package org.apache.nifi.processors.hadoop;

import java.io.File;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.compress.CompressionCodec;
import org.apache.hadoop.io.compress.CompressionCodecFactory;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslPlainServer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.nifi.annotation.behavior.RequiresInstanceClassLoading;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.hadoop.KerberosProperties;
import org.apache.nifi.hadoop.SecurityUtil;
import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessorInitializationContext;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.krb.KerberosKeytabUser;
import org.apache.nifi.security.krb.KerberosPasswordUser;
import org.apache.nifi.security.krb.KerberosUser;

@RequiresInstanceClassLoading(cloneAncestorResources = true)
/* loaded from: input_file:org/apache/nifi/processors/hadoop/AbstractHadoopProcessor.class */
public abstract class AbstractHadoopProcessor extends AbstractProcessor {
    private static final String ALLOW_EXPLICIT_KEYTAB = "NIFI_ALLOW_EXPLICIT_KEYTAB";
    public static final String ABSOLUTE_HDFS_PATH_ATTRIBUTE = "absolute.hdfs.path";
    protected KerberosProperties kerberosProperties;
    protected List<PropertyDescriptor> properties;
    private volatile File kerberosConfigFile = null;
    private final AtomicReference<HdfsResources> hdfsResources = new AtomicReference<>();
    private final AtomicReference<ValidationResources> validationResourceHolder = new AtomicReference<>();
    private static final String DENY_LFS_ACCESS = "NIFI_HDFS_DENY_LOCAL_FILE_SYSTEM_ACCESS";
    private static final String DENY_LFS_EXPLANATION = String.format("LFS Access Denied according to Environment Variable [%s]", DENY_LFS_ACCESS);
    private static final Pattern LOCAL_FILE_SYSTEM_URI = Pattern.compile("^file:.*");
    public static final PropertyDescriptor HADOOP_CONFIGURATION_RESOURCES = new PropertyDescriptor.Builder().name("Hadoop Configuration Resources").description("A file or comma separated list of files which contains the Hadoop file system configuration. Without this, Hadoop will search the classpath for a 'core-site.xml' and 'hdfs-site.xml' file or will revert to a default configuration. To use swebhdfs, see 'Additional Details' section of PutHDFS's documentation.").required(false).addValidator(HadoopValidators.ONE_OR_MORE_FILE_EXISTS_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor DIRECTORY = new PropertyDescriptor.Builder().name("Directory").description("The HDFS directory from which files should be read").required(true).addValidator(StandardValidators.ATTRIBUTE_EXPRESSION_LANGUAGE_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).build();
    public static final PropertyDescriptor COMPRESSION_CODEC = new PropertyDescriptor.Builder().name("Compression codec").required(true).allowableValues(CompressionType.allowableValues()).defaultValue(CompressionType.NONE.toString()).build();
    public static final PropertyDescriptor KERBEROS_RELOGIN_PERIOD = new PropertyDescriptor.Builder().name("Kerberos Relogin Period").required(false).description("Period of time which should pass before attempting a kerberos relogin.\n\nThis property has been deprecated, and has no effect on processing. Relogins now occur automatically.").defaultValue("4 hours").addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor ADDITIONAL_CLASSPATH_RESOURCES = new PropertyDescriptor.Builder().name("Additional Classpath Resources").description("A comma-separated list of paths to files and/or directories that will be added to the classpath and used for loading native libraries. When specifying a directory, all files with in the directory will be added to the classpath, but further sub-directories will not be included.").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).dynamicallyModifiesClasspath(true).build();
    static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE = new PropertyDescriptor.Builder().name("kerberos-credentials-service").displayName("Kerberos Credentials Service").description("Specifies the Kerberos Credentials Controller Service that should be used for authenticating with Kerberos").identifiesControllerService(KerberosCredentialsService.class).required(false).build();
    private static final Object RESOURCES_LOCK = new Object();
    private static final HdfsResources EMPTY_HDFS_RESOURCES = new HdfsResources(null, null, null, null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/nifi/processors/hadoop/AbstractHadoopProcessor$ExtendedConfiguration.class */
    public static class ExtendedConfiguration extends Configuration {
        private final ComponentLog logger;
        private final Map<ClassLoader, Map<String, WeakReference<Class<?>>>> CACHE_CLASSES = new WeakHashMap();

