package org.apache.hudi.kms;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.huawei.us.common.random.UsSecureRandom;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Locale;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.security.auth.Subject;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CryptoCodec;
import org.apache.hadoop.crypto.CryptoInputStream;
import org.apache.hadoop.crypto.CryptoOutputStream;
import org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.hudi.exception.HoodieEncryptionException;
import org.apache.hudi.exception.HoodieIOException;
import org.apache.hudi.org.apache.hadoop.hbase.HConstants;
import org.apache.hudi.org.apache.hadoop.hbase.regionserver.MetricsRegionServerSource;
import org.apache.hudi.org.apache.hbase.thirdparty.com.google.common.net.HttpHeaders;
import org.apache.hudi.org.apache.hbase.thirdparty.io.netty.handler.codec.http.HttpHeaders;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/hudi/kms/RangerKmsClient.class */
public class RangerKmsClient {
    private static final String UTF8 = "UTF-8";
    private KmsEntity kmsEntity;
    private KerberosEntity kerberosEntity;
    private boolean isSecurity;
    HttpClient httpClient = null;
    private String baseUrl;
    private CryptoCodec inputCryptoCodec;
    private CryptoCodec outputCryptoCodec;
    private static final ExecutorService EXECUTOR_SERVICE = Executors.newFixedThreadPool((Runtime.getRuntime().availableProcessors() / 2) + 1);
    private static final Logger LOG = LogManager.getLogger(RangerKmsClient.class);

    public RangerKmsClient(KmsEntity kmsEntity, KerberosEntity kerberosEntity, boolean z) {
        this.kmsEntity = kmsEntity;
        this.kerberosEntity = kerberosEntity;
        this.isSecurity = z;
        Configuration configuration = new Configuration();
        this.inputCryptoCodec = new OpensslAesCtrCryptoCodec();
        this.inputCryptoCodec.setConf(configuration);
        this.outputCryptoCodec = new OpensslAesCtrCryptoCodec();
        this.outputCryptoCodec.setConf(configuration);
    }

    public void init() {
        if (!this.isSecurity) {
            this.baseUrl = "http://" + this.kmsEntity.getKmsIp() + ":" + this.kmsEntity.getKmsPort();
            this.httpClient = buildHttpClient();
        } else {
            this.baseUrl = "https://" + this.kmsEntity.getKmsIp() + ":" + this.kmsEntity.getKmsPort();
            System.setProperty("sun.security.krb5.debug", "true");
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
            this.httpClient = buildHttpClientWithSecurity();
        }
    }

    private HttpClient buildHttpClientWithSecurity() {
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new Credentials() { // from class: org.apache.hudi.kms.RangerKmsClient.1
            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }
        });
        Registry build = RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true)).build();
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance(this.kerberosEntity.getProtocol());
            sSLContext.init(null, new TrustManager[]{this.kerberosEntity.getTrustManager()}, UsSecureRandom.getInstance());
        } catch (Exception e) {
            LOG.error(e.getMessage());
        }
        return HttpClients.custom().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContext, NoopHostnameVerifier.INSTANCE)).build();
    }

    private HttpClient buildHttpClient() {
        CloseableHttpClient build = HttpClients.custom().build();
        this.httpClient = build;
        return build;
    }

    public EncryptEk getEncryptEk() throws Exception {
        HttpResponse doRequest = doRequest(this.baseUrl + "/kms/v1/key/" + this.kmsEntity.getKeyId() + "/_metadata", MetricsRegionServerSource.GET_KEY, null);
        if (doRequest.getStatusLine().getStatusCode() != 200) {
            throw new HoodieEncryptionException(String.format("get meta error : %s", doRequest.getStatusLine()));
        }
        if (JsonParser.parseString(EntityUtils.toString(doRequest.getEntity())).getAsJsonObject().size() <= 0) {
            HttpResponse doRequest2 = doRequest(this.baseUrl + "/kms/v1/keys", "post", "{\"name\": \"" + this.kmsEntity.getKeyId() + "\" , \"cipher\": \"AES\", \"length\": 256}");
            if (doRequest2.getStatusLine().getStatusCode() != 201) {
                throw new HoodieEncryptionException(String.format("get meta error : %s", doRequest2.getStatusLine()));
            }
        }
        HttpResponse doRequest3 = doRequest(this.baseUrl + "/kms/v1/key/" + this.kmsEntity.getKeyId() + "/_eek?eek_op=generate&number_keys=1", MetricsRegionServerSource.GET_KEY, null);
        if (doRequest3.getStatusLine().getStatusCode() != 200) {
            throw new HoodieEncryptionException(String.format("generate eek error : %s", doRequest3.getStatusLine()));
        }
        JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(doRequest3.getEntity())).getAsJsonArray().get(0).getAsJsonObject();
        return new EncryptEk(asJsonObject.get("versionName").getAsString(), asJsonObject.get("iv").getAsString(), asJsonObject.get("encryptedKeyVersion").getAsJsonObject().get("material").getAsString());
    }

