package org.apache.nifi.dbcp.hive;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.login.LoginException;
import org.apache.commons.dbcp.BasicDataSource;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hive.jdbc.HiveDriver;
import org.apache.nifi.annotation.behavior.RequiresInstanceClassLoading;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnDisabled;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.controller.ControllerServiceInitializationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.hadoop.KerberosProperties;
import org.apache.nifi.hadoop.SecurityUtil;
import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.krb.KerberosKeytabUser;
import org.apache.nifi.security.krb.KerberosPasswordUser;
import org.apache.nifi.security.krb.KerberosUser;
import org.apache.nifi.util.hive.AuthenticationFailedException;
import org.apache.nifi.util.hive.HiveConfigurator;
import org.apache.nifi.util.hive.HiveUtils;
import org.apache.nifi.util.hive.ValidationResources;

@CapabilityDescription("Provides Database Connection Pooling Service for Apache Hive. Connections can be asked from pool and returned after usage.")
@Tags({"hive", "dbcp", "jdbc", "database", "connection", "pooling", "store"})
@RequiresInstanceClassLoading
/* loaded from: input_file:org/apache/nifi/dbcp/hive/HiveConnectionPool.class */
public class HiveConnectionPool extends AbstractControllerService implements HiveDBCPService {
    private static final String ALLOW_EXPLICIT_KEYTAB = "NIFI_ALLOW_EXPLICIT_KEYTAB";
    public static final PropertyDescriptor DATABASE_URL = new PropertyDescriptor.Builder().name("hive-db-connect-url").displayName("Database Connection URL").description("A database connection URL used to connect to a database. May contain database system name, host, port, database name and some parameters. The exact syntax of a database connection URL is specified by the Hive documentation. For example, the server principal is often included as a connection parameter when connecting to a secure Hive server.").defaultValue((String) null).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).required(true).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor HIVE_CONFIGURATION_RESOURCES = new PropertyDescriptor.Builder().name("hive-config-resources").displayName("Hive Configuration Resources").description("A file or comma separated list of files which contains the Hive configuration (hive-site.xml, e.g.). Without this, Hadoop will search the classpath for a 'hive-site.xml' file or will revert to a default configuration. Note that to enable authentication with Kerberos e.g., the appropriate properties must be set in the configuration files. Please see the Hive documentation for more details.").required(false).addValidator(HiveUtils.createMultipleFilesExistValidator()).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor DB_USER = new PropertyDescriptor.Builder().name("hive-db-user").displayName("Database User").description("Database user name").defaultValue((String) null).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor DB_PASSWORD = new PropertyDescriptor.Builder().name("hive-db-password").displayName("Password").description("The password for the database user").defaultValue((String) null).required(false).sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor MAX_WAIT_TIME = new PropertyDescriptor.Builder().name("hive-max-wait-time").displayName("Max Wait Time").description("The maximum amount of time that the pool will wait (when there are no available connections)  for a connection to be returned before failing, or -1 to wait indefinitely. ").defaultValue("500 millis").required(true).addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor MAX_TOTAL_CONNECTIONS = new PropertyDescriptor.Builder().name("hive-max-total-connections").displayName("Max Total Connections").description("The maximum number of active connections that can be allocated from this pool at the same time, or negative for no limit.").defaultValue("8").required(true).addValidator(StandardValidators.INTEGER_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor VALIDATION_QUERY = new PropertyDescriptor.Builder().name("Validation-query").displayName("Validation query").description("Validation query used to validate connections before returning them. When a borrowed connection is invalid, it gets dropped and a new valid connection will be returned. NOTE: Using validation may have a performance penalty.").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE = new PropertyDescriptor.Builder().name("kerberos-credentials-service").displayName("Kerberos Credentials Service").description("Specifies the Kerberos Credentials Controller Service that should be used for authenticating with Kerberos").identifiesControllerService(KerberosCredentialsService.class).required(false).build();
    private List<PropertyDescriptor> properties;
    private volatile BasicDataSource dataSource;
    private volatile UserGroupInformation ugi;
    private volatile KerberosProperties kerberosProperties;
    private String connectionUrl = "unknown";
    private final AtomicReference<ValidationResources> validationResourceHolder = new AtomicReference<>();
    private volatile HiveConfigurator hiveConfigurator = new HiveConfigurator();
    private final AtomicReference<KerberosUser> kerberosUserReference = new AtomicReference<>();
    private volatile File kerberosConfigFile = null;