        public ExtendedConfiguration(ComponentLog componentLog) {
            this.logger = componentLog;
        }

        public Class<?> getClassByNameOrNull(String str) {
            Map<String, WeakReference<Class<?>>> map;
            ClassLoader classLoader = getClassLoader();
            synchronized (this.CACHE_CLASSES) {
                map = this.CACHE_CLASSES.get(classLoader);
                if (map == null) {
                    map = Collections.synchronizedMap(new WeakHashMap());
                    this.CACHE_CLASSES.put(classLoader, map);
                }
            }
            Class<?> cls = null;
            WeakReference<Class<?>> weakReference = map.get(str);
            if (weakReference != null) {
                cls = weakReference.get();
            }
            if (cls != null) {
                return cls;
            }
            try {
                Class<?> cls2 = Class.forName(str, true, classLoader);
                map.put(str, new WeakReference<>(cls2));
                return cls2;
            } catch (ClassNotFoundException e) {
                this.logger.error(e.getMessage(), e);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/nifi/processors/hadoop/AbstractHadoopProcessor$HdfsResources.class */
    public static class HdfsResources {
        private final Configuration configuration;
        private final FileSystem fileSystem;
        private final UserGroupInformation userGroupInformation;
        private final KerberosUser kerberosUser;

        public HdfsResources(Configuration configuration, FileSystem fileSystem, UserGroupInformation userGroupInformation, KerberosUser kerberosUser) {
            this.configuration = configuration;
            this.fileSystem = fileSystem;
            this.userGroupInformation = userGroupInformation;
            this.kerberosUser = kerberosUser;
        }

        public Configuration getConfiguration() {
            return this.configuration;
        }

        public FileSystem getFileSystem() {
            return this.fileSystem;
        }

        public UserGroupInformation getUserGroupInformation() {
            return this.userGroupInformation;
        }

        public KerberosUser getKerberosUser() {
            return this.kerberosUser;
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/hadoop/AbstractHadoopProcessor$ValidationResources.class */
    protected static class ValidationResources {
        private final String configResources;
        private final Configuration configuration;

        public ValidationResources(String str, Configuration configuration) {
            this.configResources = str;
            this.configuration = configuration;
        }

        public String getConfigResources() {
            return this.configResources;
        }

        public Configuration getConfiguration() {
            return this.configuration;
        }
    }

    protected void init(ProcessorInitializationContext processorInitializationContext) {
        this.hdfsResources.set(EMPTY_HDFS_RESOURCES);
        this.kerberosConfigFile = processorInitializationContext.getKerberosConfigurationFile();
        this.kerberosProperties = getKerberosProperties(this.kerberosConfigFile);
        ArrayList arrayList = new ArrayList();
        arrayList.add(HADOOP_CONFIGURATION_RESOURCES);
        arrayList.add(KERBEROS_CREDENTIALS_SERVICE);
        arrayList.add(this.kerberosProperties.getKerberosPrincipal());
        arrayList.add(this.kerberosProperties.getKerberosKeytab());
        arrayList.add(this.kerberosProperties.getKerberosPassword());
        arrayList.add(KERBEROS_RELOGIN_PERIOD);
        arrayList.add(ADDITIONAL_CLASSPATH_RESOURCES);
        this.properties = Collections.unmodifiableList(arrayList);
    }

