package co.cask.cdap.common.security;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.Constants;
import co.cask.cdap.common.discovery.EndpointStrategy;
import co.cask.cdap.common.discovery.RandomEndpointStrategy;
import co.cask.cdap.common.http.DefaultHttpRequestConfig;
import co.cask.common.http.HttpRequest;
import co.cask.common.http.HttpRequestConfig;
import co.cask.common.http.HttpRequests;
import co.cask.common.http.HttpResponse;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.gson.Gson;
import com.google.inject.Inject;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.twill.discovery.Discoverable;
import org.apache.twill.discovery.DiscoveryServiceClient;
import org.apache.twill.filesystem.Location;
import org.apache.twill.filesystem.LocationFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/cdap-common-4.0.0.jar:co/cask/cdap/common/security/RemoteUGIProvider.class */
public class RemoteUGIProvider extends AbstractCachedUGIProvider {
    private static final Logger LOG = LoggerFactory.getLogger(RemoteUGIProvider.class);
    private static final Gson GSON = new Gson();
    private final Supplier<EndpointStrategy> endpointStrategySupplier;
    private final LocationFactory locationFactory;
    private final HttpRequestConfig httpRequestConfig;

    @Inject
    RemoteUGIProvider(CConfiguration cConfiguration, final DiscoveryServiceClient discoveryServiceClient, LocationFactory locationFactory) {
        super(cConfiguration);
        this.endpointStrategySupplier = Suppliers.memoize(new Supplier<EndpointStrategy>() { // from class: co.cask.cdap.common.security.RemoteUGIProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.common.base.Supplier
            public EndpointStrategy get() {
                return new RandomEndpointStrategy(discoveryServiceClient.discover(Constants.Service.APP_FABRIC_HTTP));
            }
        });
        this.locationFactory = locationFactory;
        this.httpRequestConfig = new DefaultHttpRequestConfig(false);
    }

    @Override // co.cask.cdap.common.security.AbstractCachedUGIProvider
    protected UserGroupInformation createUGI(ImpersonationInfo impersonationInfo) throws IOException {
        String responseBodyAsString = executeRequest(impersonationInfo).getResponseBodyAsString();
        LOG.debug("Received response: {}", responseBodyAsString);
        Location create = this.locationFactory.create(URI.create(responseBodyAsString));
        try {
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(impersonationInfo.getPrincipal());
            createRemoteUser.addCredentials(readCredentials(create));
            return createRemoteUser;
        } finally {
            try {
                if (!create.delete()) {
                    LOG.warn("Failed to delete location: {}", create);
                }
            } catch (IOException e) {
                LOG.warn("Exception raised when deleting location {}", create, e);
            }
        }
    }

    private URL resolve(String str) throws IOException {
        Discoverable pick = this.endpointStrategySupplier.get().pick(3L, TimeUnit.SECONDS);
        if (pick == null) {
            throw new IOException(String.format("Cannot discover service %s", Constants.Service.APP_FABRIC_HTTP));
        }
        InetSocketAddress socketAddress = pick.getSocketAddress();
        return URI.create(String.format("%s%s:%d", Arrays.equals(Constants.Security.SSL_URI_SCHEME.getBytes(), pick.getPayload()) ? Constants.Security.SSL_URI_SCHEME : Constants.Security.URI_SCHEME, socketAddress.getHostName(), Integer.valueOf(socketAddress.getPort()))).resolve("/v1/" + str).toURL();
    }

    private HttpResponse executeRequest(ImpersonationInfo impersonationInfo) throws IOException {
        URL resolve = resolve("impersonation/credentials");
        HttpResponse execute = HttpRequests.execute(HttpRequest.post(resolve).withBody(GSON.toJson(impersonationInfo)).build(), this.httpRequestConfig);
        if (execute.getResponseCode() == 200) {
            return execute;
        }
        throw new IOException(String.format("%s Response: %s.", createErrorMessage(resolve), execute));
    }

    private static String createErrorMessage(URL url) {
        return String.format("Error making request to AppFabric Service at %s.", url);
    }

    private static Credentials readCredentials(Location location) throws IOException {
        Credentials credentials = new Credentials();
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(location.getInputStream()));
        Throwable th = null;
        try {
            try {
                credentials.readTokenStorageStream(dataInputStream);
                if (dataInputStream != null) {
                    if (0 != 0) {
                        try {
                            dataInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataInputStream.close();
                    }
                }
                LOG.debug("Read credentials from {}", location);
                return credentials;
            } finally {
            }
        } catch (Throwable th3) {
            if (dataInputStream != null) {
                if (th != null) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            throw th3;
        }
    }
}
