package org.apache.hadoop.security.token.delegation.web;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URL;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Public
@InterfaceStability.Unstable
/* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.9-SNAPSHOT.jar:org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.class */
public class DelegationTokenAuthenticatedURL extends AuthenticatedURL {
    static final String DO_AS = "doAs";
    private boolean useQueryStringforDelegationToken;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DelegationTokenAuthenticatedURL.class);
    private static Class<? extends DelegationTokenAuthenticator> DEFAULT_AUTHENTICATOR = KerberosDelegationTokenAuthenticator.class;

    @InterfaceAudience.Public
    @InterfaceStability.Unstable
    /* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.9-SNAPSHOT.jar:org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL$Token.class */
    public static class Token extends AuthenticatedURL.Token {
        private org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> delegationToken;

        public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken() {
            return this.delegationToken;
        }

        public void setDelegationToken(org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> token) {
            this.delegationToken = token;
        }
    }

    public static void setDefaultDelegationTokenAuthenticator(Class<? extends DelegationTokenAuthenticator> cls) {
        DEFAULT_AUTHENTICATOR = cls;
    }

    public static Class<? extends DelegationTokenAuthenticator> getDefaultDelegationTokenAuthenticator() {
        return DEFAULT_AUTHENTICATOR;
    }

    private static DelegationTokenAuthenticator obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator delegationTokenAuthenticator, ConnectionConfigurator connectionConfigurator) {
        if (delegationTokenAuthenticator == null) {
            try {
                delegationTokenAuthenticator = DEFAULT_AUTHENTICATOR.newInstance();
                delegationTokenAuthenticator.setConnectionConfigurator(connectionConfigurator);
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        }
        return delegationTokenAuthenticator;
    }

    public DelegationTokenAuthenticatedURL() {
        this(null, null);
    }

    public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator delegationTokenAuthenticator) {
        this(delegationTokenAuthenticator, null);
    }

    public DelegationTokenAuthenticatedURL(ConnectionConfigurator connectionConfigurator) {
        this(null, connectionConfigurator);
    }

    public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator delegationTokenAuthenticator, ConnectionConfigurator connectionConfigurator) {
        super(obtainDelegationTokenAuthenticator(delegationTokenAuthenticator, connectionConfigurator), connectionConfigurator);
        this.useQueryStringforDelegationToken = false;
    }

    @Deprecated
    protected void setUseQueryStringForDelegationToken(boolean z) {
        this.useQueryStringforDelegationToken = z;
    }

    public boolean useQueryStringForDelegationToken() {
        return this.useQueryStringforDelegationToken;
    }

    @Override // org.apache.hadoop.security.authentication.client.AuthenticatedURL
    public HttpURLConnection openConnection(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException {
        return token instanceof Token ? openConnection(url, (Token) token) : super.openConnection(url, token);
    }

    public HttpURLConnection openConnection(URL url, Token token) throws IOException, AuthenticationException {
        return openConnection(url, token, null);
    }

    private URL augmentURL(URL url, Map<String, String> map) throws IOException {
        if (map != null && map.size() > 0) {
            String externalForm = url.toExternalForm();
            StringBuilder sb = new StringBuilder(externalForm);
            String str = externalForm.contains(Expression.POSITIONAL_PARAMETER) ? "&" : Expression.POSITIONAL_PARAMETER;
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append(str).append(entry.getKey()).append("=").append(entry.getValue());
                str = "&";
            }
            url = new URL(sb.toString());
        }
        return url;
    }

    public HttpURLConnection openConnection(URL url, Token token, String str) throws IOException, AuthenticationException {
        Preconditions.checkNotNull(url, "url");
        Preconditions.checkNotNull(token, "token");
        HashMap hashMap = new HashMap();
        org.apache.hadoop.security.token.Token<? extends TokenIdentifier> token2 = null;
        LOG.debug("Connecting to url {} with token {} as {}", url, token, str);
        if (!token.isSet()) {
            Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Token not set, looking for delegation token. Creds:{}, size:{}", credentials.getAllTokens(), Integer.valueOf(credentials.numberOfTokens()));
            }
            if (!credentials.getAllTokens().isEmpty()) {
                token2 = selectDelegationToken(url, credentials);
                if (token2 != null) {
                    if (useQueryStringForDelegationToken()) {
                        hashMap.put("delegation", token2.encodeToUrlString());
                    } else {
                        token.delegationToken = token2;
                    }
                }
            }
        }
        if (str != null) {
            hashMap.put(DO_AS, URLEncoder.encode(str, "UTF-8"));
        }
        HttpURLConnection openConnection = super.openConnection(augmentURL(url, hashMap), (AuthenticatedURL.Token) token);
        if (!token.isSet() && !useQueryStringForDelegationToken() && token2 != null) {
            openConnection.setRequestProperty(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER, token2.encodeToUrlString());
        }
        return openConnection;
    }

    @InterfaceAudience.Private
    public org.apache.hadoop.security.token.Token<? extends TokenIdentifier> selectDelegationToken(URL url, Credentials credentials) {
        Text buildTokenService = SecurityUtil.buildTokenService(new InetSocketAddress(url.getHost(), url.getPort()));
        org.apache.hadoop.security.token.Token<? extends TokenIdentifier> token = credentials.getToken(buildTokenService);
        LOG.debug("Using delegation token {} from service:{}", token, buildTokenService);
        return token;
    }

    public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, Token token, String str) throws IOException, AuthenticationException {
        return getDelegationToken(url, token, str, null);
    }

    public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, Token token, String str, String str2) throws IOException, AuthenticationException {
        Preconditions.checkNotNull(url, "url");
        Preconditions.checkNotNull(token, "token");
        try {
            token.delegationToken = ((KerberosDelegationTokenAuthenticator) getAuthenticator()).getDelegationToken(url, token, str, str2);
            return token.delegationToken;
        } catch (IOException e) {
            token.delegationToken = null;
            throw e;
        }
    }

    public long renewDelegationToken(URL url, Token token) throws IOException, AuthenticationException {
        return renewDelegationToken(url, token, null);
    }

    public long renewDelegationToken(URL url, Token token, String str) throws IOException, AuthenticationException {
        Preconditions.checkNotNull(url, "url");
        Preconditions.checkNotNull(token, "token");
        Preconditions.checkNotNull(token.delegationToken, "No delegation token available");
        try {
            return ((KerberosDelegationTokenAuthenticator) getAuthenticator()).renewDelegationToken(url, token, token.delegationToken, str);
        } catch (IOException e) {
            token.delegationToken = null;
            throw e;
        }
    }

    public void cancelDelegationToken(URL url, Token token) throws IOException {
        cancelDelegationToken(url, token, null);
    }

    public void cancelDelegationToken(URL url, Token token, String str) throws IOException {
        Preconditions.checkNotNull(url, "url");
        Preconditions.checkNotNull(token, "token");
        Preconditions.checkNotNull(token.delegationToken, "No delegation token available");
        try {
            ((KerberosDelegationTokenAuthenticator) getAuthenticator()).cancelDelegationToken(url, token, token.delegationToken, str);
            token.delegationToken = null;
        } catch (Throwable th) {
            token.delegationToken = null;
            throw th;
        }
    }
}
