package org.apache.ranger.audit.provider;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.huawei.us.common.random.UsSecureRandom;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.rmi.dgc.VMID;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Random;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import java.util.UUID;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.util.PlatformName;
import org.apache.log4j.helpers.LogLog;
import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;

/* loaded from: input_file:org/apache/ranger/audit/provider/MiscUtil.class */
public class MiscUtil {
    public static final String TOKEN_START = "%";
    public static final String TOKEN_END = "%";
    public static final String TOKEN_HOSTNAME = "hostname";
    public static final String TOKEN_APP_TYPE = "app-type";
    public static final String TOKEN_JVM_INSTANCE = "jvm-instance";
    public static final String TOKEN_TIME = "time:";
    public static final String TOKEN_PROPERTY = "property:";
    public static final String TOKEN_ENV = "env:";
    public static final String ESCAPE_STR = "\\";
    private static Gson sGsonBuilder;
    private static final Log logger = LogFactory.getLog(MiscUtil.class);
    private static final VMID sJvmID = new VMID();
    public static String LINE_SEPARATOR = System.getProperty("line.separator");
    private static String sApplicationType = null;
    private static UserGroupInformation ugiLoginUser = null;
    private static Subject subjectLoginUser = null;
    private static String local_hostname = null;
    private static Map<String, LogHistory> logHistoryList = new Hashtable();
    private static int logInterval = 30000;

    /* loaded from: input_file:org/apache/ranger/audit/provider/MiscUtil$KerberosConfiguration.class */
    private static class KerberosConfiguration extends Configuration {
        private String keytab;
        private String principal;

        public KerberosConfiguration(String str, String str2) {
            this.keytab = str;
            this.principal = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            if (PlatformName.IBM_JAVA) {
                hashMap.put("useKeytab", this.keytab.startsWith("file://") ? this.keytab : "file://" + this.keytab);
                hashMap.put("principal", this.principal);
                hashMap.put("credsType", "acceptor");
            } else {
                hashMap.put("keyTab", this.keytab);
                hashMap.put("principal", this.principal);
                hashMap.put("useKeyTab", "true");
                hashMap.put("storeKey", "true");
                hashMap.put("doNotPrompt", "true");
                hashMap.put("useTicketCache", "true");
                hashMap.put("renewTGT", "true");
                hashMap.put("isInitiator", "false");
            }
            hashMap.put("refreshKrb5Config", "true");
            String str2 = System.getenv("KRB5CCNAME");
            if (str2 != null) {
                if (PlatformName.IBM_JAVA) {
                    hashMap.put("useDefaultCcache", "true");
                    System.setProperty("KRB5CCNAME", str2);
                    hashMap.put("renewTGT", "true");
                    hashMap.put("credsType", "both");
                } else {
                    hashMap.put("ticketCache", str2);
                }
            }
            if (MiscUtil.logger.isDebugEnabled()) {
                hashMap.put("debug", "true");
            }
            return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/ranger/audit/provider/MiscUtil$LogHistory.class */
    public static class LogHistory {
        long lastLogTime = 0;
        int counter = 0;

        LogHistory() {
        }
    }

    /* loaded from: input_file:org/apache/ranger/audit/provider/MiscUtil$RandomHolder.class */
    private static class RandomHolder {
        static Random random;

        private RandomHolder() {
        }

        static {
            random = null;
            try {
                random = UsSecureRandom.getInstance();
            } catch (NoSuchAlgorithmException e) {
                MiscUtil.logger.error("Initial random instance failed.", e);
            }
        }
    }

