package org.apache.solr.security.util.job;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.JobContext;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.SolrServerException;
import org.apache.solr.client.solrj.request.DelegationTokenRequest;
import org.apache.solr.client.solrj.response.DelegationTokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/util/job/JobSecurityUtil.class */
public class JobSecurityUtil {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final String TOKEN_KIND = "solr-dt";
    public static final String USE_SECURE_CREDENTIALS = "org.apache.solr.security.job.useSecureCredentials";
    public static final String CREDENTIALS_FILE_LOCATION = "org.apache.solr.security.job.credentialFileLocation";

    /* loaded from: input_file:org/apache/solr/security/util/job/JobSecurityUtil$SolrTokenIdentifier.class */
    private static class SolrTokenIdentifier extends AbstractDelegationTokenIdentifier {
        private SolrTokenIdentifier() {
        }

        public Text getKind() {
            return new Text(JobSecurityUtil.TOKEN_KIND);
        }
    }

    public static void initCredentials(SolrClient solrClient, JobContext jobContext, String str) throws SolrServerException, IOException {
        verifyArgs(solrClient, jobContext, str);
        Configuration configuration = jobContext.getConfiguration();
        if (!configuration.getBoolean(USE_SECURE_CREDENTIALS, false) && (!isJaasConfigured() || !configuration.getBoolean(USE_SECURE_CREDENTIALS, true))) {
            log.info("Skipping initialization of job credentials");
            return;
        }
        log.info("Initializing job credentials");
        Token<? extends TokenIdentifier> credentialsToken = getCredentialsToken(new DelegationTokenRequest.Get().process(solrClient).getDelegationToken(), str);
        jobContext.getCredentials().addToken(credentialsToken.getService(), credentialsToken);
        jobContext.getConfiguration().setBooleanIfUnset(USE_SECURE_CREDENTIALS, true);
    }

    public static void initCredentials(File file, Configuration configuration, String str) throws IOException {
        verifyArgs(file, configuration, str);
        if (!configuration.getBoolean(USE_SECURE_CREDENTIALS, true)) {
            log.info("Skipping initialization of job credentials");
            return;
        }
        log.info("Initializing job credentials");
        getCredentialsString(file.getPath());
        configuration.set(CREDENTIALS_FILE_LOCATION, file.getPath());
        configuration.setBooleanIfUnset(USE_SECURE_CREDENTIALS, true);
    }

    public static void loadCredentialsForClients(JobContext jobContext, String str) throws IOException {
        verifyArgs(jobContext, str);
        if (jobContext.getConfiguration().getBoolean(USE_SECURE_CREDENTIALS, false)) {
            log.info("Loading job credentials for clients");
            System.setProperty("solr.authentication.solrj.token.delegation", getCredentialsString(jobContext, str));
        }
    }

    public static void loadCredentialsForClients(Configuration configuration, String str) throws IOException {
        String str2;
        verifyArgs(configuration, str);
        if (!configuration.getBoolean(USE_SECURE_CREDENTIALS, false) || (str2 = configuration.get(CREDENTIALS_FILE_LOCATION)) == null) {
            return;
        }
        log.info("Loading job credentials for clients");
        System.setProperty("solr.authentication.solrj.token.delegation", getCredentialsString(str2));
    }

    public static void cleanupCredentials(SolrClient solrClient, JobContext jobContext, String str) throws SolrServerException, IOException {
        verifyArgs(solrClient, jobContext, str);
        if (jobContext.getConfiguration().getBoolean(USE_SECURE_CREDENTIALS, false)) {
            cancelCredentials(solrClient, getCredentialsString(jobContext, str));
        }
    }

    public static void cleanupCredentials(SolrClient solrClient, Configuration configuration, String str) throws SolrServerException, IOException {
        String str2;
        verifyArgs(solrClient, configuration, str);
        if (!configuration.getBoolean(USE_SECURE_CREDENTIALS, false) || (str2 = configuration.get(CREDENTIALS_FILE_LOCATION)) == null) {
            return;
        }
        cancelCredentials(solrClient, getCredentialsString(str2));
    }

    private static void cancelCredentials(SolrClient solrClient, String str) throws SolrServerException, IOException {
        log.info("Cleaning up job credentials");
        new DelegationTokenRequest.Cancel(str).process(solrClient);
    }

    private static boolean isJaasConfigured() {
        return System.getProperty("java.security.auth.login.config") != null;
    }

    private static Token<? extends TokenIdentifier> getCredentialsToken(String str, String str2) throws IOException {
        return new Token<>(str.getBytes(StandardCharsets.UTF_8), new byte[0], new Text(TOKEN_KIND), new Text(str2));
    }

    private static void verifyArgs(SolrClient solrClient, JobContext jobContext, String str) {
        verifyArgs(jobContext, str);
        if (solrClient == null) {
            throw new IllegalArgumentException("server must be non-null");
        }
    }

    private static void verifyArgs(JobContext jobContext, String str) {
        if (jobContext == null) {
            throw new IllegalArgumentException("job must be non-null");
        }
        if (str == null) {
            throw new IllegalArgumentException("serviceName must be non-null");
        }
    }

    private static void verifyArgs(File file, Configuration configuration, String str) {
        verifyArgs(configuration, str);
        if (file == null) {
            throw new IllegalArgumentException("tokenFile must be non-null");
        }
    }

    private static void verifyArgs(SolrClient solrClient, Configuration configuration, String str) {
        verifyArgs(configuration, str);
        if (solrClient == null) {
            throw new IllegalArgumentException("server must be non-null");
        }
    }

    private static void verifyArgs(Configuration configuration, String str) {
        if (configuration == null) {
            throw new IllegalArgumentException("conf must be non-null");
        }
        if (str == null) {
            throw new IllegalArgumentException("serviceName must be non-null");
        }
    }

    private static String getCredentialsString(JobContext jobContext, String str) throws IOException {
        Token token = jobContext.getCredentials().getToken(new Text(str));
        if (token == null) {
            throw new IOException("Unable to locate credentials");
        }
        return new String(token.getIdentifier(), StandardCharsets.UTF_8);
    }

    private static String getCredentialsString(String str) throws IOException {
        DelegationTokenRequest.Get get = new DelegationTokenRequest.Get();
        DelegationTokenResponse.Get get2 = new DelegationTokenResponse.Get();
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            get2.setResponse(get.getResponseParser().processResponse(fileInputStream, "UTF-8"));
            String delegationToken = get2.getDelegationToken();
            fileInputStream.close();
            return delegationToken;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }
}
