package org.apache.hadoop.hbase.security;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.zookeeper.ZKUtil;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/apache/hadoop/hbase/security/HBaseLoginHelper.class */
public class HBaseLoginHelper {
    private String krb5Path;
    private Configuration conf;
    private static final String SYSTEM_SECURITY_KRB5_KEY = "java.security.krb5.conf";
    private static final String CONF_PRINCIPAL = "hbase.client.kerberos.principal";
    private static final String CONF_KEYTAB = "hbase.client.keytab.file";
    private static final String CONF_JAAS_FILE = "zookeeper.client.jaas.file";
    private static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private static final String CONF_KRB5_FILE = "ctbase.client.krb5.file";
    private static final String ZK_PRINCIPAL_NAME = "zookeeper.server.principal";
    private static final String DEFAULT_KRB5_NAME = "krb5.conf";
    private static final String KRB5_WIN_NAME = "krb5.ini";
    private static final String DEFAULT_KRB5_PATH = "/etc/krb5.conf";
    private static final String JAAS_CONF_FILENAME = "jaas.conf";
    private static final String KRB5_WIN = "c:\\winnt\\krb5.ini";
    private static final String KRB5_SUNOS = "/etc/krb5/krb5.conf";
    private static final String OS_WIN = "Windows";
    private static final String OS_SUNOS = "SunOS";
    private static final String OS_X = "OS X";
    private static final String MACOS_CONF_FILE = "/Library/Preferences/edu.mit.Kerberos";
    private static final Log LOG = LogFactory.getLog(HBaseLoginHelper.class);
    private static volatile boolean alreadyLogin = false;

    public HBaseLoginHelper(Configuration configuration) {
        this.conf = configuration;
    }

    public static void resetLoginState() {
        alreadyLogin = false;
    }

    public static boolean isSecureCluster(Configuration configuration) {
        if (!User.isHBaseSecurityEnabled(configuration)) {
            LOG.info("HBase security is not enabled.");
            return false;
        }
        if (User.isSecurityEnabled()) {
            return true;
        }
        LOG.warn("HBase security is enable, hadoop security is not enabled, the core-site.xml may not loaded.");
        return true;
    }

    public void doKerberosLogin() throws IOException {
        if (alreadyLogin) {
            return;
        }
        if (this.conf == null) {
            throw new RuntimeException("Configuration is not initialized.");
        }
        if (isSecureCluster(this.conf)) {
            synchronized (HBaseLoginHelper.class) {
                if (alreadyLogin) {
                    return;
                }
                prepareSecurityConf(this.conf);
                try {
                    Config.refresh();
                } catch (KrbException e) {
                    LOG.error("Refresh krb5.conf error.", e);
                }
                try {
                    String canonicalHostName = InetAddress.getLocalHost().getCanonicalHostName();
                    try {
                        User.login(this.conf, CONF_KEYTAB, CONF_PRINCIPAL, canonicalHostName);
                        ZKUtil.loginClient(this.conf, CONF_KEYTAB, CONF_PRINCIPAL, canonicalHostName);
                        alreadyLogin = true;
                    } catch (IOException e2) {
                        IOException encloseLoginException = encloseLoginException(e2);
                        LOG.error("Login failed.", encloseLoginException);
                        throw encloseLoginException;
                    }
                } catch (UnknownHostException e3) {
                    LOG.error("Unknown hostname.", e3);
                    throw e3;
                }
            }
        }
    }

    private IOException encloseLoginException(IOException iOException) {
        IOException iOException2 = new IOException(!isKRB5FileExist() ? "The krb5.conf file not found, Please set the file path to propert java.security.krb5.conf or check the default path : " + this.krb5Path : "Got IOException when user login. Please check the username, keytab file and time.", iOException.getCause());
        iOException2.setStackTrace(iOException.getStackTrace());
        LOG.error(iOException2);
        return iOException2;
    }