    public static String replaceTokens(String str, long j) {
        int indexOf;
        int indexOf2;
        if (str == null) {
            return str;
        }
        if (j <= 0) {
            j = System.currentTimeMillis();
        }
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= str.length() || (indexOf = str.indexOf("%", i2)) == -1 || (indexOf2 = str.indexOf("%", indexOf + "%".length())) == -1) {
                break;
            }
            String substring = str.substring(indexOf, indexOf2 + "%".length());
            String substring2 = substring.substring("%".length(), substring.lastIndexOf("%"));
            String str2 = "";
            if (substring2 != null) {
                if (substring2.equals(TOKEN_HOSTNAME)) {
                    str2 = getHostname();
                } else if (substring2.equals(TOKEN_APP_TYPE)) {
                    str2 = getApplicationType();
                } else if (substring2.equals(TOKEN_JVM_INSTANCE)) {
                    str2 = getJvmInstanceId();
                } else if (substring2.startsWith(TOKEN_PROPERTY)) {
                    str2 = getSystemProperty(substring2.substring(TOKEN_PROPERTY.length()));
                } else if (substring2.startsWith(TOKEN_ENV)) {
                    str2 = getEnv(substring2.substring(TOKEN_ENV.length()));
                } else if (substring2.startsWith(TOKEN_TIME)) {
                    str2 = getFormattedTime(j, substring2.substring(TOKEN_TIME.length()));
                }
            }
            if (str2 == null) {
                str2 = "";
            }
            str = str.substring(0, indexOf) + str2 + str.substring(indexOf2 + "%".length());
            i = indexOf + str2.length();
        }
        return str;
    }

    public static String getHostname() {
        String str = local_hostname;
        if (str == null) {
            initLocalHost();
            str = local_hostname;
            if (str == null) {
                str = "unknown";
            }
        }
        return str;
    }

    public static void setApplicationType(String str) {
        sApplicationType = str;
    }

    public static String getApplicationType() {
        return sApplicationType;
    }

    public static String getJvmInstanceId() {
        return Long.toString(Math.abs(Integer.valueOf(sJvmID.toString().hashCode()).longValue()));
    }

    public static String getSystemProperty(String str) {
        String property;
        String str2 = null;
        if (str != null) {
            try {
                property = System.getProperty(str);
            } catch (Exception e) {
                LogLog.warn("getSystemProperty(" + str + ") failed", e);
            }
        } else {
            property = null;
        }
        str2 = property;
        return str2;
    }

    public static String getEnv(String str) {
        String str2;
        String str3 = null;
        if (str != null) {
            try {
                str2 = System.getenv(str);
            } catch (Exception e) {
                LogLog.warn("getenv(" + str + ") failed", e);
            }
        } else {
            str2 = null;
        }
        str3 = str2;
        return str3;
    }

    public static String getFormattedTime(long j, String str) {
        String str2 = null;
        try {
            str2 = new SimpleDateFormat(str).format(Long.valueOf(j));
        } catch (Exception e) {
            LogLog.warn("SimpleDateFormat.format() failed: " + str, e);
        }
        return str2;
    }

    public static void createParents(File file) {
        String parent;
        if (file == null || (parent = file.getParent()) == null) {
            return;
        }
        File file2 = new File(parent);
        if (file2.exists() || file2.mkdirs()) {
            return;
        }
        LogLog.warn("createParents(): failed to create " + file2.getAbsolutePath());
    }

    public static long getNextRolloverTime(long j, long j2) {
        long currentTimeMillis = (System.currentTimeMillis() / 1000) * 1000;
        if (j <= 0) {
            return currentTimeMillis + j2;
        }
        if (j > currentTimeMillis) {
            return j;
        }
        long j3 = currentTimeMillis + j2;
        return j3 - ((j3 - j) % j2);
    }

    public static long getRolloverStartTime(long j, long j2) {
        return j <= j2 ? System.currentTimeMillis() : j - j2;
    }

    public static int parseInteger(String str, int i) {
        int i2 = i;
        if (str != null) {
            try {
                i2 = Integer.parseInt(str);
            } catch (Exception e) {
            }
        }
        return i2;
    }

    public static String generateUniqueId() {
        return UUID.randomUUID().toString();
    }

    public static String generateGuid() {
        byte[] bArr = new byte[16];
        if (RandomHolder.random != null) {
            RandomHolder.random.nextBytes(bArr);
        } else {
            logger.error("RandomHolder.random is null");
        }
        return UUID.nameUUIDFromBytes(bArr).toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static <T> String stringify(T t) {
        String str = null;
        if (t != 0) {
            str = t instanceof String ? (String) t : sGsonBuilder != null ? sGsonBuilder.toJson(t) : t.toString();
        }
        return str;
    }

    public static <T> T fromJson(String str, Class<T> cls) {
        return (T) sGsonBuilder.fromJson(str, cls);
    }

