package moe.dare.briareus.yarn.launch.credentials;

import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Collection;
import java.util.Comparator;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.locks.StampedLock;
import java.util.function.Supplier;
import java.util.stream.Stream;
import moe.dare.briareus.api.BriareusException;
import moe.dare.briareus.api.RemoteJvmOptions;
import moe.dare.briareus.common.concurrent.ThreadFactoryBuilder;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:moe/dare/briareus/yarn/launch/credentials/YarnRenewableCredentialsFactory.class */
public class YarnRenewableCredentialsFactory extends CredentialsFactoryBase {
    private static final Logger log = LoggerFactory.getLogger(YarnRenewableCredentialsFactory.class);
    private static final Duration MAX_TOKEN_VALIDITY_PERIOD = Duration.ofHours(11);
    private static final Duration MIN_TOKEN_VALIDITY_PERIOD = Duration.ofMinutes(5);
    private static final Duration TOKEN_MAX_TIME_VALIDITY_OFFSET = Duration.ofHours(1);
    private static final ThreadFactory THREAD_FACTORY = ThreadFactoryBuilder.withPrefix("Yarn-renewable-credentials-factory-thread-").deamon(true).build();
    private final ConcurrentMap<FsKey, CredentialsHolder> credentialsCache = new ConcurrentHashMap();
    private final ExecutorService executor = Executors.newCachedThreadPool(THREAD_FACTORY);
    private final Supplier<UserGroupInformation> user;
    private final Configuration conf;
    private final String rmPrincipal;
    private final Clock clock;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:moe/dare/briareus/yarn/launch/credentials/YarnRenewableCredentialsFactory$CredentialsHolder.class */
    public class CredentialsHolder {
        private final StampedLock lock;
        private final FsKey fsKey;
        private volatile Credentials credentials;
        private volatile Instant validTo;

        private CredentialsHolder(FsKey fsKey) {
            this.lock = new StampedLock();
            this.validTo = Instant.MIN;
            this.fsKey = fsKey;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Optional<Credentials> getCredentialsOptimistic() {
            return (isValid() && this.lock.validate(this.lock.tryOptimisticRead())) ? Optional.ofNullable(this.credentials) : Optional.empty();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Credentials getOrCreateCredentials() {
            Optional<Credentials> credentialsOptimistic = getCredentialsOptimistic();
            if (credentialsOptimistic.isPresent()) {
                return credentialsOptimistic.get();
            }
            long readLock = this.lock.readLock();
            try {
                if (isValid()) {
                    Credentials credentials = this.credentials;
                    this.lock.unlockRead(readLock);
                    return credentials;
                }
                this.lock.unlockRead(readLock);
                long writeLock = this.lock.writeLock();
                try {
                    if (!isValid()) {
                        createNewTokens();
                    }
                    Credentials credentials2 = this.credentials;
                    this.lock.unlockWrite(writeLock);
                    return credentials2;
                } catch (Throwable th) {
                    this.lock.unlockWrite(writeLock);
                    throw th;
                }
            } catch (Throwable th2) {
                this.lock.unlockRead(readLock);
                throw th2;
            }
        }

