package org.opensearch.repositories.hdfs;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.util.Locale;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.AbstractFileSystem;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.fs.UnsupportedFileSystemException;
import org.apache.hadoop.io.retry.FailoverProxyProvider;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.SpecialPermission;
import org.opensearch.cluster.metadata.RepositoryMetadata;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.Strings;
import org.opensearch.common.SuppressForbidden;
import org.opensearch.common.blobstore.BlobPath;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.unit.ByteSizeValue;
import org.opensearch.common.xcontent.NamedXContentRegistry;
import org.opensearch.env.Environment;
import org.opensearch.indices.recovery.RecoverySettings;
import org.opensearch.repositories.blobstore.BlobStoreRepository;

/* loaded from: input_file:org/opensearch/repositories/hdfs/HdfsRepository.class */
public final class HdfsRepository extends BlobStoreRepository {
    private static final Logger logger = LogManager.getLogger(HdfsRepository.class);
    private static final String CONF_SECURITY_PRINCIPAL = "security.principal";
    private final Environment environment;
    private final ByteSizeValue chunkSize;
    private final BlobPath basePath;
    private final URI uri;
    private final String pathSetting;

    public HdfsRepository(RepositoryMetadata repositoryMetadata, Environment environment, NamedXContentRegistry namedXContentRegistry, ClusterService clusterService, RecoverySettings recoverySettings) {
        super(repositoryMetadata, repositoryMetadata.settings().getAsBoolean("compress", false).booleanValue(), namedXContentRegistry, clusterService, recoverySettings);
        this.basePath = BlobPath.cleanPath();
        this.environment = environment;
        this.chunkSize = repositoryMetadata.settings().getAsBytesSize("chunk_size", (ByteSizeValue) null);
        String str = getMetadata().settings().get("uri");
        if (!Strings.hasText(str)) {
            throw new IllegalArgumentException("No 'uri' defined for hdfs snapshot/restore");
        }
        this.uri = URI.create(str);
        if (!"hdfs".equalsIgnoreCase(this.uri.getScheme())) {
            throw new IllegalArgumentException(String.format(Locale.ROOT, "Invalid scheme [%s] specified in uri [%s]; only 'hdfs' uri allowed for hdfs snapshot/restore", this.uri.getScheme(), str));
        }
        if (Strings.hasLength(this.uri.getPath()) && !this.uri.getPath().equals("/")) {
            throw new IllegalArgumentException(String.format(Locale.ROOT, "Use 'path' option to specify a path [%s], not the uri [%s] for hdfs snapshot/restore", this.uri.getPath(), str));
        }
        this.pathSetting = getMetadata().settings().get("path");
        if (this.pathSetting == null) {
            throw new IllegalArgumentException("No 'path' defined for hdfs snapshot/restore");
        }
    }

    private HdfsBlobStore createBlobstore(URI uri, String str, Settings settings) {
        Configuration configuration = new Configuration(settings.getAsBoolean("load_defaults", true).booleanValue());
        configuration.setClassLoader(HdfsRepository.class.getClassLoader());
        configuration.reloadConfiguration();
        Settings byPrefix = settings.getByPrefix("conf.");
        for (String str2 : byPrefix.keySet()) {
            logger.debug("Adding configuration to HDFS Client Configuration : {} = {}", str2, byPrefix.get(str2));
            configuration.set(str2, byPrefix.get(str2));
        }
        configuration.setBoolean("fs.hdfs.impl.disable.cache", true);
        UserGroupInformation login = login(configuration, settings);
        boolean z = configuration.getClass("dfs.client.failover.proxy.provider." + uri.getHost(), (Class) null, FailoverProxyProvider.class) != null;
        FileContext fileContext = (FileContext) login.doAs(() -> {
            try {
                return FileContext.getFileContext(AbstractFileSystem.get(uri, configuration), configuration);
            } catch (UnsupportedFileSystemException e) {
                throw new UncheckedIOException(e);
            }
        });
        logger.debug("Using file-system [{}] for URI [{}], path [{}]", fileContext.getDefaultFileSystem(), fileContext.getDefaultFileSystem().getUri(), str);
        try {
            return new HdfsBlobStore(fileContext, str, this.bufferSize, isReadOnly(), z);
        } catch (IOException e) {
            throw new UncheckedIOException(String.format(Locale.ROOT, "Cannot create HDFS repository for uri [%s]", uri), e);
        }
    }

    private UserGroupInformation login(Configuration configuration, Settings settings) {
        UserGroupInformation.AuthenticationMethod authenticationMethod = SecurityUtil.getAuthenticationMethod(configuration);
        if (!authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.SIMPLE) && !authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
            throw new RuntimeException("Unsupported authorization mode [" + authenticationMethod + "]");
        }
        String str = settings.get(CONF_SECURITY_PRINCIPAL);
        if (str != null && authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.SIMPLE)) {
            logger.warn("Hadoop authentication method is set to [SIMPLE], but a Kerberos principal is specified. Continuing with [KERBEROS] authentication.");
            SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        } else if (str == null && authenticationMethod.equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
            throw new RuntimeException("HDFS Repository does not support [KERBEROS] authentication without a valid Kerberos principal and keytab. Please specify a principal in the repository settings with [security.principal].");
        }
        UserGroupInformation.setConfiguration(configuration);
        logger.debug("Hadoop security enabled: [{}]", Boolean.valueOf(UserGroupInformation.isSecurityEnabled()));
        logger.debug("Using Hadoop authentication method: [{}]", SecurityUtil.getAuthenticationMethod(configuration));
        try {
            if (!UserGroupInformation.isSecurityEnabled()) {
                return UserGroupInformation.getCurrentUser();
            }
            String preparePrincipal = preparePrincipal(str);
            String path = HdfsSecurityContext.locateKeytabFile(this.environment).toString();
            logger.debug("Using kerberos principal [{}] and keytab located at [{}]", preparePrincipal, path);
            return UserGroupInformation.loginUserFromKeytabAndReturnUGI(preparePrincipal, path);
        } catch (IOException e) {
            throw new UncheckedIOException("Could not retrieve the current user information", e);
        }
    }

    private static String preparePrincipal(String str) {
        String str2 = str;
        if (str.contains("_HOST")) {
            try {
                str2 = SecurityUtil.getServerPrincipal(str, getHostName());
                if (!str.equals(str2)) {
                    logger.debug("Found service principal. Converted original principal name [{}] to server principal [{}]", str, str2);
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
        return str2;
    }

    @SuppressForbidden(reason = "InetAddress.getLocalHost(); Needed for filling in hostname for a kerberos principal name pattern.")
    private static String getHostName() {
        try {
            return InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            throw new RuntimeException("Could not locate host information", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: createBlobStore, reason: merged with bridge method [inline-methods] */
    public HdfsBlobStore m3createBlobStore() {
        SpecialPermission.check();
        return (HdfsBlobStore) AccessController.doPrivileged(() -> {
            return createBlobstore(this.uri, this.pathSetting, getMetadata().settings());
        });
    }

    public BlobPath basePath() {
        return this.basePath;
    }

    protected ByteSizeValue chunkSize() {
        return this.chunkSize;
    }
}