    protected KerberosProperties getKerberosProperties(File file) {
        return new KerberosProperties(file);
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return this.properties;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        String principal;
        String keytab;
        String value = validationContext.getProperty(HADOOP_CONFIGURATION_RESOURCES).evaluateAttributeExpressions().getValue();
        String value2 = validationContext.getProperty(this.kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
        String value3 = validationContext.getProperty(this.kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
        String value4 = validationContext.getProperty(this.kerberosProperties.getKerberosPassword()).getValue();
        KerberosCredentialsService asControllerService = validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
        if (asControllerService == null) {
            principal = value2;
            keytab = value3;
        } else {
            principal = asControllerService.getPrincipal();
            keytab = asControllerService.getKeytab();
        }
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isBlank(value)) {
            return arrayList;
        }
        try {
            ValidationResources validationResources = this.validationResourceHolder.get();
            if (validationResources == null || !value.equals(validationResources.getConfigResources())) {
                getLogger().debug("Reloading validation resources");
                ExtendedConfiguration extendedConfiguration = new ExtendedConfiguration(getLogger());
                extendedConfiguration.setClassLoader(Thread.currentThread().getContextClassLoader());
                validationResources = new ValidationResources(value, getConfigurationFromResources(extendedConfiguration, value));
                this.validationResourceHolder.set(validationResources);
            }
            Configuration configuration = validationResources.getConfiguration();
            arrayList.addAll(KerberosProperties.validatePrincipalWithKeytabOrPassword(getClass().getSimpleName(), configuration, principal, keytab, value4, getLogger()));
            if (isFileSystemAccessDenied(FileSystem.getDefaultUri(configuration))) {
                arrayList.add(new ValidationResult.Builder().valid(false).subject("Hadoop File System").explanation(DENY_LFS_EXPLANATION).build());
            }
        } catch (IOException e) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject("Hadoop Configuration Resources").explanation("Could not load Hadoop Configuration resources due to: " + e).build());
        }
        if (asControllerService != null && (value2 != null || value3 != null || value4 != null)) {
            arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("Cannot specify a Kerberos Credentials Service while also specifying a Kerberos Principal, Kerberos Keytab, or Kerberos Password").build());
        }
        if (!isAllowExplicitKeytab() && value3 != null) {
            arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("The 'NIFI_ALLOW_EXPLICIT_KEYTAB' system environment variable is configured to forbid explicitly configuring Kerberos Keytab in processors. The Kerberos Credentials Service should be used instead of setting the Kerberos Keytab or Kerberos Principal property.").build());
        }
        return arrayList;
    }

    @OnScheduled
    public final void abstractOnScheduled(ProcessContext processContext) throws IOException {
        try {
            if (this.hdfsResources.get().getConfiguration() == null) {
                this.hdfsResources.set(resetHDFSResources(processContext.getProperty(HADOOP_CONFIGURATION_RESOURCES).evaluateAttributeExpressions().getValue(), processContext));
            }
        } catch (Exception e) {
            getLogger().error("HDFS Configuration error - {}", new Object[]{e});
            this.hdfsResources.set(EMPTY_HDFS_RESOURCES);
            throw e;
        }
    }

    @OnStopped
    public final void abstractOnStopped() {
        HdfsResources hdfsResources = this.hdfsResources.get();
        if (hdfsResources != null) {
            FileSystem fileSystem = hdfsResources.getFileSystem();
            try {
                try {
                    interruptStatisticsThread(fileSystem);
                    if (fileSystem != null) {
                        try {
                            fileSystem.close();
                        } catch (IOException e) {
                            getLogger().warn("Error close FileSystem: " + e.getMessage(), e);
                        }
                    }
                } catch (Throwable th) {
                    if (fileSystem != null) {
                        try {
                            fileSystem.close();
                        } catch (IOException e2) {
                            getLogger().warn("Error close FileSystem: " + e2.getMessage(), e2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                getLogger().warn("Error stopping FileSystem statistics thread: " + e3.getMessage());
                getLogger().debug("", e3);
                if (fileSystem != null) {
                    try {
                        fileSystem.close();
                    } catch (IOException e4) {
                        getLogger().warn("Error close FileSystem: " + e4.getMessage(), e4);
                    }
                }
            }
            UserGroupInformation.setConfiguration(new Configuration());
            Configuration configuration = hdfsResources.getConfiguration();
            if (configuration != null) {
                configuration.setClassLoader((ClassLoader) null);
            }
            Security.removeProvider(new SaslPlainServer.SecurityProvider().getName());
        }
        this.hdfsResources.set(EMPTY_HDFS_RESOURCES);
    }

