package org.apache.ranger.raz.hook.abfs;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azurebfs.AzureBlobFileSystem;
import org.apache.hadoop.fs.azurebfs.extensions.SASTokenProvider;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.raz.intg.RangerRazErrorCode;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.intg.client.RangerRazClient;
import org.apache.ranger.raz.intg.client.RangerRazClientLogger;
import org.apache.ranger.raz.model.RangerRazRequest;
import org.apache.ranger.raz.model.RangerRazRequestBase;
import org.apache.ranger.raz.model.RangerRazResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/hook/abfs/RangerRazTokenProvider.class */
public class RangerRazTokenProvider implements SASTokenProvider {
    private static final Logger LOG = LoggerFactory.getLogger(RangerRazTokenProvider.class);
    public static final String ADLS_RESOURCE_STORAGE_ACCOUNT = "storageaccount";
    public static final String ADLS_RESOURCE_CONTAINER = "container";
    public static final String ADLS_RESOURCE_RELATIVE_PATH = "relativepath";
    public static final String CONF_DELEGATION_TOKEN_KIND = "delegation-token.token-kind";
    public static final String CONF_ADLS_SERVICE_TYPE = "adls.service.type";
    public static final String DELEGATION_TOKEN_KIND_DEFAULT = "raz-dt";
    public static final String ADLS_SERVICE_TYPE_DEFAULT = "adls";
    public static final String ADLS_CONFIG_PREFIX = "fs.azure.ext.raz.prefix";
    public static final String ADLS_CONFIG_PREFIX_DEFAULT = "fs.azure.ext.raz.";
    public static final String CONF_CLUSTER_NAME = ".access.cluster.name";
    public static final String CONF_CLUSTER_TYPE = ".access.cluster.type";
    public static final String ADDL_INFO_KET_ADLS_DSAS = "ADLS_DSAS";
    private String serviceType = ADLS_SERVICE_TYPE_DEFAULT;
    private String clusterName;
    private String clusterType;
    private String userName;
    private String delegationToken;
    private RangerRazClient razClient;

    public void initialize(Configuration configuration, String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazTokenProvider.initialize(accountName={})", str);
        }
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        if (currentUser == null) {
            RangerRazClientLogger.error(LOG, "RangerRazTokenProvider(): {}", "no user is logged in");
            throw new IOException("RangerRazTokenProvider initialization failed: no user is logged in");
        }
        String str2 = configuration.get("fs.azure.ext.raz.prefix", "fs.azure.ext.raz.");
        configuration.set(RangerRazClient.RAZ_CLIENT_PREFIX_KEY, str2);
        String str3 = configuration.get(str2 + CONF_DELEGATION_TOKEN_KIND, DELEGATION_TOKEN_KIND_DEFAULT);
        this.serviceType = configuration.get(str2 + CONF_ADLS_SERVICE_TYPE, ADLS_SERVICE_TYPE_DEFAULT);
        this.clusterName = configuration.get(str2 + this.serviceType + CONF_CLUSTER_NAME, "");
        this.clusterType = configuration.get(str2 + this.serviceType + CONF_CLUSTER_TYPE, "");
        this.userName = getUserNameFromUGI(currentUser);
        this.delegationToken = getDelegationTokenFromUGI(currentUser, str3);
        this.razClient = RangerRazClient.getInstance(configuration, currentUser);
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerRazTokenProvider.initialize(): configPrefix={}", str2);
            LOG.debug("RangerRazTokenProvider.initialize(): {}={}", CONF_DELEGATION_TOKEN_KIND, str3);
            LOG.debug("RangerRazTokenProvider.initialize(): {}={}", CONF_ADLS_SERVICE_TYPE, this.serviceType);
            LOG.debug("RangerRazTokenProvider.initialize(): {}={}", this.serviceType + CONF_CLUSTER_NAME, this.clusterName);
            LOG.debug("RangerRazTokenProvider.initialize(): {}={}", this.serviceType + CONF_CLUSTER_TYPE, this.clusterType);
            LOG.debug("<== RangerRazTokenProvider.initialize(accountName={})", str);
        }
    }

    public String getSASToken(String str, String str2, String str3, String str4) throws IOException, AccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerRazTokenProvider.getSASToken({}, {}, {}, {})", new Object[]{str, str2, str3, str4});
            AzureBlobFileSystem.printStatistics();
        }
        String str5 = null;
        Map<String, String> createRazResource = createRazResource(str, str2, str3);
        HashSet hashSet = new HashSet();
        hashSet.add(str4);
        RangerRazRequest rangerRazRequest = new RangerRazRequest(this.serviceType, new RangerRazRequestBase.ResourceAccess(createRazResource, str, str4, hashSet), this.userName);
        rangerRazRequest.setClusterName(this.clusterName);
        rangerRazRequest.setClusterType(this.clusterType);
        try {
            RangerRazResult checkPrivilege = this.razClient.checkPrivilege(rangerRazRequest, this.delegationToken);
            if (checkPrivilege != null && checkPrivilege.getOperResult() != null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("RangerRazTokenProvider.getSASToken(): result=" + checkPrivilege);
                }
                Map<String, String> additionalInfo = checkPrivilege.getOperResult().getAdditionalInfo();
                if (additionalInfo != null) {
                    str5 = additionalInfo.get(ADDL_INFO_KET_ADLS_DSAS);
                }
            }
            return str5;
        } catch (RangerRazException e) {
            RangerRazClientLogger.error(LOG, "Failed to get DSAS token from Raz", (Throwable) e);
            if (e.getErrorCode() == RangerRazErrorCode.RAZ_CLIENT_ACCESS_DENIED) {
                throw new AccessControlException();
            }
            throw new AccessControlException(e);
        }
    }

