package org.apache.gobblin.yarn;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Optional;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.util.concurrent.AbstractIdleService;
import com.typesafe.config.Config;
import java.io.IOException;
import java.util.UUID;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.apache.gobblin.cluster.GobblinClusterManager;
import org.apache.gobblin.cluster.GobblinHelixMessagingService;
import org.apache.gobblin.util.ConfigUtils;
import org.apache.gobblin.util.ExecutorsUtils;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.Credentials;
import org.apache.helix.Criteria;
import org.apache.helix.HelixManager;
import org.apache.helix.InstanceType;
import org.apache.helix.model.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/gobblin/yarn/AbstractYarnAppSecurityManager.class */
public abstract class AbstractYarnAppSecurityManager extends AbstractIdleService {
    protected Config config;
    protected final HelixManager helixManager;
    protected final FileSystem fs;
    protected final Path tokenFilePath;
    private final long loginIntervalInMinutes;
    private final long tokenRenewIntervalInMinutes;
    private final boolean isHelixClusterManaged;
    private final String helixInstanceName;
    private final ScheduledExecutorService loginExecutor;
    private final ScheduledExecutorService tokenRenewExecutor;
    protected Logger LOGGER = LoggerFactory.getLogger(getClass().getName());
    protected Credentials credentials = new Credentials();
    private Optional<ScheduledFuture<?>> scheduledTokenRenewTask = Optional.absent();
    protected volatile boolean firstLogin = true;

    public AbstractYarnAppSecurityManager(Config config, HelixManager helixManager, FileSystem fileSystem, Path path) {
        this.config = config;
        this.helixManager = helixManager;
        this.fs = fileSystem;
        this.tokenFilePath = path;
        this.fs.makeQualified(path);
        this.loginIntervalInMinutes = ConfigUtils.getLong(config, GobblinYarnConfigurationKeys.LOGIN_INTERVAL_IN_MINUTES, GobblinYarnConfigurationKeys.DEFAULT_LOGIN_INTERVAL_IN_MINUTES).longValue();
        this.tokenRenewIntervalInMinutes = ConfigUtils.getLong(config, GobblinYarnConfigurationKeys.TOKEN_RENEW_INTERVAL_IN_MINUTES, GobblinYarnConfigurationKeys.DEFAULT_TOKEN_RENEW_INTERVAL_IN_MINUTES).longValue();
        this.loginExecutor = Executors.newSingleThreadScheduledExecutor(ExecutorsUtils.newThreadFactory(Optional.of(this.LOGGER), Optional.of("KeytabReLoginExecutor")));
        this.tokenRenewExecutor = Executors.newSingleThreadScheduledExecutor(ExecutorsUtils.newThreadFactory(Optional.of(this.LOGGER), Optional.of("TokenRenewExecutor")));
        this.isHelixClusterManaged = ConfigUtils.getBoolean(config, "gobblin.cluster.isHelixClusterManaged", false);
        this.helixInstanceName = ConfigUtils.getString(config, "gobblin.cluster.helixInstanceName", GobblinClusterManager.class.getSimpleName());
    }

    protected void startUp() throws Exception {
        this.LOGGER.info("Starting the " + getClass().getSimpleName());
        this.LOGGER.info(String.format("Scheduling the login task with an interval of %d minute(s)", Long.valueOf(this.loginIntervalInMinutes)));
        this.loginExecutor.scheduleAtFixedRate(new Runnable() { // from class: org.apache.gobblin.yarn.AbstractYarnAppSecurityManager.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    AbstractYarnAppSecurityManager.this.loginAndScheduleTokenRenewal();
                } catch (Exception e) {
                    AbstractYarnAppSecurityManager.this.LOGGER.error("Error during login, will continue the thread and try next time.");
                }
            }
        }, this.loginIntervalInMinutes, this.loginIntervalInMinutes, TimeUnit.MINUTES);
    }

    protected void shutDown() throws Exception {
        this.LOGGER.info("Stopping the " + getClass().getSimpleName());
        if (this.scheduledTokenRenewTask.isPresent()) {
            ((ScheduledFuture) this.scheduledTokenRenewTask.get()).cancel(true);
        }
        ExecutorsUtils.shutdownExecutorService(this.loginExecutor, Optional.of(this.LOGGER));
        ExecutorsUtils.shutdownExecutorService(this.tokenRenewExecutor, Optional.of(this.LOGGER));
    }

