package com.datatorrent.stram.util;

import com.datatorrent.api.Context;
import com.datatorrent.stram.plan.logical.LogicalPlanConfiguration;
import com.datatorrent.stram.security.AuthScheme;
import com.datatorrent.stram.security.StramUserLogin;
import com.datatorrent.stram.security.StramWSFilterInitializer;
import com.datatorrent.stram.util.WebServicesClient;
import com.google.common.annotations.VisibleForTesting;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datatorrent/stram/util/SecurityUtils.class */
public class SecurityUtils {

    @VisibleForTesting
    protected static final String HADOOP_HTTP_AUTH_PROP = "hadoop.http.authentication.type";
    private static final String HADOOP_HTTP_AUTH_VALUE_SIMPLE = "simple";
    private static final String HADOOP_HTTP_AUTH_SIMPLE_ANONYMOUS_ALLOWED_PROP = "hadoop.http.authentication.simple.anonymous.allowed";
    private static final String SSL_SERVER_KEYSTORE_LOCATION = "ssl.server.keystore.location";
    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class);
    private static boolean stramWebSecurityEnabled = UserGroupInformation.isSecurityEnabled();
    private static boolean hadoopWebSecurityEnabled = stramWebSecurityEnabled;

    public static void init(Configuration configuration) {
        init(configuration, null);
    }

    public static void init(Configuration configuration, Context.StramHTTPAuthentication stramHTTPAuthentication) {
        hadoopWebSecurityEnabled = false;
        String str = configuration.get(HADOOP_HTTP_AUTH_PROP);
        if (str != null && !str.equals(HADOOP_HTTP_AUTH_VALUE_SIMPLE)) {
            hadoopWebSecurityEnabled = true;
            initAuth(configuration);
        }
        if (stramHTTPAuthentication == Context.StramHTTPAuthentication.FOLLOW_HADOOP_HTTP_AUTH) {
            stramWebSecurityEnabled = hadoopWebSecurityEnabled;
            return;
        }
        if (stramHTTPAuthentication == Context.StramHTTPAuthentication.ENABLE) {
            stramWebSecurityEnabled = true;
        } else if (stramHTTPAuthentication == Context.StramHTTPAuthentication.DISABLE) {
            stramWebSecurityEnabled = false;
        } else {
            stramWebSecurityEnabled = UserGroupInformation.isSecurityEnabled();
        }
    }

    private static void initAuth(final Configuration configuration) {
        WebServicesClient.initAuth(new WebServicesClient.ConfigProvider() { // from class: com.datatorrent.stram.util.SecurityUtils.1
            @Override // com.datatorrent.stram.util.WebServicesClient.ConfigProvider
            public String getProperty(AuthScheme authScheme, String str) {
                return configuration.get(StramUserLogin.DT_AUTH_PREFIX + authScheme.getName() + LogicalPlanConfiguration.KEY_SEPARATOR + str);
            }
        });
    }

    public static boolean isHadoopWebSecurityEnabled() {
        return hadoopWebSecurityEnabled;
    }

    @VisibleForTesting
    protected static boolean isStramWebSecurityEnabled() {
        return stramWebSecurityEnabled;
    }

    public static Configuration configureWebAppSecurity(Configuration configuration, Context.SSLConfig sSLConfig) {
        if (isStramWebSecurityEnabled()) {
            configuration = new Configuration(configuration);
            configuration.set("hadoop.http.filter.initializers", StramWSFilterInitializer.class.getCanonicalName());
        } else {
            String str = configuration.get(HADOOP_HTTP_AUTH_PROP);
            if (!HADOOP_HTTP_AUTH_VALUE_SIMPLE.equals(str)) {
                LOG.warn("Found {} {} but authentication was disabled in Apex.", HADOOP_HTTP_AUTH_PROP, str);
                configuration = new Configuration(configuration);
                configuration.set(HADOOP_HTTP_AUTH_PROP, HADOOP_HTTP_AUTH_VALUE_SIMPLE);
                configuration.setBoolean(HADOOP_HTTP_AUTH_SIMPLE_ANONYMOUS_ALLOWED_PROP, true);
            }
        }
        if (sSLConfig != null) {
            addSSLConfigResource(configuration, sSLConfig);
        }
        return configuration;
    }

    private static void addSSLConfigResource(Configuration configuration, Context.SSLConfig sSLConfig) {
        String configPath = sSLConfig.getConfigPath();
        if (StringUtils.isNotEmpty(configPath)) {
            configuration.addResource(new Path(configPath));
            return;
        }
        Configuration configuration2 = new Configuration(false);
        String longName = Context.DAGContext.SSL_CONFIG.getLongName();
        configuration2.set(SSL_SERVER_KEYSTORE_LOCATION, new Path(sSLConfig.getKeyStorePath()).getName(), longName);
        configuration2.set("ssl.server.keystore.password", sSLConfig.getKeyStorePassword(), longName);
        configuration2.set("ssl.server.keystore.keypassword", sSLConfig.getKeyStoreKeyPassword(), longName);
        configuration.addResource(configuration2);
    }
}
