package org.apache.tez.common.security;

import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.tez.dag.api.TezConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Unstable
/* loaded from: input_file:org/apache/tez/common/security/TokenCache.class */
public class TokenCache {
    private static final int MAX_FS_OBJECTS = 10;
    private static final Logger LOG = LoggerFactory.getLogger(TokenCache.class);
    private static final Text SESSION_TOKEN = new Text("SessionToken");

    public static byte[] getSecretKey(Credentials credentials, Text text) {
        if (credentials == null) {
            return null;
        }
        return credentials.getSecretKey(text);
    }

    public static void obtainTokensForFileSystems(Credentials credentials, Path[] pathArr, Configuration configuration) throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            obtainTokensForFileSystemsInternal(credentials, pathArr, configuration);
        }
    }

    static void obtainTokensForFileSystemsInternal(Credentials credentials, Path[] pathArr, Configuration configuration) throws IOException {
        HashSet hashSet = new HashSet();
        boolean z = false;
        for (Path path : pathArr) {
            FileSystem fileSystem = path.getFileSystem(configuration);
            if (!z && hashSet.size() == 10) {
                LOG.warn("No of FileSystem objects exceeds {}, updating tokens for all paths. This can happen when fs.<scheme>.impl.disable.cache is set to true.", 10);
                z = true;
            }
            if (z) {
                obtainTokensForFileSystemsInternal(fileSystem, credentials, configuration);
            } else {
                hashSet.add(fileSystem);
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            obtainTokensForFileSystemsInternal((FileSystem) it.next(), credentials, configuration);
        }
    }

    static boolean isTokenRenewalExcluded(FileSystem fileSystem, Configuration configuration) {
        String[] strings = configuration.getStrings(TezConfiguration.TEZ_JOB_FS_SERVERS_TOKEN_RENEWAL_EXCLUDE);
        if (strings == null) {
            return false;
        }
        String host = fileSystem.getUri().getHost();
        for (String str : strings) {
            if (str.equals(host)) {
                return true;
            }
        }
        return false;
    }

    static void obtainTokensForFileSystemsInternal(FileSystem fileSystem, Credentials credentials, Configuration configuration) throws IOException {
        String str = "";
        if (!isTokenRenewalExcluded(fileSystem, configuration)) {
            str = Master.getMasterPrincipal(configuration);
            if (str == null || str.length() == 0) {
                throw new IOException("Can't get Master Kerberos principal for use as renewer");
            }
        }
        Token[] addDelegationTokens = fileSystem.addDelegationTokens(str, credentials);
        if (addDelegationTokens != null) {
            for (Token token : addDelegationTokens) {
                LOG.info("Got dt for " + fileSystem.getUri() + "; " + token);
            }
        }
    }

    @InterfaceAudience.Private
    public static void setSessionToken(Token<? extends TokenIdentifier> token, Credentials credentials) {
        credentials.addToken(SESSION_TOKEN, token);
    }

    @InterfaceAudience.Private
    public static Token<JobTokenIdentifier> getSessionToken(Credentials credentials) {
        Token<JobTokenIdentifier> token = credentials.getToken(SESSION_TOKEN);
        if (token == null) {
            return null;
        }
        return token;
    }

    @InterfaceAudience.Private
    public static void mergeBinaryTokens(Credentials credentials, Configuration configuration, String str) throws IOException {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("Invalid file path provided, tokenFilePath=" + str);
        }
        LOG.info("Merging additional tokens from binary file, binaryFileName=" + str);
        credentials.mergeAll(Credentials.readTokenStorageFile(new Path("file:///" + str), configuration));
    }
}
