package org.apache.hadoop.fs.azure;

import java.io.IOException;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.Validate;
import org.apache.hadoop.fs.azure.security.Constants;
import org.apache.hadoop.fs.azure.security.SpnegoToken;
import org.apache.hadoop.fs.azure.security.WasbDelegationTokenIdentifier;
import org.apache.hadoop.fs.azurebfs.constants.FileSystemConfigurations;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator;
import org.apache.http.NameValuePair;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-azure-3.3.4.jar:org/apache/hadoop/fs/azure/SecureWasbRemoteCallHelper.class */
public class SecureWasbRemoteCallHelper extends WasbRemoteCallHelper {
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecureWasbRemoteCallHelper.class);
    private static final String DELEGATION_TOKEN_QUERY_PARAM_NAME = "delegation";
    private Token<?> delegationToken;
    private boolean alwaysRequiresKerberosAuth;
    private boolean isSpnegoTokenCachingEnabled;
    private SpnegoToken spnegoToken;

    public SecureWasbRemoteCallHelper(RetryPolicy retryPolicy, boolean z, boolean z2) {
        super(retryPolicy);
        this.delegationToken = null;
        this.alwaysRequiresKerberosAuth = z;
        this.isSpnegoTokenCachingEnabled = z2;
    }

    @Override // org.apache.hadoop.fs.azure.WasbRemoteCallHelper
    public String makeRemoteRequest(final String[] strArr, final String str, final List<NameValuePair> list, final String str2) throws IOException {
        final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        UserGroupInformation realUser = currentUser.getRealUser();
        if (realUser != null) {
            list.add(new NameValuePair() { // from class: org.apache.hadoop.fs.azure.SecureWasbRemoteCallHelper.1
                @Override // org.apache.http.NameValuePair
                public String getName() {
                    return "doas";
                }

                @Override // org.apache.http.NameValuePair
                public String getValue() {
                    return currentUser.getShortUserName();
                }
            });
        } else {
            realUser = currentUser;
        }
        Token<?> delegationToken = getDelegationToken(currentUser);
        if (!this.alwaysRequiresKerberosAuth && delegationToken != null) {
            final String encodeToUrlString = delegationToken.encodeToUrlString();
            list.add(new NameValuePair() { // from class: org.apache.hadoop.fs.azure.SecureWasbRemoteCallHelper.2
                @Override // org.apache.http.NameValuePair
                public String getName() {
                    return "delegation";
                }

                @Override // org.apache.http.NameValuePair
                public String getValue() {
                    return encodeToUrlString;
                }
            });
        }
        if (delegationToken == null) {
            realUser.checkTGTAndReloginFromKeytab();
        }
        try {
            return (String) realUser.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.fs.azure.SecureWasbRemoteCallHelper.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() throws Exception {
                    return SecureWasbRemoteCallHelper.this.retryableRequest(strArr, str, list, str2);
                }
            });
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IOException(e.getMessage(), e);
        }
    }

    @Override // org.apache.hadoop.fs.azure.WasbRemoteCallHelper
    public HttpUriRequest getHttpRequest(String[] strArr, String str, List<NameValuePair> list, int i, String str2, boolean z) throws URISyntaxException, IOException {
        HttpRequestBase httpGet;
        AuthenticatedURL.Token token;
        URIBuilder parameters = new URIBuilder(strArr[i]).setPath(str).setParameters(list);
        if (parameters.getHost().equals(FileSystemConfigurations.AZURE_BLOCK_LOCATION_HOST_DEFAULT)) {
            parameters.setHost(InetAddress.getLocalHost().getCanonicalHostName());
        }
        boolean z2 = -1;
        switch (str2.hashCode()) {
            case 79599:
                if (str2.equals("PUT")) {
                    z2 = false;
                    break;
                }
                break;
            case 2461856:
                if (str2.equals("POST")) {
                    z2 = true;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                httpGet = new HttpPut(parameters.build());
                break;
            case true:
                httpGet = new HttpPost(parameters.build());
                break;
            default:
                httpGet = new HttpGet(parameters.build());
                break;
        }
        LOG.debug("SecureWasbRemoteCallHelper#getHttpRequest() {}", parameters.build().toURL());
        if (this.alwaysRequiresKerberosAuth || this.delegationToken == null) {
            KerberosDelegationTokenAuthenticator kerberosDelegationTokenAuthenticator = new KerberosDelegationTokenAuthenticator();
            try {
                if (!this.isSpnegoTokenCachingEnabled || z || this.spnegoToken == null || !this.spnegoToken.isTokenValid()) {
                    token = new AuthenticatedURL.Token();
                    kerberosDelegationTokenAuthenticator.authenticate(parameters.build().toURL(), token);
                    this.spnegoToken = new SpnegoToken(token);
                } else {
                    token = this.spnegoToken.getToken();
                }
                Validate.isTrue(token.isSet(), "Authenticated Token is NOT present. The request cannot proceed.", new Object[0]);
                httpGet.setHeader("Cookie", "hadoop.auth=" + token);
            } catch (AuthenticationException e) {
                throw new WasbRemoteCallException(Constants.AUTHENTICATION_FAILED_ERROR_MESSAGE, e);
            }
        }
        return httpGet;
    }

    private Token<?> getDelegationToken(UserGroupInformation userGroupInformation) throws IOException {
        if (this.delegationToken == null) {
            Token<? extends TokenIdentifier> token = null;
            Iterator<Token<? extends TokenIdentifier>> it = userGroupInformation.getTokens().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Token<? extends TokenIdentifier> next = it.next();
                if (next.getKind().equals(WasbDelegationTokenIdentifier.TOKEN_KIND)) {
                    token = next;
                    LOG.debug("{} token found in cache : {}", WasbDelegationTokenIdentifier.TOKEN_KIND, next);
                    break;
                }
            }
            LOG.debug("UGI Information: {}", userGroupInformation.toString());
            if (token != null) {
                LOG.debug("Using UGI token: {}", token);
                setDelegationToken(token);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Delegation token from cache - {}", this.delegationToken != null ? this.delegationToken.encodeToUrlString() : "null");
        }
        return this.delegationToken;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T extends TokenIdentifier> void setDelegationToken(Token<T> token) {
        synchronized (this) {
            this.delegationToken = token;
        }
    }
}
