package org.apache.hadoop.fs.s3a.auth.delegation;

import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Objects;
import java.util.Optional;
import org.apache.hadoop.fs.s3a.AWSCredentialProviderList;
import org.apache.hadoop.fs.s3a.auth.RoleModel;
import org.apache.hadoop.fs.s3a.auth.delegation.S3ADelegationTokens;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.DurationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:paimon-plugin-s3.jar:org/apache/hadoop/fs/s3a/auth/delegation/AbstractDelegationTokenBinding.class */
public abstract class AbstractDelegationTokenBinding extends AbstractDTService {
    private final Text kind;
    private SecretManager<AbstractS3ATokenIdentifier> secretManager;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractDelegationTokenBinding.class);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:paimon-plugin-s3.jar:org/apache/hadoop/fs/s3a/auth/delegation/AbstractDelegationTokenBinding$TokenSecretManager.class */
    public class TokenSecretManager extends SecretManager<AbstractS3ATokenIdentifier> {
        protected TokenSecretManager() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.hadoop.security.token.SecretManager
        public byte[] createPassword(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier) {
            return AbstractDelegationTokenBinding.getSecretManagerPasssword();
        }

        @Override // org.apache.hadoop.security.token.SecretManager
        public byte[] retrievePassword(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier) throws SecretManager.InvalidToken {
            return AbstractDelegationTokenBinding.getSecretManagerPasssword();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.security.token.SecretManager
        public AbstractS3ATokenIdentifier createIdentifier() {
            DurationInfo durationInfo = new DurationInfo(AbstractDelegationTokenBinding.LOG, true, "Creating Delegation Token Identifier", new Object[0]);
            Throwable th = null;
            try {
                AbstractS3ATokenIdentifier createEmptyIdentifier = AbstractDelegationTokenBinding.this.createEmptyIdentifier();
                if (durationInfo != null) {
                    if (0 != 0) {
                        try {
                            durationInfo.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        durationInfo.close();
                    }
                }
                return createEmptyIdentifier;
            } catch (Throwable th3) {
                if (durationInfo != null) {
                    if (0 != 0) {
                        try {
                            durationInfo.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        durationInfo.close();
                    }
                }
                throw th3;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractDelegationTokenBinding(String str, Text text) {
        super(str);
        this.kind = (Text) Objects.requireNonNull(text);
    }

    public Text getKind() {
        return this.kind;
    }

    public Text getOwnerText() {
        return new Text(getOwner().getUserName());
    }

    public S3ADelegationTokens.TokenIssuingPolicy getTokenIssuingPolicy() {
        return S3ADelegationTokens.TokenIssuingPolicy.RequestNewToken;
    }

    public Token<AbstractS3ATokenIdentifier> createDelegationToken(Optional<RoleModel.Policy> optional, EncryptionSecrets encryptionSecrets, Text text) throws IOException {
        requireServiceStarted();
        AbstractS3ATokenIdentifier createTokenIdentifier = createTokenIdentifier(optional, encryptionSecrets, text);
        if (createTokenIdentifier == null) {
            return null;
        }
        Token<AbstractS3ATokenIdentifier> token = new Token<>(createTokenIdentifier, this.secretManager);
        token.setKind(getKind());
        LOG.debug("Created token {} with token identifier {}", token, createTokenIdentifier);
        return token;
    }

    public abstract AbstractS3ATokenIdentifier createTokenIdentifier(Optional<RoleModel.Policy> optional, EncryptionSecrets encryptionSecrets, Text text) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public <T extends AbstractS3ATokenIdentifier> T convertTokenIdentifier(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier, Class<T> cls) throws DelegationTokenIOException {
        if (abstractS3ATokenIdentifier.getClass().equals(cls)) {
            return abstractS3ATokenIdentifier;
        }
        throw new DelegationTokenIOException("Delegation token is wrong class; expected a token identifier of type " + cls + " but got " + abstractS3ATokenIdentifier.getClass() + " and kind " + abstractS3ATokenIdentifier.getKind());
    }

    public abstract AWSCredentialProviderList deployUnbonded() throws IOException;

    public abstract AWSCredentialProviderList bindToTokenIdentifier(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier) throws IOException;

    public abstract AbstractS3ATokenIdentifier createEmptyIdentifier();

    @Override // org.apache.hadoop.service.AbstractService
    public String toString() {
        return super.toString() + " token kind = " + getKind();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.AbstractService
    public void serviceStart() throws Exception {
        super.serviceStart();
        this.secretManager = createSecretMananger();
    }

    public String getDescription() {
        return "Token binding " + getKind().toString();
    }

    protected SecretManager<AbstractS3ATokenIdentifier> createSecretMananger() throws IOException {
        return new TokenSecretManager();
    }

    public String getUserAgentField() {
        return "";
    }

    protected static byte[] getSecretManagerPasssword() {
        return "non-password".getBytes(Charset.forName("UTF-8"));
    }
}