    protected void scheduleTokenRenewTask() {
        this.LOGGER.info(String.format("Scheduling the token renew task with an interval of %d minute(s)", Long.valueOf(this.tokenRenewIntervalInMinutes)));
        this.scheduledTokenRenewTask = Optional.of(this.tokenRenewExecutor.scheduleAtFixedRate(new Runnable() { // from class: org.apache.gobblin.yarn.AbstractYarnAppSecurityManager.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    AbstractYarnAppSecurityManager.this.renewDelegationToken();
                } catch (IOException e) {
                    AbstractYarnAppSecurityManager.this.LOGGER.error("Failed to renew delegation token", e);
                    throw Throwables.propagate(e);
                } catch (InterruptedException e2) {
                    AbstractYarnAppSecurityManager.this.LOGGER.error("Token renew task has been interrupted");
                    Thread.currentThread().interrupt();
                }
            }
        }, this.tokenRenewIntervalInMinutes, this.tokenRenewIntervalInMinutes, TimeUnit.MINUTES));
    }

    public void loginAndScheduleTokenRenewal() {
        try {
            if (this.scheduledTokenRenewTask.isPresent() && ((ScheduledFuture) this.scheduledTokenRenewTask.get()).cancel(true)) {
                this.LOGGER.info("Cancelled the token renew task");
            }
            login();
            if (this.firstLogin) {
                this.firstLogin = false;
            }
            scheduleTokenRenewTask();
        } catch (IOException | InterruptedException e) {
            this.LOGGER.error("Failed to login from keytab", e);
            throw Throwables.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendTokenFileUpdatedMessage() {
        if (!this.isHelixClusterManaged) {
            sendTokenFileUpdatedMessage(InstanceType.CONTROLLER);
        }
        sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT);
    }

    @VisibleForTesting
    protected void sendTokenFileUpdatedMessage(InstanceType instanceType) {
        sendTokenFileUpdatedMessage(instanceType, GobblinYarnAppLauncher.DEFAULT_GOBBLIN_YARN_APP_LAUNCHER_MODE);
    }

    @VisibleForTesting
    protected void sendTokenFileUpdatedMessage(InstanceType instanceType, String str) {
        Criteria criteria = new Criteria();
        criteria.setInstanceName(Strings.isNullOrEmpty(str) ? "%" : str);
        criteria.setResource("%");
        criteria.setPartition("%");
        criteria.setPartitionState("%");
        criteria.setRecipientInstanceType(instanceType);
        criteria.setSessionSpecific(true);
        Message message = new Message(Message.MessageType.USER_DEFINE_MSG, HelixMessageSubTypes.TOKEN_FILE_UPDATED.toString().toLowerCase() + UUID.randomUUID().toString());
        message.setMsgSubType(HelixMessageSubTypes.TOKEN_FILE_UPDATED.toString());
        message.setMsgState(Message.MessageState.NEW);
        if (instanceType == InstanceType.CONTROLLER) {
            message.setTgtSessionId(GobblinYarnConfigurationKeys.DEFAULT_APP_VIEW_ACL);
        }
        this.LOGGER.info(String.format("Sent %d token file updated message(s) to the %s", Integer.valueOf(new GobblinHelixMessagingService(this.helixManager).send(criteria, message)), instanceType));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void writeDelegationTokenToFile(Credentials credentials) throws IOException {
        if (this.fs.exists(this.tokenFilePath)) {
            this.LOGGER.info("Deleting existing token file " + this.tokenFilePath);
            this.fs.delete(this.tokenFilePath, false);
        }
        this.LOGGER.debug("creating new token file {} with 644 permission.", this.tokenFilePath);
        YarnHelixUtils.writeTokenToFile(this.tokenFilePath, credentials, this.fs.getConf());
        this.fs.setPermission(this.tokenFilePath, new FsPermission(FsAction.READ_WRITE, FsAction.NONE, FsAction.NONE));
        System.setProperty("HADOOP_TOKEN_FILE_LOCATION", this.tokenFilePath.toUri().getPath());
        this.LOGGER.info("set HADOOP_TOKEN_FILE_LOCATION = {}", this.tokenFilePath);
    }

    @VisibleForTesting
    protected synchronized void writeDelegationTokenToFile() throws IOException {
        writeDelegationTokenToFile(this.credentials);
    }

    protected abstract void renewDelegationToken() throws IOException, InterruptedException;

    protected abstract void login() throws IOException, InterruptedException;
}