    protected void init(ControllerServiceInitializationContext controllerServiceInitializationContext) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(DATABASE_URL);
        arrayList.add(HIVE_CONFIGURATION_RESOURCES);
        arrayList.add(DB_USER);
        arrayList.add(DB_PASSWORD);
        arrayList.add(MAX_WAIT_TIME);
        arrayList.add(MAX_TOTAL_CONNECTIONS);
        arrayList.add(VALIDATION_QUERY);
        arrayList.add(KERBEROS_CREDENTIALS_SERVICE);
        this.kerberosConfigFile = controllerServiceInitializationContext.getKerberosConfigurationFile();
        this.kerberosProperties = new KerberosProperties(this.kerberosConfigFile);
        arrayList.add(this.kerberosProperties.getKerberosPrincipal());
        arrayList.add(this.kerberosProperties.getKerberosKeytab());
        arrayList.add(this.kerberosProperties.getKerberosPassword());
        this.properties = arrayList;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return this.properties;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        String str;
        String str2;
        boolean isSet = validationContext.getProperty(HIVE_CONFIGURATION_RESOURCES).isSet();
        ArrayList arrayList = new ArrayList();
        if (isSet) {
            String value = validationContext.getProperty(this.kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
            String value2 = validationContext.getProperty(this.kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
            String value3 = validationContext.getProperty(this.kerberosProperties.getKerberosPassword()).getValue();
            KerberosCredentialsService asControllerService = validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
            if (asControllerService != null) {
                str = asControllerService.getPrincipal();
                str2 = asControllerService.getKeytab();
            } else {
                str = value;
                str2 = value2;
            }
            arrayList.addAll(this.hiveConfigurator.validate(validationContext.getProperty(HIVE_CONFIGURATION_RESOURCES).evaluateAttributeExpressions().getValue(), str, str2, value3, this.validationResourceHolder, getLogger()));
            if (asControllerService != null && (value != null || value2 != null || value3 != null)) {
                arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("Cannot specify a Kerberos Credentials Service while also specifying a Kerberos Principal, Kerberos Keytab, or Kerberos Password").build());
            }
            if (!isAllowExplicitKeytab() && value2 != null) {
                arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("The 'NIFI_ALLOW_EXPLICIT_KEYTAB' system environment variable is configured to forbid explicitly configuring Kerberos Keytab in processors. The Kerberos Credentials Service should be used instead of setting the Kerberos Keytab or Kerberos Principal property.").build());
            }
        }
        return arrayList;
    }

