package org.apache.sqoop.connector.hadoop.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.LinkedList;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapreduce.security.TokenCache;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.ImmutableContext;
import org.apache.sqoop.common.MutableContext;
import org.apache.sqoop.job.etl.TransferableContext;

/* loaded from: input_file:org/apache/sqoop/connector/hadoop/security/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger LOG = Logger.getLogger(SecurityUtils.class);
    private static final String DELEGATION_TOKENS = "org.apache.sqoop.connector.delegation_tokens";
    public static final String DOAS_ENABLE = "sqoop.doAs";
    public static final String JOB_DEFAULT_DOAS = "org.apache.sqoop.security.authentication.enable.doAs";

    public static UserGroupInformation createProxyUser(TransferableContext transferableContext) throws IOException {
        return UserGroupInformation.createProxyUser(transferableContext.getUser(), UserGroupInformation.getLoginUser());
    }

    public static UserGroupInformation createProxyUserAndLoadDelegationTokens(TransferableContext transferableContext) throws IOException {
        UserGroupInformation createProxyUser = createProxyUser(transferableContext);
        loadDelegationTokensToUGI(createProxyUser, transferableContext.getContext());
        return createProxyUser;
    }

    public static void generateDelegationTokens(MutableContext mutableContext, Path path, Configuration configuration) throws IOException {
        if (!UserGroupInformation.isSecurityEnabled()) {
            LOG.info("Running on unsecured cluster, skipping delegation token generation.");
            return;
        }
        LinkedList linkedList = new LinkedList();
        Credentials credentials = new Credentials();
        TokenCache.obtainTokensForNamenodes(credentials, new Path[]{path}, configuration);
        for (Token token : credentials.getAllTokens()) {
            LOG.info("Generated token: " + token.toString());
            linkedList.add(serializeToken(token));
        }
        if (linkedList.size() > 0) {
            mutableContext.setString(DELEGATION_TOKENS, StringUtils.join(linkedList, " "));
        }
    }

    public static void loadDelegationTokensToUGI(UserGroupInformation userGroupInformation, ImmutableContext immutableContext) throws IOException {
        String string = immutableContext.getString(DELEGATION_TOKENS);
        if (string == null) {
            LOG.info("No delegation tokens found");
            return;
        }
        for (String str : string.split(" ")) {
            Token deserializeToken = deserializeToken(str);
            LOG.info("Loaded delegation token: " + deserializeToken.toString());
            userGroupInformation.addToken(deserializeToken);
        }
    }

    public static String serializeToken(Token token) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        token.write(new DataOutputStream(byteArrayOutputStream));
        byteArrayOutputStream.flush();
        return Base64.encodeBase64String(byteArrayOutputStream.toByteArray());
    }

    public static Token deserializeToken(String str) throws IOException {
        Token token = new Token();
        token.readFields(new DataInputStream(new ByteArrayInputStream(Base64.decodeBase64(str))));
        return token;
    }

    public static boolean isDoAsEnable() {
        String property = System.getProperty(DOAS_ENABLE);
        if (!StringUtils.isNotEmpty(property)) {
            return true;
        }
        try {
            return Boolean.parseBoolean(property);
        } catch (Exception e) {
            LOG.warn("Parse sqoop.doAs error");
            return true;
        }
    }

    public static boolean isDoAsEnable(TransferableContext transferableContext) {
        if (null == transferableContext) {
            LOG.info("context is null.");
            return false;
        }
        String string = transferableContext.getString(DOAS_ENABLE);
        LOG.info("sqoop.doAs:" + string);
        if (StringUtils.isNotEmpty(string)) {
            try {
                return Boolean.parseBoolean(string);
            } catch (Exception e) {
                LOG.warn("Parse sqoop.doAs error");
            }
        }
        boolean z = transferableContext.getBoolean("org.apache.sqoop.security.authentication.enable.doAs", false);
        LOG.info("doAs:" + z);
        return z;
    }

    private SecurityUtils() {
    }
}