    void prepareSecurityConf(Configuration configuration) throws IOException {
        String str;
        if (LOG.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
        }
        String str2 = configuration.get(ZK_PRINCIPAL_NAME);
        if (!StringUtils.isEmpty(str2)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("User specified zookeeper.server.principal is " + str2);
            }
            System.setProperty(ZK_PRINCIPAL_NAME, str2);
        }
        String property = System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        if (StringUtils.isEmpty(property)) {
            try {
                property = getSourceFilePath(JAAS_CONF_FILENAME);
            } catch (IOException e) {
                property = configuration.get(CONF_JAAS_FILE);
                if (StringUtils.isEmpty(property)) {
                    LOG.error("jaas.conf file was not specified. Please check system property of java.security.auth.login.config OR client configuration of zookeeper.client.jaas.file.");
                    throw new IOException("jaas.conf file was not specified. Please check system property of java.security.auth.login.config OR client configuration of zookeeper.client.jaas.file.");
                }
            }
        }
        LOG.info("The jaas.conf file path is " + property);
        System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, property);
        if (getProperty(SYSTEM_SECURITY_KRB5_KEY) == null) {
            try {
                str = getSourceFilePath(DEFAULT_KRB5_NAME);
            } catch (IOException e2) {
                str = configuration.get(CONF_KRB5_FILE);
            }
            if (!StringUtils.isEmpty(str)) {
                LOG.info("Using ctbase.client.krb5.file path as the krb5.conf property.");
                System.setProperty(SYSTEM_SECURITY_KRB5_KEY, str);
            }
        }
        if (StringUtils.isEmpty(configuration.get(CONF_PRINCIPAL))) {
            LOG.error("Principal hbase.client.kerberos.principal should be configured");
        }
        String str3 = configuration.get(CONF_KEYTAB);
        if (StringUtils.isEmpty(str3)) {
            LOG.error("Keytab file name hbase.client.keytab.file should be configured");
        } else if (!new File(str3).exists()) {
            throw new IOException("The keytab file " + str3 + " does not exist");
        }
        LOG.info("The keytab file path is " + str3);
    }

    String getSourceFilePath(String str) throws IOException {
        URL url = null;
        ClassLoader classLoader = HBaseLoginHelper.class.getClassLoader();
        if (classLoader != null) {
            url = classLoader.getResource(str);
        }
        if (null == url) {
            String str2 = "The resource file " + str + " not exist in class path.";
            LOG.error(str2);
            throw new IOException(str2);
        }
        String path = url.getPath();
        if (path.startsWith(File.separator)) {
            path = path.substring(1, path.length());
        }
        return path;
    }

    boolean isKRB5FileExist() {
        this.krb5Path = getKRB5FileName();
        if (StringUtils.isEmpty(this.krb5Path)) {
            return false;
        }
        return fileExists(this.krb5Path);
    }

    String getKRB5FileName() {
        String property = getProperty(SYSTEM_SECURITY_KRB5_KEY);
        if (null == property) {
            property = this.conf.get(CONF_KRB5_FILE);
        }
        if (property == null) {
            property = this.conf.get(CONF_KRB5_FILE);
        }
        if (property == null || StringUtils.isEmpty(property)) {
            property = getProperty("java.home") + (File.separator + "lib" + File.separator + "security" + File.separator + DEFAULT_KRB5_NAME);
            if (!fileExists(property)) {
                property = null;
                String property2 = getProperty("os.name");
                if (property2.startsWith(OS_WIN)) {
                    String str = System.getenv("windir");
                    if (str != null) {
                        String str2 = str.endsWith(File.separator) ? str + KRB5_WIN_NAME : str + File.separator + KRB5_WIN_NAME;
                        if (fileExists(str2)) {
                            property = str2;
                        }
                    }
                    if (property == null) {
                        property = KRB5_WIN;
                    }
                } else if (property2.startsWith(OS_SUNOS)) {
                    property = KRB5_SUNOS;
                } else if (!property2.contains(OS_X)) {
                    property = DEFAULT_KRB5_PATH;
                } else {
                    if (isMacosLionOrBetter()) {
                        return "";
                    }
                    property = findMacosConfigFile();
                }
            }
        }
        LOG.info("Krb5.conf Config name: " + property);
        return property;
    }

    private static boolean isMacosLionOrBetter() {
        String[] split = System.getProperty("os.version").split("\\.");
        if (!split[0].equals("10") || split.length < 2) {
            return false;
        }
        try {
            return Integer.parseInt(split[1]) >= 7;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    private boolean fileExists(String str) {
        return new File(str).exists();
    }

    private String getProperty(String str) {
        return System.getProperty(str);
    }

    private String findMacosConfigFile() {
        String str = getProperty("user.home") + MACOS_CONF_FILE;
        return fileExists(str) ? str : fileExists(MACOS_CONF_FILE) ? MACOS_CONF_FILE : fileExists(DEFAULT_KRB5_PATH) ? DEFAULT_KRB5_PATH : "";
    }

    public static boolean isAlreadyLogin() {
        return alreadyLogin;
    }

    public Configuration getConf() {
        return this.conf;
    }
}
