package org.apache.flume.sink.hbase;

import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import org.apache.flume.sink.hdfs.KerberosUser;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flume/sink/hbase/HBaseSinkSecurityManager.class */
public class HBaseSinkSecurityManager {
    private static volatile KerberosUser loggedInUser;
    private static final String FLUME_KEYTAB_KEY = "flume.keytab.key";
    private static final String FLUME_PRINCIPAL_KEY = "flume.principal.key";
    private static final Logger LOG = LoggerFactory.getLogger(HBaseSinkSecurityManager.class);

    public static boolean isSecurityEnabled(Configuration configuration) {
        return User.isSecurityEnabled() && User.isHBaseSecurityEnabled(configuration);
    }

    public static synchronized User login(Configuration configuration, String str, String str2, String str3) throws IOException {
        if (str2.isEmpty()) {
            LOG.error("Login failed, since kerberos principal was not specified.");
            throw new IllegalArgumentException("Login failed, since kerberos principal was not specified.");
        }
        if (str3.isEmpty()) {
            LOG.error("Login failed, since kerberos keytab was not specified.");
            throw new IllegalArgumentException("Login failed, since kerberos keytab was not specified.");
        }
        File file = new File(str3);
        if (!file.isFile() || !file.canRead()) {
            throw new IllegalArgumentException("The keyTab file: " + str3 + " is nonexistent or can't read. Please specify a readable keytab file for Kerberos auth.");
        }
        try {
            String serverPrincipal = SecurityUtil.getServerPrincipal(str2, "");
            Preconditions.checkNotNull(serverPrincipal, "Principal must not be null");
            KerberosUser kerberosUser = new KerberosUser(serverPrincipal, str3);
            User user = null;
            boolean z = false;
            if (loggedInUser != null) {
                Preconditions.checkArgument(kerberosUser.equals(loggedInUser), "Cannot switch kerberos credentials during a reconfiguration. Please restart the agent to set the new credentials.");
                try {
                    user = User.create(UserGroupInformation.getLoginUser());
                    z = true;
                } catch (IOException e) {
                    LOG.warn("Previous login does not exist, will authenticate against KDC");
                }
            }
            if (!z) {
                if (str == null || str.isEmpty()) {
                    str = InetAddress.getLocalHost().getCanonicalHostName();
                }
                configuration.set(FLUME_KEYTAB_KEY, str3);
                configuration.set(FLUME_PRINCIPAL_KEY, serverPrincipal);
                User.login(configuration, FLUME_KEYTAB_KEY, FLUME_PRINCIPAL_KEY, str);
                user = User.create(UserGroupInformation.getLoginUser());
                loggedInUser = kerberosUser;
                LOG.info("Logged into HBase as user: " + user.getName());
            }
            return user;
        } catch (IOException e2) {
            LOG.error("Host lookup error resolving kerberos principal (" + str2 + "). Exception follows.", e2);
            throw e2;
        }
    }
}