        private void createNewTokens() {
            Credentials credentials = new Credentials();
            ((UserGroupInformation) YarnRenewableCredentialsFactory.this.user.get()).doAs(() -> {
                try {
                    FileSystem newInstance = FileSystem.newInstance(this.fsKey.toFsUri(), YarnRenewableCredentialsFactory.this.conf);
                    Throwable th = null;
                    try {
                        try {
                            newInstance.addDelegationTokens(YarnRenewableCredentialsFactory.this.rmPrincipal, credentials);
                            if (newInstance != null) {
                                if (0 != 0) {
                                    try {
                                        newInstance.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    newInstance.close();
                                }
                            }
                            return null;
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    throw new BriareusException("Can't obtain delegation tokens for " + this.fsKey, e);
                }
            });
            Instant instant = YarnRenewableCredentialsFactory.this.clock.instant();
            Instant plus = instant.plus((TemporalAmount) YarnRenewableCredentialsFactory.MIN_TOKEN_VALIDITY_PERIOD);
            Instant plus2 = instant.plus((TemporalAmount) YarnRenewableCredentialsFactory.MAX_TOKEN_VALIDITY_PERIOD);
            Stream stream = credentials.getAllTokens().stream();
            YarnRenewableCredentialsFactory yarnRenewableCredentialsFactory = YarnRenewableCredentialsFactory.this;
            this.validTo = (Instant) stream.map(yarnRenewableCredentialsFactory::tokenMaxExpirationTime).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).min(Comparator.naturalOrder()).map(instant2 -> {
                return instant2.minus((TemporalAmount) YarnRenewableCredentialsFactory.TOKEN_MAX_TIME_VALIDITY_OFFSET);
            }).map(instant3 -> {
                return boundToRange(instant3, plus, plus2);
            }).orElse(plus2);
            this.credentials = credentials;
            YarnRenewableCredentialsFactory.log.info("Created new tokens for {}. Cached till {}", this.fsKey, this.validTo);
        }

        private Instant boundToRange(Instant instant, Instant instant2, Instant instant3) {
            return instant.isBefore(instant2) ? instant2 : instant.isAfter(instant3) ? instant3 : instant;
        }

        private boolean isValid() {
            return YarnRenewableCredentialsFactory.this.clock.instant().isBefore(this.validTo);
        }
    }

    public static CredentialsFactory create(Supplier<UserGroupInformation> supplier, Configuration configuration) {
        return create(supplier, configuration, Clock.systemUTC());
    }

    static CredentialsFactory create(Supplier<UserGroupInformation> supplier, Configuration configuration, Clock clock) {
        return new YarnRenewableCredentialsFactory(supplier, configuration, clock);
    }

    private YarnRenewableCredentialsFactory(Supplier<UserGroupInformation> supplier, Configuration configuration, Clock clock) {
        UserGroupInformation.AuthenticationMethod authenticationMethod;
        this.user = (Supplier) Objects.requireNonNull(supplier, "user");
        this.conf = (Configuration) Objects.requireNonNull(configuration, "conf");
        this.clock = (Clock) Objects.requireNonNull(clock, "clock");
        this.rmPrincipal = configuration.get("yarn.resourcemanager.principal");
        if ((this.rmPrincipal == null || this.rmPrincipal.isEmpty()) && (authenticationMethod = SecurityUtil.getAuthenticationMethod(configuration)) != UserGroupInformation.AuthenticationMethod.SIMPLE) {
            log.warn("Rm principal ({}) not set for auth method {}.", "yarn.resourcemanager.principal", authenticationMethod);
        }
    }

    @Override // moe.dare.briareus.yarn.launch.credentials.CredentialsFactoryBase
    protected CompletableFuture<Credentials> tokens(@NotNull FsKey fsKey) {
        CredentialsHolder computeIfAbsent = this.credentialsCache.computeIfAbsent(fsKey, fsKey2 -> {
            return new CredentialsHolder(fsKey2);
        });
        return (CompletableFuture) computeIfAbsent.getCredentialsOptimistic().map((v0) -> {
            return CompletableFuture.completedFuture(v0);
        }).orElseGet(() -> {
            computeIfAbsent.getClass();
            return CompletableFuture.supplyAsync(() -> {
                return computeIfAbsent.getOrCreateCredentials();
            }, this.executor);
        });
    }

    @Override // moe.dare.briareus.yarn.launch.credentials.CredentialsFactory, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.executor.shutdown();
    }

    @Override // moe.dare.briareus.yarn.launch.credentials.CredentialsFactoryBase, moe.dare.briareus.yarn.launch.credentials.CredentialsFactory
    public /* bridge */ /* synthetic */ CompletionStage tokens(RemoteJvmOptions remoteJvmOptions, Collection collection) {
        return super.tokens(remoteJvmOptions, collection);
    }
}
