package org.apache.hadoop.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.PrincipalName;

/* loaded from: input_file:org/apache/hadoop/security/SecurityUtil.class */
public class SecurityUtil {
    public static final Log LOG = LogFactory.getLog(SecurityUtil.class);
    public static final String HOSTNAME_PATTERN = "_HOST";

    private static KerberosTicket getTgtFromSubject() throws IOException {
        Subject subject = UserGroupInformation.getCurrentUser().getSubject();
        if (subject == null) {
            throw new IOException("Can't get TGT from current Subject, because it is null");
        }
        for (KerberosTicket kerberosTicket : subject.getPrivateCredentials(KerberosTicket.class)) {
            if (isOriginalTGT(kerberosTicket.getServer().getName())) {
                return kerberosTicket;
            }
        }
        throw new IOException("Failed to find TGT from current Subject");
    }

    protected static boolean isOriginalTGT(String str) {
        if (str == null) {
            return false;
        }
        String[] split = str.split("[/@]");
        return split.length == 3 && "krbtgt".equals(split[0]) && split[1].equals(split[2]);
    }

    public static void fetchServiceTicket(URL url) throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            String str = "host/" + url.getHost();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Fetching service ticket for host at: " + str);
            }
            try {
                sun.security.krb5.Credentials acquireServiceCreds = sun.security.krb5.Credentials.acquireServiceCreds(new PrincipalName(str, 3).toString(), Krb5Util.ticketToCreds(getTgtFromSubject()));
                if (acquireServiceCreds == null) {
                    throw new IOException("Can't get service ticket for " + str);
                }
                UserGroupInformation.getCurrentUser().getSubject().getPrivateCredentials().add(Krb5Util.credsToTicket(acquireServiceCreds));
            } catch (Exception e) {
                throw new IOException("Can't get service ticket for: " + str, e);
            }
        }
    }

    public static String getServerPrincipal(String str, String str2) throws IOException {
        String[] components = getComponents(str);
        return (components != null && components.length == 3 && components[1].equals(HOSTNAME_PATTERN)) ? replacePattern(components, str2) : str;
    }

    public static String getServerPrincipal(String str, InetAddress inetAddress) throws IOException {
        String[] components = getComponents(str);
        if (components == null || components.length != 3 || !components[1].equals(HOSTNAME_PATTERN)) {
            return str;
        }
        if (inetAddress == null) {
            throw new IOException("Can't replace _HOST pattern since client address is null");
        }
        return replacePattern(components, inetAddress.getCanonicalHostName());
    }

    private static String[] getComponents(String str) {
        if (str == null) {
            return null;
        }
        return str.split("[/@]");
    }

    private static String replacePattern(String[] strArr, String str) throws IOException {
        String str2 = str;
        if (str2 == null || str2.equals("") || str2.equals("0.0.0.0")) {
            str2 = getLocalHostName();
        }
        return strArr[0] + "/" + str2 + "@" + strArr[2];
    }

    static String getLocalHostName() throws UnknownHostException {
        return InetAddress.getLocalHost().getCanonicalHostName();
    }

    public static void login(Configuration configuration, String str, String str2) throws IOException {
        login(configuration, str, str2, getLocalHostName());
    }

    public static void login(Configuration configuration, String str, String str2, String str3) throws IOException {
        String str4 = configuration.get(str);
        if (str4 != null) {
            UserGroupInformation.loginUserFromKeytab(getServerPrincipal(configuration.get(str2, System.getProperty("user.name")), str3), str4);
        } else if (UserGroupInformation.isSecurityEnabled()) {
            LOG.warn("No keytab file '" + str + "' configured.");
        }
    }

    public static String buildDTServiceName(URI uri, int i) {
        int port = uri.getPort();
        if (port == -1) {
            port = i;
        }
        StringBuffer stringBuffer = new StringBuffer();
        String host = uri.getHost();
        stringBuffer.append(host != null ? NetUtils.normalizeHostName(host) : "").append(":").append(port);
        return stringBuffer.toString();
    }

    public static AccessControlList getAdminAcls(Configuration configuration, String str) {
        try {
            AccessControlList accessControlList = new AccessControlList(configuration.get(str, MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR));
            accessControlList.addUser(UserGroupInformation.getCurrentUser().getShortUserName());
            return accessControlList;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
