package org.apache.ranger.raz.hook.abfs;

import java.io.IOException;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azurebfs.oauth2.IdentityTransformer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRazClient;
import org.apache.ranger.raz.intg.client.RangerRazClientLogger;
import org.apache.ranger.raz.model.RangerRazIdentityMappingsUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/hook/abfs/RangerRazIdentityTransformer.class */
public class RangerRazIdentityTransformer extends IdentityTransformer {
    private static final Logger LOG = LoggerFactory.getLogger(RangerRazIdentityTransformer.class);
    private static final String ADLS_CONFIG_PREFIX = "fs.azure.ext.raz.prefix";
    private static final String ADLS_CONFIG_PREFIX_DEFAULT = "fs.azure.ext.raz.";
    private static final String CONF_DELEGATION_TOKEN_KIND = "delegation-token.token-kind";
    private static final String DELEGATION_TOKEN_KIND_DEFAULT = "raz-dt";
    private final RangerRazClient rangerRazClient;
    private final String delegationToken;

    public RangerRazIdentityTransformer(Configuration configuration) throws IOException {
        super(configuration);
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazIdentityTransformer({})", configuration);
        }
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        if (currentUser == null) {
            RangerRazClientLogger.error(LOG, "RangerRazIdentityTransformer(): {}", "no user is logged in");
            throw new IOException("RangerRazIdentityTransformer initialization failed: no user is logged in");
        }
        String str = configuration.get("fs.azure.ext.raz.prefix", "fs.azure.ext.raz.");
        configuration.set(RangerRazClient.RAZ_CLIENT_PREFIX_KEY, str);
        this.delegationToken = getDelegationTokenFromUGI(currentUser, configuration.get(str + "delegation-token.token-kind", "raz-dt"));
        this.rangerRazClient = RangerRazClient.getInstance(configuration, currentUser);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazIdentityTransformer()");
        }
    }

    public String transformIdentityForGetRequest(String str, boolean z, String str2) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazIdentityTransformer.transformIdentityForGetRequest({}, {}, {})", new Object[]{str, Boolean.valueOf(z), str2});
        }
        String str3 = null;
        try {
            RangerRazIdentityMappingsUtil identityMappingUtil = this.rangerRazClient.getIdentityMappingUtil(this.delegationToken);
            str3 = z ? identityMappingUtil.getUserClusterId(str) : identityMappingUtil.getGroupClusterId(str);
        } catch (RangerRazException e) {
            LOG.error("RangerRazIdentityTransformer.transformIdentityForGetRequest(): Exception occured while transforming identity: ", e);
        }
        if (StringUtils.isBlank(str3)) {
            str3 = super.transformIdentityForGetRequest(str, z, str2);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazIdentityTransformer.transformIdentityForGetRequest(): clusterId={}", str3);
        }
        return str3;
    }

    public String transformUserOrGroupForSetRequest(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazIdentityTransformer.transformUserOrGroupForSetRequest({})", str);
        }
        String str2 = null;
        try {
            RangerRazIdentityMappingsUtil identityMappingUtil = this.rangerRazClient.getIdentityMappingUtil(this.delegationToken);
            str2 = identityMappingUtil.getUserCloudId(str);
            if (StringUtils.isBlank(str2)) {
                str2 = identityMappingUtil.getGroupCloudId(str);
            }
        } catch (RangerRazException e) {
            LOG.error("RangerRazIdentityTransformer.transformUserOrGroupForSetRequest(): Exception occured while transforming user & group: ", e);
        }
        if (StringUtils.isBlank(str2)) {
            str2 = super.transformUserOrGroupForSetRequest(str);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerRazIdentityTransformer.transformUserOrGroupForSetRequest(): cloudId=", str2);
        }
        return str2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0077, code lost:
    
        r7 = r0.encodeToUrlString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0085, code lost:
    
        if (org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG.isDebugEnabled() == false) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0088, code lost:
    
