package com.linkedin.venice.hadoop.ssl;

import java.io.File;
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/linkedin/venice/hadoop/ssl/UserCredentialsFactory.class */
public class UserCredentialsFactory {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) UserCredentialsFactory.class);
    public static final int REQUIRED_SECRET_KEY_COUNT = 4;

    public static Credentials getHadoopUserCredentials() throws IOException {
        Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();
        verifyCredentials(credentials);
        return credentials;
    }

    public static Credentials getUserCredentialsFromTokenFile() throws IOException {
        String str = System.getenv("HADOOP_TOKEN_FILE_LOCATION");
        if (str == null) {
            str = System.getProperty("HADOOP_TOKEN_FILE_LOCATION");
        }
        Credentials readTokenStorageFile = Credentials.readTokenStorageFile(new File(str), new Configuration());
        verifyCredentials(readTokenStorageFile);
        return readTokenStorageFile;
    }

    private static void verifyCredentials(Credentials credentials) {
        if (credentials.numberOfSecretKeys() < 4) {
            LOGGER.info("Number of tokens found: {}", Integer.valueOf(credentials.numberOfTokens()));
            LOGGER.warn("Number of secret keys found: {}", Integer.valueOf(credentials.numberOfSecretKeys()));
            LOGGER.warn("The current credentials does not contain required secret keys which are required by enabling Kafka SSL.");
        }
    }
}
