package org.apache.hadoop.security;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.web.resources.GroupParam;
import org.apache.hadoop.ipc.CallerContext;
import org.apache.hadoop.thirdparty.com.google.common.collect.BiMap;
import org.apache.hadoop.thirdparty.com.google.common.collect.HashBiMap;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/ShellBasedIdMapping.class */
public class ShellBasedIdMapping implements IdMappingServiceProvider {
    static final String GET_ALL_USERS_CMD = "getent passwd | cut -d: -f1,3";
    static final String GET_ALL_GROUPS_CMD = "getent group | cut -d: -f1,3";
    static final String MAC_GET_ALL_USERS_CMD = "dscl . -list /Users UniqueID";
    static final String MAC_GET_ALL_GROUPS_CMD = "dscl . -list /Groups PrimaryGroupID";
    private final File staticMappingFile;
    private StaticMapping staticMapping;
    private long lastModificationTimeStaticMap;
    private boolean constructFullMapAtInit;
    private final long timeout;
    private BiMap<Integer, String> uidNameMap;
    private BiMap<Integer, String> gidNameMap;
    private long lastUpdateTime;
    private static final String DUPLICATE_NAME_ID_DEBUG_INFO = "NFS gateway could have problem starting with duplicate name or id on the host system.\nThis is because HDFS (non-kerberos cluster) uses name as the only way to identify a user or group.\nThe host system with duplicated user/group name or id might work fine most of the time by itself.\nHowever when NFS gateway talks to HDFS, HDFS accepts only user and group name.\nTherefore, same name means the same user or same group. To find the duplicated names/ids, one can do:\n<getent passwd | cut -d: -f1,3> and <getent group | cut -d: -f1,3> on Linux, BSD and Solaris systems,\n<dscl . -list /Users UniqueID> and <dscl . -list /Groups PrimaryGroupID> on MacOS.";
    private static final Logger LOG = LoggerFactory.getLogger(ShellBasedIdMapping.class);
    private static final String OS = System.getProperty("os.name");
    private static final Pattern EMPTY_LINE = Pattern.compile("^\\s*$");
    private static final Pattern COMMENT_LINE = Pattern.compile("^\\s*#.*$");
    private static final Pattern MAPPING_LINE = Pattern.compile("^(uid|gid)\\s+(\\d+)\\s+(0|-?[1-9]\\d*)\\s*(#.*)?$");

    /* loaded from: input_file:org/apache/hadoop/security/ShellBasedIdMapping$PassThroughMap.class */
    static final class PassThroughMap<K> extends HashMap<K, K> {
        public PassThroughMap() {
            this(Collections.emptyMap());
        }

        public PassThroughMap(Map<K, K> map) {
            for (Map.Entry<K, K> entry : map.entrySet()) {
                super.put(entry.getKey(), entry.getValue());
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
        public K get(Object obj) {
            return super.containsKey(obj) ? (K) super.get(obj) : obj;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:org/apache/hadoop/security/ShellBasedIdMapping$StaticMapping.class */
    public static final class StaticMapping {
        final Map<Integer, Integer> uidMapping;
        final Map<Integer, Integer> gidMapping;

        public StaticMapping(Map<Integer, Integer> map, Map<Integer, Integer> map2) {
            this.uidMapping = new PassThroughMap(map);
            this.gidMapping = new PassThroughMap(map2);
        }

        public void clear() {
            this.uidMapping.clear();
            this.gidMapping.clear();
        }

        public boolean isNonEmpty() {
            return this.uidMapping.size() > 0 || this.gidMapping.size() > 0;
        }
    }

    @VisibleForTesting
    public ShellBasedIdMapping(Configuration configuration, boolean z) throws IOException {
        this.staticMapping = null;
        this.lastModificationTimeStaticMap = 0L;
        this.constructFullMapAtInit = false;
        this.uidNameMap = HashBiMap.create();
        this.gidNameMap = HashBiMap.create();
        this.lastUpdateTime = 0L;
        this.constructFullMapAtInit = z;
        long j = configuration.getLong(IdMappingConstant.USERGROUPID_UPDATE_MILLIS_KEY, IdMappingConstant.USERGROUPID_UPDATE_MILLIS_DEFAULT);
        if (j < 60000) {
            LOG.info("User configured user account update time is less than 1 minute. Use 1 minute instead.");
            this.timeout = 60000L;
        } else {
            this.timeout = j;
        }
        this.staticMappingFile = new File(configuration.get(IdMappingConstant.STATIC_ID_MAPPING_FILE_KEY, IdMappingConstant.STATIC_ID_MAPPING_FILE_DEFAULT));
        updateStaticMapping();
        updateMaps();
    }

    public ShellBasedIdMapping(Configuration configuration) throws IOException {
        this(configuration, false);
    }