    @OnEnabled
    public void onConfigured(ConfigurationContext configurationContext) throws InitializationException {
        String str;
        String str2;
        ComponentLog logger = getLogger();
        Configuration configurationFromFiles = this.hiveConfigurator.getConfigurationFromFiles(configurationContext.getProperty(HIVE_CONFIGURATION_RESOURCES).evaluateAttributeExpressions().getValue());
        String value = configurationContext.getProperty(VALIDATION_QUERY).evaluateAttributeExpressions().getValue();
        Iterator it = configurationContext.getProperties().entrySet().iterator();
        while (it.hasNext()) {
            PropertyDescriptor propertyDescriptor = (PropertyDescriptor) ((Map.Entry) it.next()).getKey();
            if (propertyDescriptor.isDynamic()) {
                configurationFromFiles.set(propertyDescriptor.getName(), configurationContext.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue());
            }
        }
        String name = HiveDriver.class.getName();
        if (SecurityUtil.isSecurityEnabled(configurationFromFiles)) {
            String value2 = configurationContext.getProperty(this.kerberosProperties.getKerberosPrincipal()).evaluateAttributeExpressions().getValue();
            String value3 = configurationContext.getProperty(this.kerberosProperties.getKerberosKeytab()).evaluateAttributeExpressions().getValue();
            String value4 = configurationContext.getProperty(this.kerberosProperties.getKerberosPassword()).getValue();
            KerberosCredentialsService asControllerService = configurationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
            if (asControllerService != null) {
                str = asControllerService.getPrincipal();
                str2 = asControllerService.getKeytab();
            } else {
                str = value2;
                str2 = value3;
            }
            if (str2 != null) {
                this.kerberosUserReference.set(new KerberosKeytabUser(str, str2));
                logger.info("Hive Security Enabled, logging in as principal {} with keytab {}", new Object[]{str, str2});
            } else {
                if (value4 == null) {
                    throw new InitializationException("Unable to authenticate with Kerberos, no keytab or password was provided");
                }
                this.kerberosUserReference.set(new KerberosPasswordUser(str, value4));
                logger.info("Hive Security Enabled, logging in as principal {} with password", new Object[]{str});
            }
            try {
                this.ugi = this.hiveConfigurator.authenticate(configurationFromFiles, this.kerberosUserReference.get());
                getLogger().info("Successfully logged in as principal " + str);
            } catch (AuthenticationFailedException e) {
                logger.error(e.getMessage(), e);
                throw new InitializationException(e);
            }
        }
        String value5 = configurationContext.getProperty(DB_USER).evaluateAttributeExpressions().getValue();
        String value6 = configurationContext.getProperty(DB_PASSWORD).evaluateAttributeExpressions().getValue();
        Long asTimePeriod = configurationContext.getProperty(MAX_WAIT_TIME).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS);
        Integer asInteger = configurationContext.getProperty(MAX_TOTAL_CONNECTIONS).evaluateAttributeExpressions().asInteger();
        this.dataSource = new BasicDataSource();
        this.dataSource.setDriverClassName(name);
        this.connectionUrl = configurationContext.getProperty(DATABASE_URL).evaluateAttributeExpressions().getValue();
        this.dataSource.setMaxWait(asTimePeriod.longValue());
        this.dataSource.setMaxActive(asInteger.intValue());
        if (value != null && !value.isEmpty()) {
            this.dataSource.setValidationQuery(value);
            this.dataSource.setTestOnBorrow(true);
        }
        this.dataSource.setUrl(this.connectionUrl);
        this.dataSource.setUsername(value5);
        this.dataSource.setPassword(value6);
    }

    @OnDisabled
    public void shutdown() {
        try {
            this.dataSource.close();
        } catch (SQLException e) {
            throw new ProcessException(e);
        }
    }

    public Connection getConnection() throws ProcessException {
        try {
            if (this.ugi == null) {
                getLogger().info("Simple Authentication");
                return this.dataSource.getConnection();
            }
            getLogger().trace("getting UGI instance");
            if (this.kerberosUserReference.get() != null) {
                KerberosUser kerberosUser = this.kerberosUserReference.get();
                getLogger().debug("kerberosUser is " + kerberosUser);
                try {
                    getLogger().debug("checking TGT on kerberosUser [{}]", new Object[]{kerberosUser});
                    kerberosUser.checkTGTAndRelogin();
                } catch (LoginException e) {
                    throw new ProcessException("Unable to relogin with kerberos credentials for " + kerberosUser.getPrincipal(), e);
                }
            } else {
                getLogger().debug("kerberosUser was null, will not refresh TGT with KerberosUser");
                this.ugi.checkTGTAndReloginFromKeytab();
            }
            try {
                return (Connection) this.ugi.doAs(() -> {
                    return this.dataSource.getConnection();
                });
            } catch (UndeclaredThrowableException e2) {
                Throwable cause = e2.getCause();
                if (cause instanceof SQLException) {
                    throw ((SQLException) cause);
                }
                throw e2;
            }
        } catch (IOException | InterruptedException | SQLException e3) {
            getLogger().error("Error getting Hive connection", e3);
            throw new ProcessException(e3);
        }
    }

    public String toString() {
        return "HiveConnectionPool[id=" + getIdentifier() + "]";
    }

    public String getConnectionURL() {
        return this.connectionUrl;
    }

    boolean isAllowExplicitKeytab() {
        return Boolean.parseBoolean(System.getenv(ALLOW_EXPLICIT_KEYTAB));
    }
}