    private void interruptStatisticsThread(FileSystem fileSystem) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = FileSystem.class.getDeclaredField("statistics");
        declaredField.setAccessible(true);
        Object obj = declaredField.get(fileSystem);
        if (obj == null || !(obj instanceof FileSystem.Statistics)) {
            return;
        }
        FileSystem.Statistics statistics = (FileSystem.Statistics) obj;
        Field declaredField2 = statistics.getClass().getDeclaredField("STATS_DATA_CLEANER");
        declaredField2.setAccessible(true);
        Object obj2 = declaredField2.get(statistics);
        if (obj2 == null || !(obj2 instanceof Thread)) {
            return;
        }
        try {
            ((Thread) obj2).interrupt();
        } catch (Exception e) {
            getLogger().warn("Error interrupting thread: " + e.getMessage(), e);
        }
    }

    private static Configuration getConfigurationFromResources(Configuration configuration, String str) throws IOException {
        boolean z = false;
        if (null != str) {
            for (String str2 : str.split(",")) {
                configuration.addResource(new Path(str2.trim()));
                z = true;
            }
        }
        if (!z) {
            String configuration2 = configuration.toString();
            String[] split = configuration2.substring(configuration2.indexOf(":") + 1).split(",");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = split[i];
                if (!str3.contains("default") && configuration.getResource(str3.trim()) != null) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (z) {
            return configuration;
        }
        throw new IOException("Could not find any of the " + HADOOP_CONFIGURATION_RESOURCES.getName() + " on the classpath");
    }

    HdfsResources resetHDFSResources(String str, ProcessContext processContext) throws IOException {
        UserGroupInformation loginSimple;
        KerberosKeytabUser kerberosKeytabUser;
        FileSystem fileSystemAsUser;
        ExtendedConfiguration extendedConfiguration = new ExtendedConfiguration(getLogger());
        extendedConfiguration.setClassLoader(Thread.currentThread().getContextClassLoader());
        getConfigurationFromResources(extendedConfiguration, str);
        preProcessConfiguration(extendedConfiguration, processContext);
        checkHdfsUriForTimeout(extendedConfiguration);
        extendedConfiguration.set(String.format("fs.%s.impl.disable.cache", FileSystem.getDefaultUri(extendedConfiguration).getScheme()), "true");
        synchronized (RESOURCES_LOCK) {
            if (SecurityUtil.isSecurityEnabled(extendedConfiguration)) {
                String value = processContext.getProperty(this.kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
                String value2 = processContext.getProperty(this.kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
                String value3 = processContext.getProperty(this.kerberosProperties.getKerberosPassword()).getValue();
                KerberosCredentialsService asControllerService = processContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
                if (asControllerService != null) {
                    value = asControllerService.getPrincipal();
                    value2 = asControllerService.getKeytab();
                }
                if (value2 != null) {
                    kerberosKeytabUser = new KerberosKeytabUser(value, value2);
                } else {
                    if (value3 == null) {
                        throw new IOException("Unable to authenticate with Kerberos, no keytab or password was provided");
                    }
                    kerberosKeytabUser = new KerberosPasswordUser(value, value3);
                }
                loginSimple = SecurityUtil.getUgiForKerberosUser(extendedConfiguration, kerberosKeytabUser);
            } else {
                extendedConfiguration.set("ipc.client.fallback-to-simple-auth-allowed", "true");
                extendedConfiguration.set(SecurityUtil.HADOOP_SECURITY_AUTHENTICATION, "simple");
                loginSimple = SecurityUtil.loginSimple(extendedConfiguration);
                kerberosKeytabUser = null;
            }
            fileSystemAsUser = getFileSystemAsUser(extendedConfiguration, loginSimple);
        }
        getLogger().debug("resetHDFSResources UGI [{}], KerberosUser [{}]", new Object[]{loginSimple, kerberosKeytabUser});
        Path workingDirectory = fileSystemAsUser.getWorkingDirectory();
        getLogger().info("Initialized a new HDFS File System with working dir: {} default block size: {} default replication: {} config: {}", new Object[]{workingDirectory, Long.valueOf(fileSystemAsUser.getDefaultBlockSize(workingDirectory)), Short.valueOf(fileSystemAsUser.getDefaultReplication(workingDirectory)), extendedConfiguration.toString()});
        return new HdfsResources(extendedConfiguration, fileSystemAsUser, loginSimple, kerberosKeytabUser);
    }