    @VisibleForTesting
    public long getTimeout() {
        return this.timeout;
    }

    @VisibleForTesting
    public BiMap<Integer, String> getUidNameMap() {
        return this.uidNameMap;
    }

    @VisibleForTesting
    public BiMap<Integer, String> getGidNameMap() {
        return this.gidNameMap;
    }

    @VisibleForTesting
    public synchronized void clearNameMaps() {
        this.uidNameMap.clear();
        this.gidNameMap.clear();
        this.lastUpdateTime = Time.monotonicNow();
    }

    private synchronized boolean isExpired() {
        return Time.monotonicNow() - this.lastUpdateTime > this.timeout;
    }

    private void checkAndUpdateMaps() {
        if (isExpired()) {
            LOG.info("Update cache now");
            try {
                updateMaps();
            } catch (IOException e) {
                LOG.error("Can't update the maps. Will use the old ones, which can potentially cause problem.", e);
            }
        }
    }

    private static void reportDuplicateEntry(String str, Integer num, String str2, Integer num2, String str3) {
        LOG.warn(StringUtils.LF + str + String.format("new entry (%d, %s), existing entry: (%d, %s).%n%s%n%s", num, str2, num2, str3, "The new entry is to be ignored for the following reason.", DUPLICATE_NAME_ID_DEBUG_INFO));
    }

    private static Integer parseId(String str) {
        return Integer.valueOf((int) Long.parseLong(str));
    }

    @VisibleForTesting
    public static boolean updateMapInternal(BiMap<Integer, String> biMap, String str, String str2, String str3, Map<Integer, Integer> map) throws IOException {
        String readLine;
        boolean z = false;
        BufferedReader bufferedReader = null;
        try {
            try {
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", str2}).getInputStream(), StandardCharsets.UTF_8));
                while (true) {
                    readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        LOG.debug("Updated " + str + " map size: " + biMap.size());
                        if (bufferedReader2 != null) {
                            try {
                                bufferedReader2.close();
                            } catch (IOException e) {
                                LOG.error("Can't close BufferedReader of command result", e);
                            }
                        }
                        return z;
                    }
                    String[] split = readLine.split(str3);
                    if (split == null || split.length != 2) {
                        break;
                    }
                    LOG.debug("add to " + str + "map:" + split[0] + " id:" + split[1]);
                    Integer num = map.get(parseId(split[1]));
                    String str4 = split[0];
                    if (biMap.containsKey(num)) {
                        String str5 = biMap.get(num);
                        if (!str4.equals(str5)) {
                            reportDuplicateEntry("Got multiple names associated with the same id: ", num, str4, num, str5);
                        }
                    } else if (biMap.containsValue(str4)) {
                        reportDuplicateEntry("Got multiple ids associated with the same name: ", num, str4, biMap.inverse().get(str4), str4);
                    } else {
                        biMap.put(num, str4);
                        z = true;
                    }
                }
                throw new IOException("Can't parse " + str + " list entry:" + readLine);
            } catch (IOException e2) {
                LOG.error("Can't update " + str + " map");
                throw e2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e3) {
                    LOG.error("Can't close BufferedReader of command result", e3);
                }
            }
            throw th;
        }
    }

    private boolean checkSupportedPlatform() {
        if (OS.startsWith("Linux") || OS.startsWith("Mac") || OS.equals("SunOS") || OS.contains("BSD")) {
            return true;
        }
        LOG.error("Platform is not supported:" + OS + ". Can't update user map and group map and 'nobody' will be used for any user and group.");
        return false;
    }

    private static boolean isInteger(String str) {
        try {
            Integer.parseInt(str);
            return true;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    private synchronized void updateStaticMapping() throws IOException {
        boolean z = this.staticMapping == null;
        if (this.staticMappingFile.exists()) {
            long lastModified = this.staticMappingFile.lastModified();
            if (lastModified != this.lastModificationTimeStaticMap) {
                LOG.info(z ? "Using " : "Reloading '" + this.staticMappingFile + "' for static UID/GID mapping...");
                this.lastModificationTimeStaticMap = lastModified;
                this.staticMapping = parseStaticMap(this.staticMappingFile);
                return;
            }
            return;
        }
        if (z) {
            this.staticMapping = new StaticMapping(new HashMap(), new HashMap());
        }
        if (this.lastModificationTimeStaticMap != 0 || z) {
            LOG.info("Not doing static UID/GID mapping because '" + this.staticMappingFile + "' does not exist.");
        }
        this.lastModificationTimeStaticMap = 0L;
        this.staticMapping.clear();
    }

