package org.opensearch.hadoop.mr.security;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.UUID;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.security.token.Token;
import org.opensearch.hadoop.OpenSearchHadoopException;
import org.opensearch.hadoop.rest.RestClient;
import org.opensearch.hadoop.security.OpenSearchToken;
import org.opensearch.hadoop.security.User;
import org.opensearch.hadoop.util.Assert;
import org.opensearch.hadoop.util.ClusterName;

/* loaded from: input_file:org/opensearch/hadoop/mr/security/TokenUtil.class */
public class TokenUtil {
    private static Log LOG = LogFactory.getLog(TokenUtil.class);
    public static final String KEY_NAME_PREFIX = "OPENSEARCHHADOOP_";

    private static String newKeyName() {
        return KEY_NAME_PREFIX + UUID.randomUUID().toString();
    }

    private static OpenSearchToken obtainOpenSearchToken(final RestClient restClient, User user) {
        KerberosPrincipal kerberosPrincipal = user.getKerberosPrincipal();
        if (user.isProxyUser()) {
            kerberosPrincipal = user.getRealUserProvider().getUser().getKerberosPrincipal();
        }
        Assert.isTrue(Boolean.valueOf(kerberosPrincipal != null), "Kerberos credentials are missing on current user");
        return (OpenSearchToken) user.doAs(new PrivilegedExceptionAction<OpenSearchToken>() { // from class: org.opensearch.hadoop.mr.security.TokenUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public OpenSearchToken run() {
                return RestClient.this.createNewApiToken(TokenUtil.access$000());
            }
        });
    }

    public static Token<OpenSearchTokenIdentifier> obtainToken(RestClient restClient, User user) {
        return OpenSearchTokenIdentifier.createTokenFrom(obtainOpenSearchToken(restClient, user));
    }

    public static void obtainAndCache(RestClient restClient, User user) throws IOException {
        OpenSearchToken obtainOpenSearchToken = obtainOpenSearchToken(restClient, user);
        if (obtainOpenSearchToken == null) {
            throw new IOException("No token returned for user " + user.getKerberosPrincipal().getName());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Obtained token " + OpenSearchTokenIdentifier.KIND_NAME + " for user " + user.getKerberosPrincipal().getName());
        }
        user.addOpenSearchToken(obtainOpenSearchToken);
    }

    public static void obtainTokenForJob(RestClient restClient, User user, Job job) {
        Token<OpenSearchTokenIdentifier> obtainToken = obtainToken(restClient, user);
        if (obtainToken == null) {
            throw new OpenSearchHadoopException("No token returned for user " + user.getKerberosPrincipal().getName());
        }
        Text service = obtainToken.getService();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Obtained token " + OpenSearchTokenIdentifier.KIND_NAME.toString() + " for user " + user.getKerberosPrincipal().getName() + " on cluster " + service.toString());
        }
        job.getCredentials().addToken(service, obtainToken);
    }

    public static void obtainTokenForJob(RestClient restClient, User user, JobConf jobConf) {
        Token<OpenSearchTokenIdentifier> obtainToken = obtainToken(restClient, user);
        if (obtainToken == null) {
            throw new OpenSearchHadoopException("No token returned for user " + user.getKerberosPrincipal().getName());
        }
        Text service = obtainToken.getService();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Obtained token " + OpenSearchTokenIdentifier.KIND_NAME.toString() + " for user " + user.getKerberosPrincipal().getName() + " on cluster " + service.toString());
        }
        jobConf.getCredentials().addToken(service, obtainToken);
    }

    public static void addTokenForJob(RestClient restClient, ClusterName clusterName, User user, Job job) {
        Token<OpenSearchTokenIdentifier> authToken = getAuthToken(clusterName, user);
        if (authToken == null) {
            authToken = obtainToken(restClient, user);
        }
        job.getCredentials().addToken(authToken.getService(), authToken);
    }

    public static void addTokenForJobConf(RestClient restClient, ClusterName clusterName, User user, JobConf jobConf) {
        Token<OpenSearchTokenIdentifier> authToken = getAuthToken(clusterName, user);
        if (authToken == null) {
            authToken = obtainToken(restClient, user);
        }
        jobConf.getCredentials().addToken(authToken.getService(), authToken);
    }

    private static Token<OpenSearchTokenIdentifier> getAuthToken(ClusterName clusterName, User user) {
        OpenSearchToken openSearchAuthToken = getOpenSearchAuthToken(clusterName, user);
        if (openSearchAuthToken == null) {
            return null;
        }
        return OpenSearchTokenIdentifier.createTokenFrom(openSearchAuthToken);
    }

    private static OpenSearchToken getOpenSearchAuthToken(ClusterName clusterName, User user) {
        return user.getOpenSearchToken(clusterName.getName());
    }

    static /* synthetic */ String access$000() {
        return newKeyName();
    }
}
