package org.apache.hadoop.hive.llap.security;

import com.google.common.base.Preconditions;
import io.jsonwebtoken.security.Keys;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;

/* loaded from: input_file:org/apache/hadoop/hive/llap/security/DefaultJwtSharedSecretProvider.class */
public class DefaultJwtSharedSecretProvider implements JwtSecretProvider {
    public static final String LLAP_EXTERNAL_CLIENT_CLOUD_JWT_SHARED_SECRET_ENV_VAR = "LLAP_EXTERNAL_CLIENT_CLOUD_JWT_SHARED_SECRET_ENV_VAR";
    private Key jwtEncryptionKey;

    @Override // org.apache.hadoop.hive.llap.security.JwtSecretProvider
    public Key getEncryptionSecret() {
        return this.jwtEncryptionKey;
    }

    @Override // org.apache.hadoop.hive.llap.security.JwtSecretProvider
    public Key getDecryptionSecret() {
        return this.jwtEncryptionKey;
    }

    @Override // org.apache.hadoop.hive.llap.security.JwtSecretProvider
    public void init(Configuration configuration) {
        byte[] bArr = null;
        try {
            char[] password = configuration.getPassword(HiveConf.ConfVars.LLAP_EXTERNAL_CLIENT_CLOUD_JWT_SHARED_SECRET.varname);
            if (password != null) {
                ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(password));
                bArr = new byte[encode.remaining()];
                encode.get(bArr);
            } else {
                String str = System.getenv(LLAP_EXTERNAL_CLIENT_CLOUD_JWT_SHARED_SECRET_ENV_VAR);
                if (StringUtils.isNotBlank(str)) {
                    bArr = str.getBytes();
                }
            }
            Preconditions.checkState(bArr != null, "With: " + HiveConf.ConfVars.LLAP_EXTERNAL_CLIENT_CLOUD_DEPLOYMENT_SETUP_ENABLED.varname + " = true, \nTo use: org.apache.hadoop.hive.llap.security.DefaultJwtSharedSecretProvider, \n1. a non-null value of 'hive.llap.external.client.cloud.jwt.shared.secret' must be provided OR \n2. alternatively environment variable LLAP_EXTERNAL_CLIENT_CLOUD_JWT_SHARED_SECRET_ENV_VAR can also be set. \nLength of the secret provided in 1) or 2) should be > 32 bytes.");
            this.jwtEncryptionKey = Keys.hmacShaKeyFor(bArr);
        } catch (IOException e) {
            throw new RuntimeException("Unable to get password [hive.llap.external.client.cloud.jwt.shared.secret] - " + e.getMessage(), e);
        }
    }
}