    public static String getStringProperty(Properties properties, String str) {
        String property;
        String str2 = null;
        if (properties != null && str != null && (property = properties.getProperty(str)) != null) {
            str2 = property;
        }
        return str2;
    }

    public static boolean getBooleanProperty(Properties properties, String str, boolean z) {
        String property;
        boolean z2 = z;
        if (properties != null && str != null && (property = properties.getProperty(str)) != null) {
            z2 = Boolean.valueOf(property).booleanValue();
        }
        return z2;
    }

    public static int getIntProperty(Properties properties, String str, int i) {
        String property;
        int i2 = i;
        if (properties != null && str != null && (property = properties.getProperty(str)) != null) {
            try {
                i2 = Integer.parseInt(property);
            } catch (NumberFormatException e) {
                i2 = i;
            }
        }
        return i2;
    }

    public static long getLongProperty(Properties properties, String str, long j) {
        String property;
        long j2 = j;
        if (properties != null && str != null && (property = properties.getProperty(str)) != null) {
            try {
                j2 = Long.parseLong(property);
            } catch (NumberFormatException e) {
                j2 = j;
            }
        }
        return j2;
    }

    public static Map<String, String> getPropertiesWithPrefix(Properties properties, String str) {
        String substring;
        HashMap hashMap = new HashMap();
        if (properties != null && str != null) {
            for (String str2 : properties.stringPropertyNames()) {
                if (str2 != null) {
                    String property = properties.getProperty(str2);
                    if (str2.startsWith(str) && (substring = str2.substring(str.length())) != null) {
                        hashMap.put(substring, property);
                    }
                }
            }
        }
        return hashMap;
    }

    public static List<String> toArray(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        if (str != null && !str.isEmpty()) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, str2.trim());
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
        }
        return arrayList;
    }

    public static String getCredentialString(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        return RangerCredentialProvider.getInstance().getCredentialString(str, str2);
    }

    public static UserGroupInformation createUGIFromSubject(Subject subject) throws IOException {
        logger.info("SUBJECT " + (subject == null ? "not found" : "found"));
        UserGroupInformation userGroupInformation = null;
        if (subject != null) {
            logger.info("SUBJECT.PRINCIPALS.size()=" + subject.getPrincipals().size());
            Iterator<Principal> it = subject.getPrincipals().iterator();
            while (it.hasNext()) {
                logger.info("SUBJECT.PRINCIPAL.NAME=" + it.next().getName());
            }
            try {
                UserGroupInformation.getLoginUser();
                logger.info("Default UGI before using new Subject:" + UserGroupInformation.getLoginUser());
            } catch (Throwable th) {
                logger.error(th);
            }
            userGroupInformation = UserGroupInformation.getUGIFromSubject(subject);
            logger.info("SUBJECT.UGI.NAME=" + userGroupInformation.getUserName() + ", ugi=" + userGroupInformation);
        } else {
            logger.info("Server username is not available");
        }
        return userGroupInformation;
    }

    public static void setUGILoginUser(UserGroupInformation userGroupInformation, Subject subject) {
        if (userGroupInformation != null) {
            UserGroupInformation.setLoginUser(userGroupInformation);
            ugiLoginUser = userGroupInformation;
            logger.info("Setting UGI=" + userGroupInformation);
        } else {
            logger.error("UGI is null. Not setting it.");
        }
        if (subject != null) {
            logger.info("Setting SUBJECT");
            subjectLoginUser = subject;
        }
    }

    public static UserGroupInformation getUGILoginUser() {
        UserGroupInformation userGroupInformation = ugiLoginUser;
        if (userGroupInformation == null) {
            try {
                userGroupInformation = getLoginUser();
            } catch (IOException e) {
                logger.error("Error getting UGI.", e);
            }
        }
        if (userGroupInformation != null) {
            try {
                userGroupInformation.checkTGTAndReloginFromKeytab();
            } catch (IOException e2) {
                logger.error("Error renewing TGT and relogin. Ignoring Exception, and continuing with the old TGT", e2);
            }
        }
        return userGroupInformation;
    }

    public static <X> X executePrivilegedAction(PrivilegedExceptionAction<X> privilegedExceptionAction) throws Exception {
        UserGroupInformation uGILoginUser = getUGILoginUser();
        return uGILoginUser != null ? (X) uGILoginUser.doAs(privilegedExceptionAction) : privilegedExceptionAction.run();
    }