        r8 = org.apache.ranger.raz.intg.client.RangerRazClient.maskParam(r7);
        org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG.debug("RangerRazIdentityTransformer.getDelegationTokenFromUGI(): found DT=[{}]", r8);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String getDelegationTokenFromUGI(org.apache.hadoop.security.UserGroupInformation r5, java.lang.String r6) {
        /*
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L17
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG
            java.lang.String r1 = "==> RangerRazIdentityTransformer.getDelegationTokenFromUGI({}, {})"
            r2 = r5
            r3 = r6
            r0.debug(r1, r2, r3)
        L17:
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r5
            java.util.Collection r0 = r0.getTokens()     // Catch: java.io.IOException -> La1
            java.util.Iterator r0 = r0.iterator()     // Catch: java.io.IOException -> La1
            r9 = r0
        L26:
            r0 = r9
            boolean r0 = r0.hasNext()     // Catch: java.io.IOException -> La1
            if (r0 == 0) goto L9e
            r0 = r9
            java.lang.Object r0 = r0.next()     // Catch: java.io.IOException -> La1
            org.apache.hadoop.security.token.Token r0 = (org.apache.hadoop.security.token.Token) r0     // Catch: java.io.IOException -> La1
            r10 = r0
            r0 = r10
            if (r0 == 0) goto L54
            r0 = r10
            org.apache.hadoop.io.Text r0 = r0.getKind()     // Catch: java.io.IOException -> La1
            if (r0 == 0) goto L54
            r0 = r10
            org.apache.hadoop.io.Text r0 = r0.getKind()     // Catch: java.io.IOException -> La1
            java.lang.String r0 = r0.toString()     // Catch: java.io.IOException -> La1
            goto L55
        L54:
            r0 = 0
        L55:
            r11 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG     // Catch: java.io.IOException -> La1
            boolean r0 = r0.isDebugEnabled()     // Catch: java.io.IOException -> La1
            if (r0 == 0) goto L6e
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG     // Catch: java.io.IOException -> La1
            java.lang.String r1 = "RangerRazIdentityTransformer.getDelegationTokenFromUGI(): tokenKind={}"
            r2 = r11
            r0.debug(r1, r2)     // Catch: java.io.IOException -> La1
        L6e:
            r0 = r6
            r1 = r11
            boolean r0 = r0.equalsIgnoreCase(r1)     // Catch: java.io.IOException -> La1
            if (r0 == 0) goto L9b
            r0 = r10
            java.lang.String r0 = r0.encodeToUrlString()     // Catch: java.io.IOException -> La1
            r7 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG     // Catch: java.io.IOException -> La1
            boolean r0 = r0.isDebugEnabled()     // Catch: java.io.IOException -> La1
            if (r0 == 0) goto L9e
            r0 = r7
            java.lang.String r0 = org.apache.ranger.raz.intg.client.RangerRazClient.maskParam(r0)     // Catch: java.io.IOException -> La1
            r8 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG     // Catch: java.io.IOException -> La1
            java.lang.String r1 = "RangerRazIdentityTransformer.getDelegationTokenFromUGI(): found DT=[{}]"
            r2 = r8
            r0.debug(r1, r2)     // Catch: java.io.IOException -> La1
            goto L9e
        L9b:
            goto L26
        L9e:
            goto Lad
        La1:
            r9 = move-exception
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG
            java.lang.String r1 = "RangerRazIdentityTransformer.getDelegationTokenFromUGI(): failed"
            r2 = r9
            org.apache.ranger.raz.intg.client.RangerRazClientLogger.error(r0, r1, r2)
        Lad:
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto Lc3
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.LOG
            java.lang.String r1 = "<== RangerRazIdentityTransformer.getDelegationTokenFromUGI(): ret={}"
            r2 = r8
            r0.debug(r1, r2)
        Lc3:
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.raz.hook.abfs.RangerRazIdentityTransformer.getDelegationTokenFromUGI(org.apache.hadoop.security.UserGroupInformation, java.lang.String):java.lang.String");
    }
}
