package org.apache.kylin.tool.kerberos;

import alluxio.shaded.client.org.apache.zookeeper.client.ZKClientConfig;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Shell;
import org.apache.kylin.common.KapConfig;
import org.apache.kylin.common.util.Unsafe;
import org.apache.kylin.guava30.shaded.common.base.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:org/apache/kylin/tool/kerberos/KerberosLoginTask.class */
public class KerberosLoginTask {
    private static final Logger logger = LoggerFactory.getLogger(KerberosLoginTask.class);
    private static final Configuration KRB_CONF = new Configuration();
    private KapConfig kapConfig;

    public void execute() {
        this.kapConfig = KapConfig.getInstanceFromEnv();
        if (this.kapConfig.isKerberosEnabled()) {
            Preconditions.checkState(KerberosLoginUtil.checkKeyTabIsExist(this.kapConfig.getKerberosKeytabPath()), "The key tab is not exist : " + this.kapConfig.getKerberosKeytabPath());
            Preconditions.checkState(KerberosLoginUtil.checkKeyTabIsValid(this.kapConfig.getKerberosKeytabPath()), "The key tab is invalid : " + this.kapConfig.getKerberosKeytabPath());
            try {
                reInitTGT();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private void reInitTGT() throws IOException {
        renewKerberosTicketQuietly();
        Thread thread = new Thread(new Runnable() { // from class: org.apache.kylin.tool.kerberos.KerberosLoginTask.1
            @Override // java.lang.Runnable
            public void run() {
                while (true) {
                    try {
                        KerberosLoginTask.this.sleepQuietly(KerberosLoginTask.this.kapConfig.getKerberosTicketRefreshInterval().longValue() * 60 * 1000);
                        KerberosLoginTask.this.renewKerberosTicketQuietly();
                    } catch (Exception e) {
                        KerberosLoginTask.logger.error("unexpected exception", e);
                        return;
                    }
                }
            }
        });
        thread.setDaemon(true);
        thread.setName("TGT Reinit for " + UserGroupInformation.getLoginUser().getUserName());
        thread.start();
        Thread thread2 = new Thread(new Runnable() { // from class: org.apache.kylin.tool.kerberos.KerberosLoginTask.2
            @Override // java.lang.Runnable
            public void run() {
                while (true) {
                    try {
                        KerberosLoginTask.this.lookKerberosTicketQuietly();
                        KerberosLoginTask.this.sleepQuietly(KerberosLoginTask.this.kapConfig.getKerberosMonitorInterval().longValue() * 60 * 1000);
                    } catch (Exception e) {
                        KerberosLoginTask.logger.error("unexpected exception", e);
                        return;
                    }
                }
            }
        });
        thread2.setDaemon(true);
        thread2.setName("Kerberos monitor for " + UserGroupInformation.getLoginUser().getUserName());
        thread2.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sleepQuietly(long j) {
        try {
            Thread.sleep(j);
        } catch (InterruptedException e) {
            logger.warn("sleep interrupted", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void renewKerberosTicketQuietly() {
        try {
            logger.info("kinit -kt " + this.kapConfig.getKerberosKeytabPath() + " " + this.kapConfig.getKerberosPrincipal());
            Shell.execCommand(new String[]{"kinit", "-kt", this.kapConfig.getKerberosKeytabPath(), this.kapConfig.getKerberosPrincipal()});
            logger.info("Login " + this.kapConfig.getKerberosPrincipal() + " from keytab: " + this.kapConfig.getKerberosKeytabPath() + ".");
            if (this.kapConfig.getKerberosPlatform().equals("Standard")) {
                loginStandardKerberos();
            } else if (this.kapConfig.getKerberosPlatform().equals(KapConfig.FI_PLATFORM) || this.kapConfig.getKerberosPlatform().equals(KapConfig.TDH_PLATFORM)) {
                loginNonStandardKerberos();
            }
        } catch (Exception e) {
            logger.error("Error renew kerberos ticket", e);
        }
    }

    private void loginNonStandardKerberos() throws IOException {
        String kerberosZKPrincipal = this.kapConfig.getKerberosZKPrincipal();
        if (Boolean.TRUE.equals(Boolean.valueOf(this.kapConfig.getPlatformZKEnable()))) {
            Unsafe.setProperty("zookeeper.sasl.client", "true");
        }
        Unsafe.setProperty("java.security.auth.login.config", this.kapConfig.getKerberosJaasConfPath());
        Unsafe.setProperty("java.security.krb5.conf", this.kapConfig.getKerberosKrb5ConfPath());
        KerberosLoginUtil.setJaasConf(ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT, this.kapConfig.getKerberosPrincipal(), this.kapConfig.getKerberosKeytabPath());
        if (Boolean.TRUE.equals(Boolean.valueOf(this.kapConfig.getPlatformZKEnable()))) {
            KerberosLoginUtil.setZookeeperServerPrincipal(kerberosZKPrincipal);
        }
        KerberosLoginUtil.login(this.kapConfig.getKerberosPrincipal(), this.kapConfig.getKerberosKeytabPath(), this.kapConfig.getKerberosKrb5ConfPath(), KRB_CONF);
    }

    private void loginStandardKerberos() throws IOException {
        UserGroupInformation.loginUserFromKeytab(this.kapConfig.getKerberosPrincipal(), this.kapConfig.getKerberosKeytabPath());
        logger.info("Login kerberos success.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void lookKerberosTicketQuietly() {
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            logger.info("current user :" + currentUser);
            Credentials credentials = currentUser.getCredentials();
            logger.info("Current user has " + credentials.getAllTokens().size() + " token.");
            Collection allTokens = credentials.getAllTokens();
            Iterator it2 = allTokens.iterator();
            while (it2.hasNext()) {
                logger.info(((Token) it2.next()).decodeIdentifier().toString());
            }
            if (!allTokens.isEmpty()) {
                logger.info("Current user should have 0 token but there are non-zero. ReLogin current user: " + currentUser.getUserName());
                renewKerberosTicketQuietly();
            }
        } catch (Exception e) {
            logger.error("Error showing kerberos tokens", e);
        }
    }
}
