
        public Client getHttpClient() {
            return new Client(new URLConnectionClientHandler(new PseudoAuthenticatedURLConnectionFactory(this.connectionConf)), new DefaultClientConfig(new Class[]{JSONRootElementProvider.App.class}));
        }
    }

    /* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory$TimelineReaderStrategy.class */
    public interface TimelineReaderStrategy {
        Client getHttpClient() throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory$TimelineReaderTokenAuthenticatedStrategy.class */
    public static class TimelineReaderTokenAuthenticatedStrategy implements TimelineReaderStrategy {
        private final Configuration conf;
        private final boolean useHttps;
        private final int connTimeout;

        /* loaded from: input_file:org/apache/tez/dag/api/client/TimelineReaderFactory$TimelineReaderTokenAuthenticatedStrategy$TokenAuthenticatedURLConnectionFactory.class */
        private static class TokenAuthenticatedURLConnectionFactory implements HttpURLConnectionFactory {
            private final Authenticator authenticator;
            private final ConnectionConfigurator connConfigurator;
            private final UserGroupInformation authUgi;
            private final String doAsUser;
            private final AuthenticatedURL.Token token = (AuthenticatedURL.Token) ReflectionUtils.createClazzInstance(TimelineReaderFactory.DELEGATION_TOKEN_AUTHENTICATED_URL_TOKEN_CLASS_NAME, null, null);

            public TokenAuthenticatedURLConnectionFactory(ConnectionConfigurator connectionConfigurator, Authenticator authenticator, UserGroupInformation userGroupInformation, String str) {
                this.connConfigurator = connectionConfigurator;
                this.authenticator = authenticator;
                this.authUgi = userGroupInformation;
                this.doAsUser = str;
            }

            public HttpURLConnection getHttpURLConnection(URL url) throws IOException {
                try {
                    return (HttpURLConnection) ReflectionUtils.invokeMethod((AuthenticatedURL) ReflectionUtils.createClazzInstance(TimelineReaderFactory.DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME, new Class[]{TimelineReaderFactory.delegationTokenAuthenticatorClazz, ConnectionConfigurator.class}, new Object[]{this.authenticator, this.connConfigurator}), TimelineReaderFactory.delegationTokenAuthenticateURLOpenConnectionMethod, url, this.token, this.doAsUser);
                } catch (Exception e) {
                    throw new IOException(e);
                }
            }
        }

        public TimelineReaderTokenAuthenticatedStrategy(Configuration configuration, boolean z, int i) {
            this.conf = configuration;
            this.useHttps = z;
            this.connTimeout = i;
        }

        @Override // org.apache.tez.dag.api.client.TimelineReaderFactory.TimelineReaderStrategy
        public Client getHttpClient() throws IOException {
            UserGroupInformation userGroupInformation;
            String str;
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            UserGroupInformation realUser = currentUser.getRealUser();
            DefaultClientConfig defaultClientConfig = new DefaultClientConfig(new Class[]{JSONRootElementProvider.App.class});
            ConnectionConfigurator newConnectionConf = TimelineReaderFactory.getNewConnectionConf(this.conf, this.useHttps, this.connTimeout);
            try {
                Authenticator tokenAuthenticator = getTokenAuthenticator();
                tokenAuthenticator.setConnectionConfigurator(newConnectionConf);
                if (realUser != null) {
                    userGroupInformation = realUser;
                    str = currentUser.getShortUserName();
                } else {
                    userGroupInformation = currentUser;
                    str = null;
                }
                return new Client(new URLConnectionClientHandler(new TokenAuthenticatedURLConnectionFactory(newConnectionConf, tokenAuthenticator, userGroupInformation, str)), defaultClientConfig);
            } catch (TezUncheckedException e) {
                throw new IOException("Failed to get authenticator", e);
            }
        }

        private static Authenticator getTokenAuthenticator() {
            return (Authenticator) ReflectionUtils.createClazzInstance(UserGroupInformation.isSecurityEnabled() ? TimelineReaderFactory.KERBEROS_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME : TimelineReaderFactory.PSEUDO_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME);
        }
    }