    private static Map<String, String> createRazResource(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        if (!str3.startsWith(RangerRazClient.HTTP_URL_SEPARATOR)) {
            str3 = RangerRazClient.HTTP_URL_SEPARATOR + str3;
        }
        hashMap.put(ADLS_RESOURCE_STORAGE_ACCOUNT, str);
        hashMap.put(ADLS_RESOURCE_CONTAINER, str2);
        hashMap.put(ADLS_RESOURCE_RELATIVE_PATH, str3);
        return hashMap;
    }

    private static String getUserNameFromUGI(UserGroupInformation userGroupInformation) throws AccessControlException {
        String shortUserName = userGroupInformation != null ? userGroupInformation.getShortUserName() : null;
        if (shortUserName != null) {
            return shortUserName;
        }
        RangerRazClientLogger.error(LOG, "Failed to obtain currently logged in user");
        throw new AccessControlException("Failed to obtain currently logged in user");
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0077, code lost:
    
        r6 = r0.encodeToUrlString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0085, code lost:
    
        if (org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG.isDebugEnabled() == false) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0088, code lost:
    
        r7 = org.apache.ranger.raz.intg.client.RangerRazClient.maskParam(r6);
        org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG.debug("RangerRazTokenProvider.getDelegationTokenFromUGI(): found DT=[{}]", r7);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String getDelegationTokenFromUGI(org.apache.hadoop.security.UserGroupInformation r4, java.lang.String r5) {
        /*
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L16
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG
            java.lang.String r1 = "==> RangerRazTokenProvider.getDelegationTokenFromUGI()"
            r0.debug(r1)
        L16:
            r0 = 0
            r6 = r0
            r0 = 0
            r7 = r0
            r0 = r4
            java.util.Collection r0 = r0.getTokens()     // Catch: java.io.IOException -> La2
            java.util.Iterator r0 = r0.iterator()     // Catch: java.io.IOException -> La2
            r8 = r0
        L25:
            r0 = r8
            boolean r0 = r0.hasNext()     // Catch: java.io.IOException -> La2
            if (r0 == 0) goto L9f
            r0 = r8
            java.lang.Object r0 = r0.next()     // Catch: java.io.IOException -> La2
            org.apache.hadoop.security.token.Token r0 = (org.apache.hadoop.security.token.Token) r0     // Catch: java.io.IOException -> La2
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L53
            r0 = r9
            org.apache.hadoop.io.Text r0 = r0.getKind()     // Catch: java.io.IOException -> La2
            if (r0 == 0) goto L53
            r0 = r9
            org.apache.hadoop.io.Text r0 = r0.getKind()     // Catch: java.io.IOException -> La2
            java.lang.String r0 = r0.toString()     // Catch: java.io.IOException -> La2
            goto L54
        L53:
            r0 = 0
        L54:
            r10 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG     // Catch: java.io.IOException -> La2
            boolean r0 = r0.isDebugEnabled()     // Catch: java.io.IOException -> La2
            if (r0 == 0) goto L6e
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG     // Catch: java.io.IOException -> La2
            java.lang.String r1 = "RangerRazTokenProvider.getDelegationTokenFromUGI(): tokenKind={}"
            r2 = r10
            r0.debug(r1, r2)     // Catch: java.io.IOException -> La2
        L6e:
            r0 = r5
            r1 = r10
            boolean r0 = r0.equalsIgnoreCase(r1)     // Catch: java.io.IOException -> La2
            if (r0 == 0) goto L9c
            r0 = r9
            java.lang.String r0 = r0.encodeToUrlString()     // Catch: java.io.IOException -> La2
            r6 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG     // Catch: java.io.IOException -> La2
            boolean r0 = r0.isDebugEnabled()     // Catch: java.io.IOException -> La2
            if (r0 == 0) goto L9f
            r0 = r6
            java.lang.String r0 = org.apache.ranger.raz.intg.client.RangerRazClient.maskParam(r0)     // Catch: java.io.IOException -> La2
            r7 = r0
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG     // Catch: java.io.IOException -> La2
            java.lang.String r1 = "RangerRazTokenProvider.getDelegationTokenFromUGI(): found DT=[{}]"
            r2 = r7
            r0.debug(r1, r2)     // Catch: java.io.IOException -> La2
            goto L9f
        L9c:
            goto L25
        L9f:
            goto Laf
        La2:
            r8 = move-exception
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG
            java.lang.String r1 = "RangerRazTokenProvider.getDelegationTokenFromUGI(): failed"
            r2 = r8
            org.apache.ranger.raz.intg.client.RangerRazClientLogger.error(r0, r1, r2)
        Laf:
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto Lc6
            org.slf4j.Logger r0 = org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.LOG
            java.lang.String r1 = "<== RangerRazTokenProvider.getDelegationTokenFromUGI(): ret={}"
            r2 = r7
            r0.debug(r1, r2)
        Lc6:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.raz.hook.abfs.RangerRazTokenProvider.getDelegationTokenFromUGI(org.apache.hadoop.security.UserGroupInformation, java.lang.String):java.lang.String");
    }
}
