package org.apache.hadoop.fs.azure.security;

import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azure.SecureWasbRemoteCallHelper;
import org.apache.hadoop.fs.azure.WasbRemoteCallHelper;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.io.retry.RetryUtils;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier;
import org.apache.http.client.utils.URIBuilder;

/* loaded from: input_file:WEB-INF/lib/hadoop-azure-3.3.4.jar:org/apache/hadoop/fs/azure/security/RemoteWasbDelegationTokenManager.class */
public class RemoteWasbDelegationTokenManager implements WasbDelegationTokenManager {
    public static final String KEY_DELEGATION_TOKEN_SERVICE_URLS = "fs.azure.delegation.token.service.urls";
    public static final String DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_ENABLED_KEY = "fs.azure.delegationtokenservice.http.retry.policy.enabled";
    public static final String DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_SPEC_KEY = "fs.azure.delegationtokenservice.http.retry.policy.spec";
    private static final String DEFAULT_DELEGATION_TOKEN_MANAGER_ENDPOINT = "/tokenmanager/v1";
    private static final String DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_SPEC_DEFAULT = "10,3,100,2";
    private static final boolean DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_ENABLED_DEFAULT = true;
    private static final Text WASB_DT_SERVICE_NAME = new Text("WASB_DT_SERVICE");
    private static final String GET_DELEGATION_TOKEN_OP = "GETDELEGATIONTOKEN";
    private static final String RENEW_DELEGATION_TOKEN_OP = "RENEWDELEGATIONTOKEN";
    private static final String CANCEL_DELEGATION_TOKEN_OP = "CANCELDELEGATIONTOKEN";
    private static final String OP_PARAM_KEY_NAME = "op";
    private static final String RENEWER_PARAM_KEY_NAME = "renewer";
    private static final String SERVICE_PARAM_KEY_NAME = "service";
    private static final String TOKEN_PARAM_KEY_NAME = "token";
    private WasbRemoteCallHelper remoteCallHelper;
    private String[] dtServiceUrls;
    private boolean isSpnegoTokenCacheEnabled;

    public RemoteWasbDelegationTokenManager(Configuration configuration) throws IOException {
        RetryPolicy multipleLinearRandomRetry = RetryUtils.getMultipleLinearRandomRetry(configuration, DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_ENABLED_KEY, true, DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_SPEC_KEY, DT_MANAGER_HTTP_CLIENT_RETRY_POLICY_SPEC_DEFAULT);
        this.isSpnegoTokenCacheEnabled = configuration.getBoolean(Constants.AZURE_ENABLE_SPNEGO_TOKEN_CACHE, true);
        this.remoteCallHelper = new SecureWasbRemoteCallHelper(multipleLinearRandomRetry, true, this.isSpnegoTokenCacheEnabled);
        this.dtServiceUrls = configuration.getTrimmedStrings(KEY_DELEGATION_TOKEN_SERVICE_URLS);
        if (this.dtServiceUrls == null || this.dtServiceUrls.length <= 0) {
            throw new IOException("fs.azure.delegation.token.service.urls config not set in configuration.");
        }
    }

    @Override // org.apache.hadoop.fs.azure.security.WasbDelegationTokenManager
    public Token<DelegationTokenIdentifier> getDelegationToken(String str) throws IOException {
        URIBuilder addParameter = new URIBuilder().setPath(DEFAULT_DELEGATION_TOKEN_MANAGER_ENDPOINT).addParameter("op", GET_DELEGATION_TOKEN_OP).addParameter("renewer", str).addParameter("service", WASB_DT_SERVICE_NAME.toString());
        return TokenUtils.toDelegationToken(JsonUtils.parse(this.remoteCallHelper.makeRemoteRequest(this.dtServiceUrls, addParameter.getPath(), addParameter.getQueryParams(), "GET")));
    }

    @Override // org.apache.hadoop.fs.azure.security.WasbDelegationTokenManager
    public long renewDelegationToken(Token<?> token) throws IOException {
        URIBuilder addParameter = new URIBuilder().setPath(DEFAULT_DELEGATION_TOKEN_MANAGER_ENDPOINT).addParameter("op", RENEW_DELEGATION_TOKEN_OP).addParameter("token", token.encodeToUrlString());
        return ((Number) JsonUtils.parse(this.remoteCallHelper.makeRemoteRequest(this.dtServiceUrls, addParameter.getPath(), addParameter.getQueryParams(), "PUT")).get(DelegationTokenAuthenticator.RENEW_DELEGATION_TOKEN_JSON)).longValue();
    }

    @Override // org.apache.hadoop.fs.azure.security.WasbDelegationTokenManager
    public void cancelDelegationToken(Token<?> token) throws IOException {
        URIBuilder addParameter = new URIBuilder().setPath(DEFAULT_DELEGATION_TOKEN_MANAGER_ENDPOINT).addParameter("op", CANCEL_DELEGATION_TOKEN_OP).addParameter("token", token.encodeToUrlString());
        this.remoteCallHelper.makeRemoteRequest(this.dtServiceUrls, addParameter.getPath(), addParameter.getQueryParams(), "PUT");
    }
}
