package org.apache.hadoop.hive.llap.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;

/* loaded from: input_file:org/apache/hadoop/hive/llap/security/SecretManager.class */
public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdentifier> {
    public SecretManager(Configuration configuration) {
        super(configuration);
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public LlapTokenIdentifier m62createIdentifier() {
        return new LlapTokenIdentifier();
    }

    public LlapTokenIdentifier decodeTokenIdentifier(Token<LlapTokenIdentifier> token) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        LlapTokenIdentifier llapTokenIdentifier = new LlapTokenIdentifier();
        llapTokenIdentifier.readFields(dataInputStream);
        dataInputStream.close();
        return llapTokenIdentifier;
    }

    public static SecretManager createSecretManager(Configuration configuration, String str, String str2) {
        String var = HiveConf.getVar(configuration, HiveConf.ConfVars.LLAP_ZKSM_KERBEROS_PRINCIPAL, str);
        String var2 = HiveConf.getVar(configuration, HiveConf.ConfVars.LLAP_ZKSM_KERBEROS_KEYTAB_FILE, str2);
        try {
            UserGroupInformation loginWithKerberos = LlapSecurityHelper.loginWithKerberos(var, var2);
            final Configuration configuration2 = new Configuration(configuration);
            configuration2.setLong("delegation-token.max-lifetime.sec", HiveConf.getTimeVar(configuration, HiveConf.ConfVars.LLAP_DELEGATION_TOKEN_LIFETIME, TimeUnit.SECONDS));
            configuration2.set("zk-dt-secret-manager.kerberos.principal", var);
            configuration2.set("zk-dt-secret-manager.kerberos.keytab", var2);
            setZkConfIfNotSet(configuration2, "zk-dt-secret-manager.znodeWorkingPath", "llapzkdtsm");
            setZkConfIfNotSet(configuration2, "zk-dt-secret-manager.zkAuthType", "sasl");
            setZkConfIfNotSet(configuration2, "zk-dt-secret-manager.zkConnectionString", HiveConf.getVar(configuration2, HiveConf.ConfVars.LLAP_ZKSM_ZK_CONNECTION_STRING));
            return (SecretManager) loginWithKerberos.doAs(new PrivilegedAction<SecretManager>() { // from class: org.apache.hadoop.hive.llap.security.SecretManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public SecretManager run() {
                    SecretManager secretManager = new SecretManager(configuration2);
                    try {
                        secretManager.startThreads();
                        return secretManager;
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                }
            });
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static void setZkConfIfNotSet(Configuration configuration, String str, String str2) {
        if (configuration.get(str) != null) {
            return;
        }
        configuration.set(str, str2);
    }

    /* renamed from: decodeTokenIdentifier, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ AbstractDelegationTokenIdentifier m61decodeTokenIdentifier(Token token) throws IOException {
        return decodeTokenIdentifier((Token<LlapTokenIdentifier>) token);
    }
}