    public synchronized void updateMaps() throws IOException {
        if (checkSupportedPlatform()) {
            if (this.constructFullMapAtInit) {
                loadFullMaps();
                this.constructFullMapAtInit = false;
            } else {
                updateStaticMapping();
                clearNameMaps();
            }
        }
    }

    private synchronized void loadFullUserMap() throws IOException {
        HashBiMap create = HashBiMap.create();
        if (OS.startsWith("Mac")) {
            updateMapInternal(create, "user", MAC_GET_ALL_USERS_CMD, "\\s+", this.staticMapping.uidMapping);
        } else {
            updateMapInternal(create, "user", GET_ALL_USERS_CMD, CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.uidMapping);
        }
        this.uidNameMap = create;
        this.lastUpdateTime = Time.monotonicNow();
    }

    private synchronized void loadFullGroupMap() throws IOException {
        HashBiMap create = HashBiMap.create();
        if (OS.startsWith("Mac")) {
            updateMapInternal(create, GroupParam.NAME, MAC_GET_ALL_GROUPS_CMD, "\\s+", this.staticMapping.gidMapping);
        } else {
            updateMapInternal(create, GroupParam.NAME, GET_ALL_GROUPS_CMD, CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.gidMapping);
        }
        this.gidNameMap = create;
        this.lastUpdateTime = Time.monotonicNow();
    }

    private synchronized void loadFullMaps() throws IOException {
        loadFullUserMap();
        loadFullGroupMap();
    }

    private String getName2IdCmdNIX(String str, boolean z) {
        return z ? "getent group " + str + " | cut -d: -f1,3" : "id -u " + str + " | awk '{print \"" + str + ":\"$1 }'";
    }

    private String getId2NameCmdNIX(int i, boolean z) {
        return ("getent " + (z ? "group " : "passwd ")) + String.valueOf(i) + " | cut -d: -f1,3";
    }

    private String getName2IdCmdMac(String str, boolean z) {
        String str2;
        if (z) {
            str2 = (("dscl . -read /Groups/" + str) + " | grep PrimaryGroupID | awk '($1 == \"PrimaryGroupID:\") ") + "{ print \"" + str + "  \" $2 }'";
        } else {
            str2 = "id -u " + str + " | awk '{print \"" + str + "  \"$1 }'";
        }
        return str2;
    }

    private String getId2NameCmdMac(int i, boolean z) {
        return (((("dscl . -search /" + (z ? "Groups PrimaryGroupID " : "Users UniqueID ")) + String.valueOf(i)) + " | sed 'N;s/\\n//g;N;s/\\n//g' | sed 's/") + (z ? "PrimaryGroupID" : "UniqueID")) + " = (//g' | sed 's/)//g' | sed 's/\\\"//g'";
    }

    private synchronized void updateMapIncr(String str, boolean z) throws IOException {
        if (checkSupportedPlatform()) {
            if (isInteger(str) && z) {
                loadFullGroupMap();
                return;
            }
            updateStaticMapping();
            String bashQuote = Shell.bashQuote(str);
            if ((OS.startsWith("Linux") || OS.equals("SunOS") || OS.contains("BSD")) ? z ? updateMapInternal(this.gidNameMap, GroupParam.NAME, getName2IdCmdNIX(bashQuote, true), CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.gidMapping) : updateMapInternal(this.uidNameMap, "user", getName2IdCmdNIX(bashQuote, false), CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.uidMapping) : z ? updateMapInternal(this.gidNameMap, GroupParam.NAME, getName2IdCmdMac(bashQuote, true), "\\s+", this.staticMapping.gidMapping) : updateMapInternal(this.uidNameMap, "user", getName2IdCmdMac(bashQuote, false), "\\s+", this.staticMapping.uidMapping)) {
                this.lastUpdateTime = Time.monotonicNow();
            }
        }
    }

