package org.apache.hadoop.security;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.util.StringUtils;

/* loaded from: input_file:lib/ranger-plugins-common-0.7.0.jar:org/apache/hadoop/security/SecureClientLogin.class */
public class SecureClientLogin {
    private static final Log LOG = LogFactory.getLog(SecureClientLogin.class);
    public static final String HOSTNAME_PATTERN = "_HOST";

    public static synchronized Subject loginUserFromKeytab(String str, String str2) throws IOException {
        try {
            Subject subject = new Subject();
            LoginContext loginContext = new LoginContext("hadoop-keytab-kerberos", subject, (CallbackHandler) null, new SecureClientLoginConfiguration(true, str, str2));
            subject.getPrincipals().add(new User(str, UserGroupInformation.AuthenticationMethod.KERBEROS, loginContext));
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new IOException("Login failure for " + str + " from keytab " + str2, e);
        }
    }

    public static synchronized Subject loginUserFromKeytab(String str, String str2, String str3) throws IOException {
        try {
            Subject subject = new Subject();
            LoginContext loginContext = new LoginContext("hadoop-keytab-kerberos", subject, (CallbackHandler) null, new SecureClientLoginConfiguration(true, str, str2));
            KerberosName.setRules(str3);
            subject.getPrincipals().add(new User(str, UserGroupInformation.AuthenticationMethod.KERBEROS, loginContext));
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new IOException("Login failure for " + str + " from keytab " + str2, e);
        }
    }

    public static synchronized Subject loginUserWithPassword(String str, String str2) throws IOException {
        try {
            Subject subject = new Subject();
            LoginContext loginContext = new LoginContext("hadoop-keytab-kerberos", subject, (CallbackHandler) null, new SecureClientLoginConfiguration(false, str, str2));
            subject.getPrincipals().add(new User(str, UserGroupInformation.AuthenticationMethod.KERBEROS, loginContext));
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new IOException("Login failure for " + str + " using password " + str2.replaceAll(".", "*"), e);
        }
    }

    public static synchronized Subject login(String str) throws IOException {
        Subject subject = new Subject();
        subject.getPrincipals().add(new User(str));
        return subject;
    }

    public static Set<Principal> getUserPrincipals(Subject subject) {
        Set principals;
        if (subject == null || (principals = subject.getPrincipals(User.class)) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            hashSet.add((User) it.next());
        }
        return hashSet;
    }

    public static Principal createUserPrincipal(String str) {
        return new User(str);
    }

    public static boolean isKerberosCredentialExists(String str, String str2) {
        boolean z = false;
        if (str2 == null || str2.isEmpty()) {
            LOG.warn("Can't find keyTab Path : " + str2);
        } else {
            File file = new File(str2);
            if (!file.exists()) {
                LOG.warn(str2 + " doesn't exist.");
            } else if (file.canRead()) {
                z = true;
            } else {
                LOG.warn("Unable to read " + str2 + " Please check the file access permissions for user");
            }
        }
        if (str == null || str.isEmpty() || !z) {
            z = false;
            LOG.warn("Can't find principal : " + str);
        }
        return z;
    }

    public static String getPrincipal(String str, String str2) throws IOException {
        String[] components = getComponents(str);
        if (components == null || components.length != 3 || !components[1].equals(HOSTNAME_PATTERN)) {
            return str;
        }
        if (str2 == null) {
            throw new IOException("Can't replace _HOST pattern since client ranger.service.host is null");
        }
        return replacePattern(components, str2);
    }

    private static String[] getComponents(String str) {
        if (str == null) {
            return null;
        }
        return str.split("[/@]");
    }

    private static String replacePattern(String[] strArr, String str) throws IOException {
        String str2 = str;
        if (str2 == null || str2.isEmpty() || str2.equals("0.0.0.0")) {
            str2 = InetAddress.getLocalHost().getCanonicalHostName();
        }
        return strArr[0] + "/" + StringUtils.toLowerCase(str2) + "@" + strArr[2];
    }
}