    public AESEK getRealEK(EncryptEk encryptEk) throws Exception {
        String versionName = encryptEk.getVersionName();
        String material = encryptEk.getMaterial();
        String iv = encryptEk.getIv();
        HttpResponse doRequest = doRequest(this.baseUrl + "/kms/v1/keyversion/" + versionName + "/_eek?eek_op=decrypt", "post", "{\"name\": \"" + this.kmsEntity.getKeyId() + "\", \"iv\":\"" + iv + "\", \"material\":\"" + material + "\"}");
        if (doRequest.getStatusLine().getStatusCode() != 200) {
            throw new HoodieEncryptionException(String.format("decrypt Ek failed with error code %s ", Integer.valueOf(doRequest.getStatusLine().getStatusCode())));
        }
        return new AESEK(this.kmsEntity.getKeyId(), Base64.decodeBase64(iv), Base64.decodeBase64(JsonParser.parseString(EntityUtils.toString(doRequest.getEntity())).getAsJsonObject().get("material").getAsString()));
    }

    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00c8: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:52:0x00c8 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00cd: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:54:0x00cd */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.io.ByteArrayOutputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    public String encrypt(byte[] bArr, AESEK aesek) throws Exception {
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Throwable th = null;
                CryptoOutputStream cryptoOutputStream = new CryptoOutputStream(byteArrayOutputStream, this.outputCryptoCodec, aesek.getMaterial(), aesek.getIv());
                Throwable th2 = null;
                try {
                    try {
                        cryptoOutputStream.write(bArr);
                        cryptoOutputStream.flush();
                        cryptoOutputStream.close();
                        String parseByte2HexStr = parseByte2HexStr(byteArrayOutputStream.toByteArray());
                        if (cryptoOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    cryptoOutputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                cryptoOutputStream.close();
                            }
                        }
                        if (byteArrayOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayOutputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                byteArrayOutputStream.close();
                            }
                        }
                        return parseByte2HexStr;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (cryptoOutputStream != null) {
                        if (th2 != null) {
                            try {
                                cryptoOutputStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            cryptoOutputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new HoodieEncryptionException("kms encrypt error", e);
        }
    }

    public String encrypt(String str, AESEK aesek) throws Exception {
        return encrypt(str.getBytes("UTF-8"), aesek);
    }

    private String parseByte2HexStr(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                hexString = '0' + hexString;
            }
            stringBuffer.append(hexString.toUpperCase(Locale.ENGLISH));
        }
        return stringBuffer.toString();
    }

    public static byte[] parseHexStr2Byte(String str) {
        if (str.length() < 1) {
            return null;
        }
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < str.length() / 2; i++) {
            bArr[i] = (byte) ((Integer.parseInt(str.substring(i * 2, (i * 2) + 1), 16) * 16) + Integer.parseInt(str.substring((i * 2) + 1, (i * 2) + 2), 16));
        }
        return bArr;
    }