    private synchronized void updateMapIncr(int i, boolean z) throws IOException {
        if (checkSupportedPlatform()) {
            updateStaticMapping();
            if ((OS.startsWith("Linux") || OS.equals("SunOS") || OS.contains("BSD")) ? z ? updateMapInternal(this.gidNameMap, GroupParam.NAME, getId2NameCmdNIX(i, true), CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.gidMapping) : updateMapInternal(this.uidNameMap, "user", getId2NameCmdNIX(i, false), CallerContext.Builder.KEY_VALUE_SEPARATOR, this.staticMapping.uidMapping) : z ? updateMapInternal(this.gidNameMap, GroupParam.NAME, getId2NameCmdMac(i, true), "\\s+", this.staticMapping.gidMapping) : updateMapInternal(this.uidNameMap, "user", getId2NameCmdMac(i, false), "\\s+", this.staticMapping.uidMapping)) {
                this.lastUpdateTime = Time.monotonicNow();
            }
        }
    }

    static StaticMapping parseStaticMap(File file) throws IOException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Files.newInputStream(file.toPath(), new OpenOption[0]), StandardCharsets.UTF_8));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return new StaticMapping(hashMap, hashMap2);
                }
                if (!EMPTY_LINE.matcher(readLine).matches() && !COMMENT_LINE.matcher(readLine).matches()) {
                    Matcher matcher = MAPPING_LINE.matcher(readLine);
                    if (matcher.matches()) {
                        String group = matcher.group(1);
                        Integer parseId = parseId(matcher.group(2));
                        Integer parseId2 = parseId(matcher.group(3));
                        if (group.equals("uid")) {
                            hashMap.put(parseId2, parseId);
                        } else {
                            hashMap2.put(parseId2, parseId);
                        }
                    } else {
                        LOG.warn("Could not parse line '" + readLine + "'. Lines should be of the form '[uid|gid] [remote id] [local id]'. Blank lines and everything following a '#' on a line will be ignored.");
                    }
                }
            } finally {
                bufferedReader.close();
            }
        }
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public synchronized int getUid(String str) throws IOException {
        checkAndUpdateMaps();
        Integer num = this.uidNameMap.inverse().get(str);
        if (num == null) {
            updateMapIncr(str, false);
            num = this.uidNameMap.inverse().get(str);
            if (num == null) {
                throw new IOException("User just deleted?:" + str);
            }
        }
        return num.intValue();
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public synchronized int getGid(String str) throws IOException {
        checkAndUpdateMaps();
        Integer num = this.gidNameMap.inverse().get(str);
        if (num == null) {
            updateMapIncr(str, true);
            num = this.gidNameMap.inverse().get(str);
            if (num == null) {
                throw new IOException("No such group:" + str);
            }
        }
        return num.intValue();
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public synchronized String getUserName(int i, String str) {
        checkAndUpdateMaps();
        String str2 = this.uidNameMap.get(Integer.valueOf(i));
        if (str2 == null) {
            try {
                updateMapIncr(i, false);
            } catch (Exception e) {
            }
            str2 = this.uidNameMap.get(Integer.valueOf(i));
            if (str2 == null) {
                LOG.warn("Can't find user name for uid " + i + ". Use default user name " + str);
                str2 = str;
            }
        }
        return str2;
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public synchronized String getGroupName(int i, String str) {
        checkAndUpdateMaps();
        String str2 = this.gidNameMap.get(Integer.valueOf(i));
        if (str2 == null) {
            try {
                updateMapIncr(i, true);
            } catch (Exception e) {
            }
            str2 = this.gidNameMap.get(Integer.valueOf(i));
            if (str2 == null) {
                LOG.warn("Can't find group name for gid " + i + ". Use default group name " + str);
                str2 = str;
            }
        }
        return str2;
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public int getUidAllowingUnknown(String str) {
        int hashCode;
        checkAndUpdateMaps();
        try {
            hashCode = getUid(str);
        } catch (IOException e) {
            hashCode = str.hashCode();
            LOG.info("Can't map user " + str + ". Use its string hashcode:" + hashCode);
        }
        return hashCode;
    }

    @Override // org.apache.hadoop.security.IdMappingServiceProvider
    public int getGidAllowingUnknown(String str) {
        int hashCode;
        checkAndUpdateMaps();
        try {
            hashCode = getGid(str);
        } catch (IOException e) {
            hashCode = str.hashCode();
            LOG.info("Can't map group " + str + ". Use its string hashcode:" + hashCode);
        }
        return hashCode;
    }
}