    public static TimelineReaderStrategy getTimelineReaderStrategy(Configuration configuration, boolean z, int i) throws TezException {
        if (!isTimelineClientSupported()) {
            throw new TezException("Reading from timeline is not supported. token delegation support: " + tokenDelegationSupported() + ", is secure timeline: " + UserGroupInformation.isSecurityEnabled());
        }
        TimelineReaderStrategy timelineReaderStrategy = getTimelineReaderStrategy(tokenDelegationSupported(), configuration, z, i);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Using " + timelineReaderStrategy.getClass().getName() + " to read timeline data");
        }
        return timelineReaderStrategy;
    }

    private static TimelineReaderStrategy getTimelineReaderStrategy(boolean z, Configuration configuration, boolean z2, int i) {
        return z ? new TimelineReaderTokenAuthenticatedStrategy(configuration, z2, i) : new TimelineReaderPseudoAuthenticatedStrategy(configuration, z2, i);
    }

    public static boolean isTimelineClientSupported() {
        return !UserGroupInformation.isSecurityEnabled() || tokenDelegationSupported();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ConnectionConfigurator getNewConnectionConf(Configuration configuration, boolean z, final int i) {
        ConnectionConfigurator connectionConfigurator = null;
        if (z) {
            try {
                connectionConfigurator = getNewSSLConnectionConf(configuration, i);
            } catch (IOException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Cannot load customized ssl related configuration. Falling back to system-generic settings.", e);
                }
            }
        }
        if (connectionConfigurator == null) {
            connectionConfigurator = new ConnectionConfigurator() { // from class: org.apache.tez.dag.api.client.TimelineReaderFactory.1
                public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                    TimelineReaderFactory.setTimeouts(httpURLConnection, i);
                    return httpURLConnection;
                }
            };
        }
        return connectionConfigurator;
    }

    private static ConnectionConfigurator getNewSSLConnectionConf(Configuration configuration, final int i) throws IOException {
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, configuration);
        try {
            sSLFactory.init();
            final SSLSocketFactory createSSLSocketFactory = sSLFactory.createSSLSocketFactory();
            final HostnameVerifier hostnameVerifier = sSLFactory.getHostnameVerifier();
            return new ConnectionConfigurator() { // from class: org.apache.tez.dag.api.client.TimelineReaderFactory.2
                public HttpURLConnection configure(HttpURLConnection httpURLConnection) throws IOException {
                    if (!(httpURLConnection instanceof HttpsURLConnection)) {
                        throw new IOException("Expected https connection");
                    }
                    HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
                    httpsURLConnection.setSSLSocketFactory(createSSLSocketFactory);
                    httpsURLConnection.setHostnameVerifier(hostnameVerifier);
                    TimelineReaderFactory.setTimeouts(httpsURLConnection, i);
                    return httpsURLConnection;
                }
            };
        } catch (GeneralSecurityException e) {
            sSLFactory.destroy();
            throw new IOException("Failed to initialize ssl factory");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setTimeouts(HttpURLConnection httpURLConnection, int i) {
        httpURLConnection.setConnectTimeout(i);
        httpURLConnection.setReadTimeout(i);
    }

    private static synchronized boolean tokenDelegationSupported() {
        if (!isTokenDelegationSupportChecksDone) {
            isTokenDelegationSupportChecksDone = true;
            try {
                ReflectionUtils.getClazz(KERBEROS_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME);
                ReflectionUtils.getClazz(PSEUDO_DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME);
                delegationTokenAuthenticatorClazz = ReflectionUtils.getClazz(DELEGATION_TOKEN_AUTHENTICATOR_CLAZZ_NAME);
                delegationTokenAuthenticateURLOpenConnectionMethod = ReflectionUtils.getMethod(ReflectionUtils.getClazz(DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME), "openConnection", URL.class, ReflectionUtils.getClazz(DELEGATION_TOKEN_AUTHENTICATED_URL_TOKEN_CLASS_NAME), String.class);
                isTokenDelegationClassesPresent = true;
            } catch (TezUncheckedException e) {
                LOG.info("Could not find class required for token delegation, will fallback to pseudo auth");
            }
        }
        return isTokenDelegationClassesPresent;
    }
}
