package com.huawei.guardian.token.server.client;

import com.google.common.base.Preconditions;
import com.huawei.guardian.common.GuardianZookeeperException;
import com.huawei.guardian.common.zookeeper.GuardianZookeeperProxy;
import com.huawei.guardian.token.server.protocol.TokenServerProtocol;
import com.huawei.guardian.token.server.protocolpb.TokenServerProtocolPB;
import com.huawei.guardian.token.server.protocolpb.TokenServerProtocolTranslatorPB;
import com.huawei.guardian.token.server.security.sts.GetSTSRequest;
import com.huawei.guardian.token.server.security.sts.GetSTSResponse;
import com.huawei.guardian.token.server.security.token.DelegationTokenIdentifier;
import com.huawei.guardian.token.server.security.token.GetTokenRequest;
import com.huawei.guardian.token.server.security.token.GetTokenResponse;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.retry.RetryPolicies;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.ProtobufRpcEngine2;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/guardian/token/server/client/LoadBalanceTokenServerClientImpl.class */
public class LoadBalanceTokenServerClientImpl implements TokenServerClient {
    private Configuration conf;
    private String serviceName;
    private static volatile Provider[] clients;
    private static final long EXPIRE_TIME = 1800000;
    private AtomicInteger currentIdx;
    private RetryPolicy retryPolicy = null;
    GuardianZookeeperProxy zookeeperProxy;
    private static final Logger LOG = LoggerFactory.getLogger(LoadBalanceTokenServerClientImpl.class);
    private static Date clientExpireDate = new Date(System.currentTimeMillis() + 1800000);
    private static final Object LOCK = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/huawei/guardian/token/server/client/LoadBalanceTokenServerClientImpl$Provider.class */
    public static class Provider {
        private String target;

        public Provider(String str) {
            this.target = str;
        }

        public String getTarget() {
            return this.target;
        }

        public String toString() {
            return "Provider{target='" + this.target + "'}";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/huawei/guardian/token/server/client/LoadBalanceTokenServerClientImpl$ProviderCallable.class */
    public interface ProviderCallable<T> {
        T call(TokenServerProtocol tokenServerProtocol) throws IOException;
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public synchronized void init(Configuration configuration) throws IOException {
        if (this.conf != null) {
            return;
        }
        this.conf = configuration;
        initServiceName();
        RPC.setProtocolEngine(this.conf, TokenServerProtocolPB.class, ProtobufRpcEngine2.class);
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public Token<DelegationTokenIdentifier> getDelegationToken(String str) throws IOException {
        return (Token) doCall(tokenServerProtocol -> {
            return tokenServerProtocol.getDelegationToken(new Text(str));
        });
    }

    private void initZookeeperProxy() {
        if (this.conf.getBoolean(ClientConstants.TOKEN_SERVER_DYNAMIC_DISCOVERY_ENABLE, false)) {
            try {
                LOG.debug("Dynamic token server discovering is opened, start to init zookeeper proxy.");
                this.zookeeperProxy = new GuardianZookeeperProxy(this.conf, true);
            } catch (GuardianZookeeperException e) {
                LOG.warn("Failed to init GuardianZookeeperProxy: ", e);
                closeZookeeperProxy();
            }
        }
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public String getCanonicalServiceName() {
        return this.serviceName;
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public long renewDelegationToken(Token<?> token, Configuration configuration) throws IOException {
        if (this.conf == null) {
            init(configuration);
        }
        return ((Long) doCall(tokenServerProtocol -> {
            return Long.valueOf(tokenServerProtocol.renewDelegationToken(token));
        })).longValue();
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public Void cancelDelegationToken(Token<?> token, Configuration configuration) throws IOException {
        if (this.conf == null) {
            init(configuration);
        }
        return (Void) doCall(tokenServerProtocol -> {
            tokenServerProtocol.cancelDelegationToken(token);
            return null;
        });
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public GetSTSResponse getSTS(String str, String str2, String str3) throws IOException {
        return (GetSTSResponse) doCall(tokenServerProtocol -> {
            GetSTSRequest getSTSRequest = new GetSTSRequest();
            getSTSRequest.setRegion(str);
            getSTSRequest.setBucketName(str2);
            getSTSRequest.setAllowPrefix(str3);
            return tokenServerProtocol.getSTS(getSTSRequest);
        });
    }

