package org.apache.ranger.raz.hook.abfs;

import java.io.IOException;
import java.net.URI;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azurebfs.extensions.BoundDTExtension;
import org.apache.hadoop.fs.azurebfs.extensions.CustomDelegationTokenManager;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRazClient;
import org.apache.ranger.raz.intg.client.RangerRazClientLogger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/hook/abfs/RazDelegationTokenManager.class */
public class RazDelegationTokenManager implements CustomDelegationTokenManager, BoundDTExtension {
    private static final Logger LOG = LoggerFactory.getLogger(RazDelegationTokenManager.class);
    public static final String ADLS_CONFIG_PREFIX = "fs.azure.ext.raz.prefix";
    public static final String ADLS_CONFIG_PREFIX_DEFAULT = "fs.azure.ext.raz.";
    public static final String CANONICAL_SERVICE_NAME_STRATEGY = "canonical-service-name-strategy";
    public static final String CANONICAL_SERVICE_NAME_STRATEGY_ACCOUNT_ONLY = "ACCOUNT_ONLY";
    public static final String CANONICAL_SERVICE_NAME_STRATEGY_ACCOUNT_AND_CONTAINER = "ACCOUNT_AND_CONTAINER";
    public static final String CANONICAL_SERVICE_NAME_STRATEGY_DEFAULT = "ACCOUNT_ONLY";
    private RangerRazClient rangerRazClient;
    private String canonicalServiceName;
    private String canonicalServiceNameStrategy;

    public void initialize(Configuration configuration) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RazDelegationTokenManager.initialize()");
        }
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        if (currentUser == null) {
            RangerRazClientLogger.error(LOG, "RazDelegationTokenManager(): {}", "No user is logged in");
            throw new IOException("RazDelegationTokenManager initialization failed: No user is logged in");
        }
        String str = configuration.get("fs.azure.ext.raz.prefix", "fs.azure.ext.raz.");
        configuration.set("ranger.raz.client.prefix", str);
        this.canonicalServiceNameStrategy = configuration.get(str + "canonical-service-name-strategy", "ACCOUNT_ONLY");
        if (LOG.isDebugEnabled()) {
            LOG.debug("RazDelegationTokenManager.initialize(): configPrefix=[{}]", str);
        }
        this.rangerRazClient = RangerRazClient.getInstance(configuration, currentUser);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RazDelegationTokenManager.initialize()");
        }
    }

    public Token<DelegationTokenIdentifier> getDelegationToken(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RazDelegationTokenManager.getDelegationToken({})", str);
        }
        Token<DelegationTokenIdentifier> token = new Token<>();
        Object obj = null;
        try {
            String delegationToken = this.rangerRazClient.getDelegationToken(str);
            token.decodeFromUrlString(delegationToken);
            if (StringUtils.isNotBlank(delegationToken)) {
                obj = "********";
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RazDelegationTokenManager.getDelegationToken({}): ret={}", str, obj);
            }
            return token;
        } catch (RangerRazException e) {
            RangerRazClientLogger.error(LOG, "failed to get delegation token", e);
            throw new IOException((Throwable) e);
        }
    }

    public long renewDelegationToken(Token<?> token) throws IOException {
        Object obj = null;
        String encodeToUrlString = token.encodeToUrlString();
        if (StringUtils.isNotBlank(encodeToUrlString)) {
            obj = "********";
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RazDelegationTokenManager.renewDelegationToken({})", obj);
        }
        try {
            long longValue = this.rangerRazClient.renewDelegationToken(encodeToUrlString).longValue();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RazDelegationTokenManager.renewDelegationToken(): ret={}", Long.valueOf(longValue));
            }
            return longValue;
        } catch (RangerRazException e) {
            RangerRazClientLogger.error(LOG, "failed to renew delegation token", e);
            throw new IOException((Throwable) e);
        }
    }

    public void cancelDelegationToken(Token<?> token) throws IOException {
        Object obj = null;
        String encodeToUrlString = token.encodeToUrlString();
        if (StringUtils.isNotBlank(encodeToUrlString)) {
            obj = "********";
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RazDelegationTokenManager.cancelDelegationToken({})", obj);
        }
        try {
            this.rangerRazClient.cancelDelegationToken(encodeToUrlString);
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RazDelegationTokenManager.cancelDelegationToken()");
            }
        } catch (RangerRazException e) {
            RangerRazClientLogger.error(LOG, "failed to cancel delegation token", e);
            throw new IOException((Throwable) e);
        }
    }

    public void close() throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>> RazDelegationTokenManager.close(): Nothing to clean related to Delegation token.");
        }
    }

    public void bind(URI uri, Configuration configuration) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>> RazDelegationTokenManager.bind({}, {})", uri, configuration);
        }
        if ("ACCOUNT_AND_CONTAINER".equalsIgnoreCase(this.canonicalServiceNameStrategy)) {
            this.canonicalServiceName = uri.toString();
        } else {
            this.canonicalServiceName = "abfs://" + uri.getHost() + "/";
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<<=== RazDelegationTokenManager.bind(): setting this.canonicalServiceName={}", this.canonicalServiceName);
        }
    }

    public String getCanonicalServiceName() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("===>> RazDelegationTokenManager.getCanonicalServiceName()");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<<=== RazDelegationTokenManager.getCanonicalServiceName(): ret={}", this.canonicalServiceName);
        }
        return this.canonicalServiceName;
    }
}
