package org.apache.flink.connector.hbase.security;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Locale;
import java.util.UUID;
import org.apache.flink.annotation.VisibleForTesting;
import org.apache.flink.runtime.security.modules.HadoopModule;
import org.apache.flink.runtime.security.modules.SecurityModule;
import org.apache.flink.table.connector.security.ConnectorSecurityUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/apache/flink/connector/hbase/security/HbaseSecurityModule.class */
public class HbaseSecurityModule {
    private static final Logger LOG = LoggerFactory.getLogger(HbaseSecurityModule.class);
    public static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
    public static final String HBASE_SECURITY_AUTHENTICATION = "hbase.security.authentication";
    public static final String ZOOKEEPER_SERVER_PRINCIPAL = "zookeeper.server.principal";
    public static final String HBASE_REGIONSERVER_KERBEROS_PRINCIPAL = "hbase.regionserver.kerberos.principal";
    public static final String HBASE_MASTER_KERBEROS_PRINCIPAL = "hbase.master.kerberos.principal";
    public static final String ZOOKEEPER_LOGIN_CONTEXT_NAME = "Client";
    public static final String ZOOKEEPER_SASL_CLIENT = "zookeeper.sasl.client";
    public static final String KERBEROS = "kerberos";

    public static <T> void createConnection(Configuration configuration, PrivilegedExceptionAction<T> privilegedExceptionAction) {
        try {
            synchronized (ConnectorSecurityUtils.AUTH_LOCK) {
                resolveSecurityConfig(configuration);
            }
            UserGroupInformation.getLoginUser().doAs(privilegedExceptionAction);
        } catch (IOException e) {
            LOG.error("Exception while getting LoginUser.", e);
            throw new RuntimeException("Exception while getting LoginUser.", e);
        } catch (InterruptedException e2) {
            LOG.error("Interrupted while creating hbase connection.", e2);
            throw new RuntimeException("Create hbase connector was interrupted.", e2);
        }
    }

    @VisibleForTesting
    public static void resolveSecurityConfig(Configuration configuration) {
        if (!configuration.getBoolean("connector.auth.open", false)) {
            LOG.info("Skip authenticating connector by itself.");
            return;
        }
        LOG.info("Resolving Hbase security config.");
        String uuid = UUID.randomUUID().toString();
        String str = configuration.get("connector.kerberos.principal");
        try {
            UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
            if (loginUser.getUserName().equalsIgnoreCase(str) || loginUser.getShortUserName().equalsIgnoreCase(str)) {
                LOG.info("Hadoop user has already been set to {}.", loginUser);
                setHbaseClientConfig(configuration, str);
                return;
            }
            String copyToLocal = ConnectorSecurityUtils.copyToLocal(uuid, configuration.get("connector.kerberos.krb5"));
            String copyToLocal2 = ConnectorSecurityUtils.copyToLocal(uuid, configuration.get("connector.kerberos.keytab"));
            System.setProperty("zookeeper.sasl.client", "true");
            ConnectorSecurityUtils.resolveJaasConfig("Client", copyToLocal, copyToLocal2, str);
            ConnectorSecurityUtils.setKRB5Path(copyToLocal);
            setHbaseClientConfig(configuration, str);
            login(copyToLocal2, copyToLocal, str, configuration);
        } catch (Exception e) {
            LOG.error("Exception while resolving security config.", e);
            throw new RuntimeException("Resolve security config error.", e);
        }
    }

    private static void setHbaseClientConfig(Configuration configuration, String str) throws KrbException {
        configuration.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS);
        configuration.set("hbase.security.authentication", KERBEROS);
        configuration.set("zookeeper.server.principal", str);
        String defaultRealm = Config.getInstance().getDefaultRealm();
        String format = String.format("hbase/hadoop.%s@%s", defaultRealm.toLowerCase(Locale.US), defaultRealm.toUpperCase(Locale.US));
        if (configuration.get("hbase.regionserver.kerberos.principal") == null) {
            configuration.set("hbase.regionserver.kerberos.principal", format);
        }
        if (configuration.get("hbase.master.kerberos.principal") == null) {
            configuration.set("hbase.master.kerberos.principal", format);
        }
    }

    private static void login(String str, String str2, String str3, Configuration configuration) throws SecurityModule.SecurityInstallException {
        new HadoopModule(ConnectorSecurityUtils.genSecurityConfiguration("", str2, str, str3, true), configuration).install();
    }
}