    public static <X> X executePrivilegedAction(PrivilegedAction<X> privilegedAction) {
        UserGroupInformation uGILoginUser = getUGILoginUser();
        return uGILoginUser != null ? (X) uGILoginUser.doAs(privilegedAction) : privilegedAction.run();
    }

    public static Subject getSubjectLoginUser() {
        return subjectLoginUser;
    }

    public static String getKerberosNamesRules() {
        return KerberosName.getRules();
    }

    public static String getShortNameFromPrincipalName(String str) {
        if (str == null) {
            return null;
        }
        try {
            return StringUtils.substringBefore(StringUtils.substringBefore(new KerberosName(str).getShortName(), "/"), "@");
        } catch (Throwable th) {
            logger.error("Error converting kerberos name. principal=" + str + ", KerberosName.rules=" + KerberosName.getRules());
            return str;
        }
    }

    public static Set<String> getGroupsForRequestUser(String str) {
        if (str != null) {
            try {
                String[] groupNames = UserGroupInformation.createRemoteUser(str).getGroupNames();
                if (groupNames != null && groupNames.length > 0) {
                    HashSet hashSet = new HashSet();
                    for (String str2 : groupNames) {
                        hashSet.add(str2);
                    }
                    return hashSet;
                }
            } catch (Throwable th) {
                logErrorMessageByInterval(logger, "Error getting groups for users. userName=" + str, th);
            }
        }
        return Collections.emptySet();
    }

    public static boolean logErrorMessageByInterval(Log log, String str) {
        return logErrorMessageByInterval(log, str, null);
    }

    public static boolean logErrorMessageByInterval(Log log, String str, Throwable th) {
        if (str == null) {
            return false;
        }
        LogHistory logHistory = logHistoryList.get(str);
        if (logHistory == null) {
            logHistory = new LogHistory();
            logHistoryList.put(str, logHistory);
        }
        if (System.currentTimeMillis() - logHistory.lastLogTime <= logInterval) {
            logHistory.counter++;
            return false;
        }
        logHistory.lastLogTime = System.currentTimeMillis();
        int i = logHistory.counter;
        logHistory.counter = 0;
        if (i > 0) {
            str = str + ". Messages suppressed before: " + i;
        }
        if (th == null) {
            log.error(str);
            return true;
        }
        log.error(str, th);
        return true;
    }

    public static void setUGIFromJAASConfig(String str) throws Exception {
        String str2 = null;
        String str3 = null;
        boolean z = true;
        UserGroupInformation userGroupInformation = null;
        if (logger.isDebugEnabled()) {
            logger.debug("===> MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + str);
        }
        try {
            AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(str);
            if (ArrayUtils.isEmpty(appConfigurationEntry)) {
                logger.warn("JAASConfig file not found! Ranger Plugin will not working in a Secure Cluster...");
            } else {
                for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
                    if (appConfigurationEntry2.getOptions().get("keyTab") != null) {
                        str2 = (String) appConfigurationEntry2.getOptions().get("keyTab");
                    }
                    if (appConfigurationEntry2.getOptions().get("principal") != null) {
                        str3 = (String) appConfigurationEntry2.getOptions().get("principal");
                    }
                    if (appConfigurationEntry2.getOptions().get("useKeyTab") != null) {
                        z = Boolean.valueOf((String) appConfigurationEntry2.getOptions().get("useKeyTab")).booleanValue();
                    }
                    if (!StringUtils.isEmpty(str3) && !StringUtils.isEmpty(str2)) {
                        break;
                    }
                }
                if (!StringUtils.isEmpty(str3) && !StringUtils.isEmpty(str2) && z) {
                    ugiLoginUser = UserGroupInformation.loginUserFromKeytabAndReturnUGI(str3, str2);
                    userGroupInformation = ugiLoginUser;
                } else if (z) {
                    String str4 = "Unable to get the principal/keytab from jaasConfigAppName: " + str;
                    logger.error(str4);
                    throw new Exception(str4);
                }
                logger.info("MiscUtil.setUGIFromJAASConfig() UGI: " + userGroupInformation + " principal: " + str3);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("<=== MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + str + " UGI: " + userGroupInformation + " principal: " + str3);
            }
        } catch (Exception e) {
            logger.error("Unable to set UGI for Principal: " + ((String) null) + " keytab: " + ((String) null));
            throw e;
        }
    }