    protected void preProcessConfiguration(Configuration configuration, ProcessContext processContext) {
    }

    protected FileSystem getFileSystem(Configuration configuration) throws IOException {
        return FileSystem.get(configuration);
    }

    protected FileSystem getFileSystemAsUser(final Configuration configuration, UserGroupInformation userGroupInformation) throws IOException {
        try {
            return (FileSystem) userGroupInformation.doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.nifi.processors.hadoop.AbstractHadoopProcessor.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    return FileSystem.get(configuration);
                }
            });
        } catch (InterruptedException e) {
            throw new IOException("Unable to create file system: " + e.getMessage());
        }
    }

    protected void checkHdfsUriForTimeout(Configuration configuration) throws IOException {
        URI defaultUri = FileSystem.getDefaultUri(configuration);
        String authority = defaultUri.getAuthority();
        int port = defaultUri.getPort();
        if (authority == null || authority.isEmpty() || port < 0) {
            return;
        }
        InetSocketAddress createSocketAddr = NetUtils.createSocketAddr(authority, port);
        Socket socket = null;
        try {
            socket = NetUtils.getDefaultSocketFactory(configuration).createSocket();
            NetUtils.connect(socket, createSocketAddr, 1000);
            IOUtils.closeQuietly(socket);
        } catch (Throwable th) {
            IOUtils.closeQuietly(socket);
            throw th;
        }
    }

    protected CompressionCodec getCompressionCodec(ProcessContext processContext, Configuration configuration) {
        CompressionCodec compressionCodec = null;
        if (processContext.getProperty(COMPRESSION_CODEC).isSet()) {
            compressionCodec = new CompressionCodecFactory(configuration).getCodecByClassName(CompressionType.valueOf(processContext.getProperty(COMPRESSION_CODEC).getValue()).toString());
        }
        return compressionCodec;
    }

    public static String getPathDifference(Path path, Path path2) {
        int depth = path2.depth() - path.depth();
        if (depth <= 1) {
            return "".intern();
        }
        String name = path.getName();
        Path parent = path2.getParent();
        StringBuilder sb = new StringBuilder();
        sb.append(parent.getName());
        for (int i = depth - 3; i >= 0; i--) {
            parent = parent.getParent();
            String name2 = parent.getName();
            if (name2.equals(name) && parent.toString().endsWith(path.toString())) {
                break;
            }
            sb.insert(0, "/").insert(0, name2);
        }
        return sb.toString();
    }

    protected Configuration getConfiguration() {
        return this.hdfsResources.get().getConfiguration();
    }

    protected FileSystem getFileSystem() {
        return this.hdfsResources.get().getFileSystem();
    }

    protected UserGroupInformation getUserGroupInformation() {
        getLogger().trace("getting UGI instance");
        if (this.hdfsResources.get().getKerberosUser() != null) {
            KerberosUser kerberosUser = this.hdfsResources.get().getKerberosUser();
            getLogger().debug("kerberosUser is " + kerberosUser);
            try {
                getLogger().debug("checking TGT on kerberosUser " + kerberosUser);
                kerberosUser.checkTGTAndRelogin();
            } catch (LoginException e) {
                throw new ProcessException("Unable to relogin with kerberos credentials for " + kerberosUser.getPrincipal(), e);
            }
        } else {
            getLogger().debug("kerberosUser was null, will not refresh TGT with KerberosUser");
        }
        return this.hdfsResources.get().getUserGroupInformation();
    }

    boolean isAllowExplicitKeytab() {
        return Boolean.parseBoolean(System.getenv(ALLOW_EXPLICIT_KEYTAB));
    }

    boolean isLocalFileSystemAccessDenied() {
        return Boolean.parseBoolean(System.getenv(DENY_LFS_ACCESS));
    }

    private boolean isFileSystemAccessDenied(URI uri) {
        return isLocalFileSystemAccessDenied() ? LOCAL_FILE_SYSTEM_URI.matcher(uri.toString()).matches() : false;
    }
}