    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00ec: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:58:0x00ec */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00f1: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:60:0x00f1 */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.io.ByteArrayInputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    public byte[] decrypt(String str, AESEK aesek) throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(parseHexStr2Byte(str));
                Throwable th = null;
                CryptoInputStream cryptoInputStream = new CryptoInputStream(byteArrayInputStream, this.inputCryptoCodec, aesek.getMaterial(), aesek.getIv());
                Throwable th2 = null;
                try {
                    try {
                        byte[] bArr = new byte[1024];
                        while (true) {
                            int read = cryptoInputStream.read(bArr);
                            if (read <= 0) {
                                break;
                            }
                            byte[] bArr2 = new byte[read];
                            System.arraycopy(bArr, 0, bArr2, 0, read);
                            stringBuffer.append(Base64.encodeBase64String(bArr2));
                        }
                        if (cryptoInputStream != null) {
                            if (0 != 0) {
                                try {
                                    cryptoInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                cryptoInputStream.close();
                            }
                        }
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        return Base64.decodeBase64(stringBuffer.toString());
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (cryptoInputStream != null) {
                        if (th2 != null) {
                            try {
                                cryptoInputStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            cryptoInputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new HoodieEncryptionException("kms decrypt error", e);
        }
    }

    private HttpResponse doRequest(String str, String str2, String str3) {
        try {
            return (HttpResponse) EXECUTOR_SERVICE.submit(() -> {
                if (!this.isSecurity) {
                    return doRequestInternal(str, str2, str3);
                }
                try {
                    final String userName = UserGroupInformation.getCurrentUser().getUserName();
                    return (!UserGroupInformation.getLoginUser().getShortUserName().contains("spark2x") || userName.equals("spark2x")) ? (HttpResponse) UserGroupInformation.getCurrentUser().doAs(new PrivilegedAction<HttpResponse>() { // from class: org.apache.hudi.kms.RangerKmsClient.3
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public HttpResponse run() {
                            return RangerKmsClient.this.doRequestInternal(str, str2, str3);
                        }
                    }) : (HttpResponse) UserGroupInformation.getLoginUser().doAs(new PrivilegedAction<HttpResponse>() { // from class: org.apache.hudi.kms.RangerKmsClient.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public HttpResponse run() {
                            Subject subject = Subject.getSubject(AccessController.getContext());
                            RangerKmsClient.LOG.info("----------------------------------------");
                            Iterator<Principal> it = subject.getPrincipals().iterator();
                            while (it.hasNext()) {
                                RangerKmsClient.LOG.info("DOAS Principal: " + it.next().getName());
                            }
                            RangerKmsClient.LOG.info("----------------------------------------");
                            String str4 = str.contains("?") ? "&doAs=" : "?doAs=";
                            RangerKmsClient.LOG.info(String.format("use spark2x to proxy current user: %s", userName));
                            String str5 = str + str4 + userName;
                            RangerKmsClient.LOG.info("rewrite url: " + str5);
                            return RangerKmsClient.this.doRequestInternal(str5, str2, str3);
                        }
                    });
                } catch (IOException e) {
                    throw new HoodieIOException("failed to get current user", e);
                }
            }).get(HConstants.DEFAULT_REGIONSERVER_METRICS_PERIOD, TimeUnit.MILLISECONDS);
        } catch (InterruptedException | ExecutionException e) {
            throw new HoodieEncryptionException("failed to connect to rangerKms", e);
        } catch (TimeoutException e2) {
            throw new HoodieEncryptionException("timeout to connect with rangerKms", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpResponse doRequestInternal(String str, String str2, String str3) {
        HttpResponse httpResponse = null;
        try {
            RequestConfig build = RequestConfig.custom().setConnectTimeout(HConstants.BATCH_ROWS_THRESHOLD_DEFAULT).setConnectionRequestTimeout(HConstants.BATCH_ROWS_THRESHOLD_DEFAULT).build();
            if (MetricsRegionServerSource.GET_KEY.equals(str2)) {
                HttpGet httpGet = new HttpGet(str);
                httpGet.setConfig(build);
                httpResponse = this.httpClient.execute(httpGet);
            } else if ("post".equals(str2)) {
                HttpPost httpPost = new HttpPost(str);
                httpPost.setConfig(build);
                httpPost.setHeader("Connection", HttpHeaders.KEEP_ALIVE);
                StringEntity stringEntity = new StringEntity(str3, "UTF-8");
                stringEntity.setContentEncoding("UTF-8");
                stringEntity.setContentType(HttpHeaders.Values.APPLICATION_JSON);
                httpPost.setEntity(stringEntity);
                httpResponse = this.httpClient.execute(httpPost);
            }
            LOG.info("----------------------------------------");
            LOG.info("STATUS >> " + httpResponse.getStatusLine());
            LOG.info("----------------------------------------");
            return httpResponse;
        } catch (IOException e) {
            throw new HoodieEncryptionException(e);
        }
    }