    /* JADX WARN: Finally extract failed */
    public static void authWithKerberos(String str, String str2, String str3) {
        String[] strArr;
        if (str == null || str2 == null) {
            return;
        }
        Subject subject = new Subject();
        int i = 0;
        try {
            if (str2.equals("*")) {
                strArr = KerberosUtil.getPrincipalNames(str, Pattern.compile("HTTP/.*"));
                if (strArr.length == 0) {
                    logger.error("No principals found in keytab=" + str);
                }
            } else {
                strArr = new String[]{str2};
            }
            if (str3 != null) {
                KerberosName.setRules(str3);
            }
            if (1 == 0) {
                logger.info("Creating UGI with subject");
                LoginContext loginContext = null;
                ArrayList arrayList = new ArrayList();
                for (String str4 : strArr) {
                    try {
                        logger.info("Login using keytab, for principal " + str4);
                        loginContext = new LoginContext("", subject, (CallbackHandler) null, new KerberosConfiguration(str, str4));
                        loginContext.login();
                        i++;
                        logger.info("Login success keytab, for principal " + str4);
                        arrayList.add(loginContext);
                    } catch (Throwable th) {
                        logger.error("Login failed keytab " + str + ", for principal " + str4, th);
                    }
                    if (i > 0) {
                        logger.info("Total login success count=" + i);
                        try {
                            try {
                                UserGroupInformation.loginUserFromSubject(subject);
                                if (loginContext != null) {
                                    loginContext.logout();
                                }
                            } catch (Throwable th2) {
                                logger.error("Error creating UGI from subject. subject=" + subject);
                                if (loginContext != null) {
                                    loginContext.logout();
                                }
                            }
                        } catch (Throwable th3) {
                            if (loginContext != null) {
                                loginContext.logout();
                            }
                            throw th3;
                        }
                    } else {
                        logger.error("Total logins were successfull from keytab=" + str + ", principal=" + str2);
                    }
                }
            } else {
                logger.info("Creating UGI from keytab directly. principal=" + strArr[0]);
                setUGILoginUser(UserGroupInformation.loginUserFromKeytabAndReturnUGI(strArr[0], str), null);
            }
        } catch (Throwable th4) {
            logger.error("Failed to login with given keytab and principal", th4);
        }
    }

    public static UserGroupInformation getLoginUser() throws IOException {
        return UserGroupInformation.getLoginUser();
    }

    private static void initLocalHost() {
        if (logger.isDebugEnabled()) {
            logger.debug("==> MiscUtil.initLocalHost()");
        }
        try {
            local_hostname = InetAddress.getLocalHost().getHostName();
        } catch (Throwable th) {
            LogLog.warn("getHostname()", th);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== MiscUtil.initLocalHost()");
        }
    }

    public static Date getUTCDateForLocalDate(Date date) {
        TimeZone timeZone = TimeZone.getTimeZone("GMT+0");
        Calendar calendar = Calendar.getInstance();
        int offset = calendar.getTimeZone().getOffset(calendar.getTimeInMillis());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(timeZone);
        gregorianCalendar.setTimeInMillis(date.getTime());
        gregorianCalendar.add(14, -offset);
        return gregorianCalendar.getTime();
    }

    public static Date getUTCDate() {
        TimeZone timeZone = TimeZone.getTimeZone("GMT+0");
        Calendar calendar = Calendar.getInstance();
        int offset = calendar.getTimeZone().getOffset(calendar.getTimeInMillis());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(timeZone);
        gregorianCalendar.setTimeInMillis(calendar.getTimeInMillis());
        gregorianCalendar.add(14, -offset);
        return gregorianCalendar.getTime();
    }

    static {
        sGsonBuilder = null;
        try {
            sGsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd HH:mm:ss.SSS").create();
        } catch (Throwable th) {
            LogLog.warn("failed to create GsonBuilder object. stringify() will return obj.toString(), instead of Json", th);
        }
        initLocalHost();
    }
}
