package org.apache.hudi.org.apache.hadoop.hbase;

import java.io.IOException;
import java.net.UnknownHostException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hudi.org.apache.hadoop.hbase.security.User;
import org.apache.hudi.org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hudi.org.apache.hadoop.hbase.util.DNS;
import org.apache.hudi.org.apache.hadoop.hbase.util.Strings;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
@InterfaceAudience.Public
/* loaded from: input_file:org/apache/hudi/org/apache/hadoop/hbase/AuthUtil.class */
public final class AuthUtil {
    private static final Logger LOG = LoggerFactory.getLogger(AuthUtil.class);
    private static final String GROUP_PREFIX = "@";
    public static final String HBASE_CLIENT_KEYTAB_FILE = "hbase.client.keytab.file";
    public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL = "hbase.client.keytab.principal";

    private AuthUtil() {
    }

    @InterfaceAudience.Private
    public static User loginClient(Configuration configuration) throws IOException {
        UserProvider instantiate = UserProvider.instantiate(configuration);
        User current = instantiate.getCurrent();
        if (instantiate.isHBaseSecurityEnabled() && instantiate.isHadoopSecurityEnabled()) {
            boolean shouldLoginFromKeytab = instantiate.shouldLoginFromKeytab();
            if (current.getUGI().hasKerberosCredentials()) {
                if (shouldLoginFromKeytab && !checkPrincipalMatch(configuration, current.getUGI().getUserName())) {
                    return loginFromKeytabAndReturnUser(instantiate);
                }
                return current;
            }
            if (shouldLoginFromKeytab) {
                return loginFromKeytabAndReturnUser(instantiate);
            }
        }
        return current;
    }

    private static boolean checkPrincipalMatch(Configuration configuration, String str) {
        String str2 = configuration.get("hbase.client.keytab.principal");
        boolean equals = str2.equals(str);
        if (!equals) {
            LOG.warn("Trying to login with a different user: {}, existed user is {}.", str2, str);
        }
        return equals;
    }

    private static User loginFromKeytabAndReturnUser(UserProvider userProvider) throws IOException {
        try {
            userProvider.login("hbase.client.keytab.file", "hbase.client.keytab.principal");
            return userProvider.getCurrent();
        } catch (IOException e) {
            LOG.error("Error while trying to login as user {} through {}, with message: {}.", new Object[]{"hbase.client.keytab.principal", "hbase.client.keytab.file", e.getMessage()});
            throw e;
        }
    }

    private static User loginClientAsService(Configuration configuration) throws IOException {
        UserProvider instantiate = UserProvider.instantiate(configuration);
        if (instantiate.isHBaseSecurityEnabled() && instantiate.isHadoopSecurityEnabled()) {
            try {
                if (instantiate.shouldLoginFromKeytab()) {
                    instantiate.login("hbase.client.keytab.file", "hbase.client.keytab.principal", Strings.domainNamePointerToHostName(DNS.getDefaultHost(configuration.get("hbase.client.dns.interface", "default"), configuration.get("hbase.client.dns.nameserver", "default"))));
                }
            } catch (UnknownHostException e) {
                LOG.error("Error resolving host name: " + e.getMessage(), e);
                throw e;
            } catch (IOException e2) {
                LOG.error("Error while trying to perform the initial login: " + e2.getMessage(), e2);
                throw e2;
            }
        }
        return instantiate.getCurrent();
    }

    @InterfaceAudience.Private
    public static ScheduledChore getAuthRenewalChore(final UserGroupInformation userGroupInformation) {
        if (!userGroupInformation.hasKerberosCredentials()) {
            return null;
        }
        return new ScheduledChore("RefreshCredentials", createDummyStoppable(), 30000) { // from class: org.apache.hudi.org.apache.hadoop.hbase.AuthUtil.1
            @Override // org.apache.hudi.org.apache.hadoop.hbase.ScheduledChore
            protected void chore() {
                try {
                    userGroupInformation.checkTGTAndReloginFromKeytab();
                } catch (IOException e) {
                    AuthUtil.LOG.error("Got exception while trying to refresh credentials: " + e.getMessage(), e);
                }
            }
        };
    }

    @Deprecated
    public static ScheduledChore getAuthChore(Configuration configuration) throws IOException {
        return getAuthRenewalChore(loginClientAsService(configuration).getUGI());
    }

    private static Stoppable createDummyStoppable() {
        return new Stoppable() { // from class: org.apache.hudi.org.apache.hadoop.hbase.AuthUtil.2
            private volatile boolean isStopped = false;

            @Override // org.apache.hudi.org.apache.hadoop.hbase.Stoppable
            public void stop(String str) {
                this.isStopped = true;
            }

            @Override // org.apache.hudi.org.apache.hadoop.hbase.Stoppable
            public boolean isStopped() {
                return this.isStopped;
            }
        };
    }

    @InterfaceAudience.Private
    public static boolean isGroupPrincipal(String str) {
        return str != null && str.startsWith(GROUP_PREFIX);
    }

    @InterfaceAudience.Private
    public static String getGroupName(String str) {
        return !isGroupPrincipal(str) ? str : str.substring(GROUP_PREFIX.length());
    }

    @InterfaceAudience.Private
    public static String toGroupEntry(String str) {
        return GROUP_PREFIX + str;
    }
}
