package org.apache.hadoop.hdfs.tools;

import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Date;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.GenericOptionsParser;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.class */
public class DelegationTokenFetcher {
    private static final String WEBSERVICE = "webservice";
    private static final String CANCEL = "cancel";
    private static final String HELP = "help";
    private static final String HELP_SHORT = "h";
    private static final Log LOG = LogFactory.getLog(DelegationTokenFetcher.class);
    private static final String PRINT = "print";
    private static final String RENEW = "renew";
    private static final String RENEWER = "renewer";

    public static void main(String[] strArr) throws Exception {
        final HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        Options options = new Options();
        options.addOption(WEBSERVICE, true, "HTTP url to reach the NameNode at").addOption("renewer", true, "Name of the delegation token renewer").addOption(CANCEL, false, "cancel the token").addOption(RENEW, false, "renew the token").addOption(PRINT, false, "print the token").addOption(HELP_SHORT, HELP, false, "print out help information");
        GenericOptionsParser genericOptionsParser = new GenericOptionsParser(hdfsConfiguration, options, strArr);
        CommandLine commandLine = genericOptionsParser.getCommandLine();
        final String optionValue = commandLine.hasOption(WEBSERVICE) ? commandLine.getOptionValue(WEBSERVICE) : null;
        final String optionValue2 = commandLine.hasOption("renewer") ? commandLine.getOptionValue("renewer") : null;
        final boolean hasOption = commandLine.hasOption(CANCEL);
        final boolean hasOption2 = commandLine.hasOption(RENEW);
        final boolean hasOption3 = commandLine.hasOption(PRINT);
        boolean hasOption4 = commandLine.hasOption(HELP);
        String[] remainingArgs = genericOptionsParser.getRemainingArgs();
        if (hasOption4) {
            printUsage(System.out);
            System.exit(0);
        }
        if ((hasOption ? 1 : 0) + (hasOption2 ? 1 : 0) + (hasOption3 ? 1 : 0) > 1) {
            System.err.println("ERROR: Only specify cancel, renew or print.");
            printUsage(System.err);
        }
        if (remainingArgs.length != 1 || remainingArgs[0].charAt(0) == '-') {
            System.err.println("ERROR: Must specify exactly one token file");
            printUsage(System.err);
        }
        final Path path = new Path(FileSystem.getLocal(hdfsConfiguration).getWorkingDirectory(), remainingArgs[0]);
        UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.tools.DelegationTokenFetcher.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                if (hasOption3) {
                    DelegationTokenFetcher.printTokens(hdfsConfiguration, path);
                    return null;
                }
                if (hasOption) {
                    DelegationTokenFetcher.cancelTokens(hdfsConfiguration, path);
                    return null;
                }
                if (hasOption2) {
                    DelegationTokenFetcher.renewTokens(hdfsConfiguration, path);
                    return null;
                }
                DelegationTokenFetcher.saveDelegationToken(hdfsConfiguration, DelegationTokenFetcher.getFileSystem(hdfsConfiguration, optionValue), optionValue2, path);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static FileSystem getFileSystem(Configuration configuration, String str) throws IOException {
        return str == null ? FileSystem.get(configuration) : FileSystem.get(URI.create(str.replaceFirst("^http://", "webhdfs://").replaceFirst("^https://", "swebhdfs://")), configuration);
    }

    @VisibleForTesting
    static void cancelTokens(Configuration configuration, Path path) throws IOException, InterruptedException {
        for (Token<?> token : readTokens(path, configuration)) {
            if (token.isManaged()) {
                token.cancel(configuration);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Cancelled token for " + token.getService());
                }
            }
        }
    }

    @VisibleForTesting
    static void renewTokens(Configuration configuration, Path path) throws IOException, InterruptedException {
        for (Token<?> token : readTokens(path, configuration)) {
            if (token.isManaged()) {
                long renew = token.renew(configuration);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Renewed token for " + token.getService() + " until: " + new Date(renew));
                }
            }
        }
    }

    @VisibleForTesting
    static void saveDelegationToken(Configuration configuration, FileSystem fileSystem, String str, Path path) throws IOException {
        Token delegationToken = fileSystem.getDelegationToken(str);
        Credentials credentials = new Credentials();
        credentials.addToken(delegationToken.getKind(), delegationToken);
        credentials.writeTokenStorageFile(path, configuration);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Fetched token " + fileSystem.getUri() + " for " + delegationToken.getService() + " into " + path);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void printTokens(Configuration configuration, Path path) throws IOException {
        DelegationTokenIdentifier m12044createIdentifier = new DelegationTokenSecretManager(0L, 0L, 0L, 0L, null).m12044createIdentifier();
        for (Token<?> token : readTokens(path, configuration)) {
            m12044createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
            System.out.println("Token (" + m12044createIdentifier + ") for " + token.getService());
        }
    }

    private static void printUsage(PrintStream printStream) {
        printStream.println("fetchdt retrieves delegation tokens from the NameNode");
        printStream.println();
        printStream.println("fetchdt <opts> <token file>");
        printStream.println("Options:");
        printStream.println("  --webservice <url>  Url to contact NN on (starts with http:// or https://)");
        printStream.println("  --renewer <name>    Name of the delegation token renewer");
        printStream.println("  --cancel            Cancel the delegation token");
        printStream.println("  --renew             Renew the delegation token.  Delegation token must have been fetched using the --renewer <name> option.");
        printStream.println("  --print             Print the delegation token");
        printStream.println();
        GenericOptionsParser.printGenericCommandUsage(printStream);
        ExitUtil.terminate(1);
    }

    private static Collection<Token<?>> readTokens(Path path, Configuration configuration) throws IOException {
        return Credentials.readTokenStorageFile(path, configuration).getAllTokens();
    }
}
