package org.apache.hadoop.hbase.zookeeper;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hbase/zookeeper/ZKAuthentication.class */
public final class ZKAuthentication {
    private static final Logger LOG = LoggerFactory.getLogger(ZKAuthentication.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hbase/zookeeper/ZKAuthentication$JaasConfiguration.class */
    public static class JaasConfiguration extends Configuration {
        public static final String SERVER_KEYTAB_KERBEROS_CONFIG_NAME = "zookeeper-server-keytab-kerberos";
        public static final String CLIENT_KEYTAB_KERBEROS_CONFIG_NAME = "zookeeper-client-keytab-kerberos";
        private static final Map<String, String> KEYTAB_KERBEROS_OPTIONS;
        private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN;
        private static final AppConfigurationEntry[] KEYTAB_KERBEROS_CONF;
        private Configuration baseConfig;
        private final String loginContextName;
        private final boolean useTicketCache;
        private final String keytabFile;
        private final String principal;
        private static final Logger LOG = LoggerFactory.getLogger(JaasConfiguration.class);
        private static final Map<String, String> BASIC_JAAS_OPTIONS = new HashMap();

        public JaasConfiguration(String str, String str2, String str3) {
            this(str, str2, str3, str3 == null || str3.length() == 0);
        }

        private JaasConfiguration(String str, String str2, String str3, boolean z) {
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
            this.loginContextName = str;
            this.useTicketCache = z;
            this.keytabFile = str3;
            this.principal = str2;
            LOG.info("JaasConfiguration loginContextName={} principal={} useTicketCache={} keytabFile={}", new Object[]{str, str2, Boolean.valueOf(z), str3});
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (!this.loginContextName.equals(str)) {
                if (this.baseConfig != null) {
                    return this.baseConfig.getAppConfigurationEntry(str);
                }
                return null;
            }
            if (!this.useTicketCache) {
                KEYTAB_KERBEROS_OPTIONS.put("keyTab", this.keytabFile);
                KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", "true");
            }
            KEYTAB_KERBEROS_OPTIONS.put("principal", this.principal);
            KEYTAB_KERBEROS_OPTIONS.put("useTicketCache", this.useTicketCache ? "true" : "false");
            return KEYTAB_KERBEROS_CONF;
        }

        static {
            if ("true".equalsIgnoreCase(System.getenv("HBASE_JAAS_DEBUG"))) {
                BASIC_JAAS_OPTIONS.put("debug", "true");
            }
            KEYTAB_KERBEROS_OPTIONS = new HashMap();
            KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", "true");
            KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
            KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", "true");
            KEYTAB_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
            KEYTAB_KERBEROS_LOGIN = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, KEYTAB_KERBEROS_OPTIONS);
            KEYTAB_KERBEROS_CONF = new AppConfigurationEntry[]{KEYTAB_KERBEROS_LOGIN};
        }
    }

    private ZKAuthentication() {
    }

    public static void loginServer(org.apache.hadoop.conf.Configuration configuration, String str, String str2, String str3) throws IOException {
        login(configuration, str, str2, str3, "zookeeper.sasl.serverconfig", JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME);
    }

    public static void loginClient(org.apache.hadoop.conf.Configuration configuration, String str, String str2, String str3) throws IOException {
        login(configuration, str, str2, str3, "zookeeper.sasl.clientconfig", JaasConfiguration.CLIENT_KEYTAB_KERBEROS_CONFIG_NAME);
    }

    private static void login(org.apache.hadoop.conf.Configuration configuration, String str, String str2, String str3, String str4, String str5) throws IOException {
        if (isSecureZooKeeper(configuration) && System.getProperty("java.security.auth.login.config") == null) {
            String str6 = configuration.get(str);
            if (str6 == null) {
                LOG.warn("no keytab specified for: {}", str);
            } else {
                Configuration.setConfiguration(new JaasConfiguration(str5, SecurityUtil.getServerPrincipal(configuration.get(str2, System.getProperty("user.name")), str3), str6));
                System.setProperty(str4, str5);
            }
        }
    }

    public static boolean isSecureZooKeeper(org.apache.hadoop.conf.Configuration configuration) {
        try {
            Configuration configuration2 = Configuration.getConfiguration();
            if (configuration2.getAppConfigurationEntry("Client") == null && configuration2.getAppConfigurationEntry(JaasConfiguration.CLIENT_KEYTAB_KERBEROS_CONFIG_NAME) == null && configuration2.getAppConfigurationEntry(JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME) == null && configuration.get(HConstants.ZK_CLIENT_KERBEROS_PRINCIPAL) == null) {
                if (configuration.get(HConstants.ZK_SERVER_KERBEROS_PRINCIPAL) == null) {
                    return false;
                }
            }
            return "kerberos".equalsIgnoreCase(configuration.get(User.HBASE_SECURITY_CONF_KEY));
        } catch (Exception e) {
            return false;
        }
    }
}