    private synchronized int nextIdx() {
        int i;
        if (this.currentIdx == null) {
            this.currentIdx = new AtomicInteger((int) (Time.monotonicNow() % clients.length));
        }
        do {
            i = this.currentIdx.get();
        } while (!this.currentIdx.compareAndSet(i, (i + 1) % clients.length));
        return i;
    }

    private Provider[] getClientProviders() throws IOException {
        String[] strArr = null;
        try {
            initZookeeperProxy();
            if (this.zookeeperProxy != null) {
                strArr = this.zookeeperProxy.getTokenServerNodes(this.conf);
            }
        } catch (Exception e) {
            LOG.error("Failed to get token server list from zookeeperProxy, exception: {}", e.getMessage());
        } finally {
            closeZookeeperProxy();
        }
        if (strArr == null || strArr.length == 0) {
            LOG.debug("Getting token server list from configuration: {}", ClientConstants.TOKEN_SERVER_RPC_ADDRESS);
            String trim = this.conf.get(ClientConstants.TOKEN_SERVER_RPC_ADDRESS, "").trim();
            if (trim.length() == 0) {
                throw new IOException("token.server.rpc.address is not set");
            }
            strArr = trim.split(";");
            LOG.info("Getting client providers: {} from configuration", Arrays.asList(strArr));
        } else {
            LOG.info("Get the client providers: {} from zookeeperProxy", Arrays.asList(strArr));
        }
        return getClientProviders(strArr);
    }

    private Provider[] getClientProviders(String[] strArr) throws IOException {
        Provider[] providerArr = new Provider[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            providerArr[i] = new Provider(strArr[i]);
        }
        return shuffle(providerArr);
    }

    private TokenServerProtocol getRpcProxy(String str) throws IOException {
        long protocolVersion = RPC.getProtocolVersion(TokenServerProtocolPB.class);
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        LOG.info("Do rpc request with user: {}", currentUser.getShortUserName());
        int rpcTimeout = Client.getRpcTimeout(this.conf);
        return new TokenServerProtocolTranslatorPB((TokenServerProtocolPB) RPC.getProtocolProxy(TokenServerProtocolPB.class, protocolVersion, NetUtils.createSocketAddr(str, this.conf.getInt(ClientConstants.TOKEN_SERVER_RPC_PORT, ClientConstants.DEFAULT_TOKEN_SERVER_RPC_PORT)), currentUser, this.conf, NetUtils.getDefaultSocketFactory(this.conf), rpcTimeout, RetryPolicies.TRY_ONCE_THEN_FAIL, new AtomicBoolean(false)).getProxy());
    }

    private <T> T doCall(ProviderCallable<T> providerCallable) throws IOException {
        if (clients == null || clients.length == 0 || needRefreshClient()) {
            refreshProviders();
        }
        if (clients.length == 0) {
            throw new IOException("No providers configured !");
        }
        int i = 0;
        int nextIdx = nextIdx();
        int i2 = 0;
        while (true) {
            Provider provider = clients[(nextIdx + i2) % clients.length];
            try {
                return providerCallable.call(getRpcProxy(provider.getTarget()));
            } catch (IOException e) {
                if (i2 == 0) {
                    LOG.warn("Failed to do call, will refresh token server node list");
                    refreshProviders();
                }
                LOG.warn("client at [{}] threw an IOException: ", provider.getTarget(), e);
                try {
                    RetryPolicy.RetryAction shouldRetry = this.retryPolicy.shouldRetry(e, 0, i, false);
                    if (shouldRetry.action == RetryPolicy.RetryAction.RetryDecision.FAIL && i >= clients.length - 1) {
                        LOG.error("Aborting since the Request has failed with all token-server providers(depending on {}={} setting and numProviders={}) in the group OR the exception is not recoverable", new Object[]{ClientConstants.TOKEN_SERVER_CLIENT_FAILOVER_MAX_RETRIES, Integer.valueOf(this.conf.getInt(ClientConstants.TOKEN_SERVER_CLIENT_FAILOVER_MAX_RETRIES, clients.length)), Integer.valueOf(clients.length)});
                        throw e;
                    }
                    if ((i + 1) % clients.length == 0) {
                        try {
                            Thread.sleep(shouldRetry.delayMillis);
                        } catch (InterruptedException e2) {
                            throw new InterruptedIOException("Thread Interrupted");
                        }
                    }
                    LOG.warn("client retrying [{} times]", Integer.valueOf(i + 1));
                    i2++;
                    i++;
                } catch (Exception e3) {
                    throw new IOException(e3);
                }
            }
        }
    }