    public KmsEntity getKmsEntity() {
        return this.kmsEntity;
    }

    public void close() {
        if (this.httpClient != null) {
            this.httpClient.getConnectionManager().shutdown();
            this.httpClient = null;
        }
    }

    public AESEK getRealEKWithUgi(EncryptEk encryptEk, UserGroupInformation userGroupInformation) throws Exception {
        String versionName = encryptEk.getVersionName();
        String material = encryptEk.getMaterial();
        String iv = encryptEk.getIv();
        HttpResponse doRequestWithUgi = doRequestWithUgi(this.baseUrl + "/kms/v1/keyversion/" + versionName + "/_eek?eek_op=decrypt", "post", "{\"name\": \"" + this.kmsEntity.getKeyId() + "\", \"iv\":\"" + iv + "\", \"material\":\"" + material + "\"}", userGroupInformation);
        if (doRequestWithUgi.getStatusLine().getStatusCode() != 200) {
            throw new HoodieEncryptionException(String.format("decrypt Ek failed with error code %s ", Integer.valueOf(doRequestWithUgi.getStatusLine().getStatusCode())));
        }
        return new AESEK(this.kmsEntity.getKeyId(), Base64.decodeBase64(iv), Base64.decodeBase64(JsonParser.parseString(EntityUtils.toString(doRequestWithUgi.getEntity())).getAsJsonObject().get("material").getAsString()));
    }

    private HttpResponse doRequestWithUgi(String str, String str2, String str3, UserGroupInformation userGroupInformation) {
        try {
            return (HttpResponse) EXECUTOR_SERVICE.submit(() -> {
                if (!this.isSecurity) {
                    return doRequestInternal(str, str2, str3);
                }
                try {
                    final String userName = UserGroupInformation.getCurrentUser().getUserName();
                    return (!UserGroupInformation.getLoginUser().getShortUserName().contains("spark2x") || userName.equals("spark2x")) ? (HttpResponse) userGroupInformation.doAs(new PrivilegedAction<HttpResponse>() { // from class: org.apache.hudi.kms.RangerKmsClient.5
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public HttpResponse run() {
                            return RangerKmsClient.this.doRequestInternal(str, str2, str3);
                        }
                    }) : (HttpResponse) UserGroupInformation.getLoginUser().doAs(new PrivilegedAction<HttpResponse>() { // from class: org.apache.hudi.kms.RangerKmsClient.4
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public HttpResponse run() {
                            Subject subject = Subject.getSubject(AccessController.getContext());
                            RangerKmsClient.LOG.info("----------------------------------------");
                            Iterator<Principal> it = subject.getPrincipals().iterator();
                            while (it.hasNext()) {
                                RangerKmsClient.LOG.info("DOAS Principal: " + it.next().getName());
                            }
                            RangerKmsClient.LOG.info("----------------------------------------");
                            String str4 = str.contains("?") ? "&doAs=" : "?doAs=";
                            RangerKmsClient.LOG.info(String.format("use spark2x to proxy current user: %s", userName));
                            String str5 = str + str4 + userName;
                            RangerKmsClient.LOG.info("rewrite url: " + str5);
                            return RangerKmsClient.this.doRequestInternal(str5, str2, str3);
                        }
                    });
                } catch (IOException e) {
                    throw new HoodieIOException("failed to get current user", e);
                }
            }).get(HConstants.DEFAULT_REGIONSERVER_METRICS_PERIOD, TimeUnit.MILLISECONDS);
        } catch (InterruptedException | ExecutionException e) {
            throw new HoodieEncryptionException("failed to connect to rangerKms", e);
        } catch (TimeoutException e2) {
            throw new HoodieEncryptionException("timeout to connect with rangerKms", e2);
        }
    }
}