    private void refreshProviders() throws IOException {
        LOG.info("refresh client providers.");
        synchronized (LOCK) {
            clients = getClientProviders();
        }
        LOG.debug("Clients info: {}", Arrays.toString(clients));
        int i = this.conf.getInt(ClientConstants.TOKEN_SERVER_CLIENT_FAILOVER_MAX_RETRIES, clients.length);
        int i2 = this.conf.getInt(ClientConstants.TOKEN_SERVER_CLIENT_FAILOVER_SLEEP_BASE_MILLIS, 100);
        int i3 = this.conf.getInt(ClientConstants.TOKEN_SERVER_CLIENT_FAILOVER_SLEEP_MAX_MILLIS, ClientConstants.DEFAULT_TOKEN_SERVER_CLIENT_FAILOVER_SLEEP_MAX_MILLIS);
        Preconditions.checkState(i >= 0);
        Preconditions.checkState(i2 >= 0);
        Preconditions.checkState(i3 >= 0);
        this.retryPolicy = RetryPolicies.failoverOnNetworkException(RetryPolicies.TRY_ONCE_THEN_FAIL, i, 0, i2, i3);
        this.currentIdx = new AtomicInteger((int) (Time.monotonicNow() % clients.length));
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public void close() {
        closeZookeeperProxy();
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public GetTokenResponse getToken(String str, String str2) throws IOException {
        return (GetTokenResponse) doCall(tokenServerProtocol -> {
            GetTokenRequest getTokenRequest = new GetTokenRequest();
            getTokenRequest.setUserName(str2);
            getTokenRequest.setAgency(str);
            return tokenServerProtocol.getLakeFormationToken(getTokenRequest);
        });
    }

    @Override // com.huawei.guardian.token.server.client.TokenServerClient
    public List<String> getGroupNames(String str) throws IOException {
        return (List) doCall(tokenServerProtocol -> {
            return tokenServerProtocol.getGroupNames(str);
        });
    }

    private void closeZookeeperProxy() {
        if (this.zookeeperProxy != null) {
            this.zookeeperProxy.close();
        }
        this.zookeeperProxy = null;
    }

    private void initServiceName() throws IOException {
        InetSocketAddress createSocketAddr = NetUtils.createSocketAddr(this.conf.get(ClientConstants.TOKEN_SERVER_DT_SERVICE_NAME, ClientConstants.DEFAULT_TOKEN_SERVER_DT_SERVICE_NAME), ClientConstants.DEFAULT_TOKEN_SERVER_RPC_PORT);
        this.serviceName = createSocketAddr.getAddress().getHostAddress() + ":" + createSocketAddr.getPort();
    }

    private static Provider[] shuffle(Provider[] providerArr) {
        List asList = Arrays.asList(providerArr);
        Collections.shuffle(asList);
        return (Provider[]) asList.toArray(providerArr);
    }

    private boolean needRefreshClient() {
        long currentTimeMillis = System.currentTimeMillis();
        if (clientExpireDate.getTime() >= currentTimeMillis) {
            return false;
        }
        LOG.info("client cache is expired, need refresh! clientExpireDate: " + clientExpireDate);
        clientExpireDate = new Date(currentTimeMillis + 1800000);
        LOG.info("new clientExpireDate: " + clientExpireDate);
        return true;
    }
}
