package com.mapr.security.maprsasl;

import com.mapr.baseutils.BaseUtilsHelper;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.fs.proto.Security;
import com.mapr.login.client.MapRLoginHttpsClient;
import com.mapr.security.ClusterServerTicketGeneration;
import com.mapr.security.MapRPrincipal;
import com.mapr.security.MutableInt;
import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.log4j.Logger;

/* loaded from: input_file:hadoop-common-2.3.0-mapr-4.0.0-FCS/share/hadoop/common/lib/maprfs-2.3.0-mapr-4.0.0-FCS.jar:com/mapr/security/maprsasl/MaprSecurityLoginModule.class */
public class MaprSecurityLoginModule implements LoginModule {
    public static final String USER_TICKET_FILE_LOCATION = "MAPR_TICKETFILE_LOCATION";
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String, ?> options;
    private Map<String, ?> sharedState;
    private boolean useServerKey;
    private static boolean useMaprServerTicket;
    private static String cldbkeylocation;
    private static Security.TicketAndKey maprServerTicketAndKey;
    private static final Logger LOG = Logger.getLogger(MaprSecurityLoginModule.class);
    private static final String maprHome = BaseUtilsHelper.getPathToMaprHome();
    private static boolean generatedServerKey = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private MapRPrincipal principal = null;
    private boolean checkUGI = true;

    private static synchronized void generateClusterServerTicket(String str) throws IOException {
        if (generatedServerKey) {
            return;
        }
        ClusterServerTicketGeneration.getInstance().generateTicketAndSetServerKey(str);
        generatedServerKey = true;
    }

    private static synchronized Security.TicketAndKey getMaprServerTicketAndKey(String str) throws LoginException {
        if (maprServerTicketAndKey == null) {
            String str2 = maprHome + "/conf/maprserverticket";
            if (!new File(str2).exists()) {
                throw new LoginException("Security is enabled, but userTicketFile can not be found.");
            }
            com.mapr.security.Security.SetTicketAndKeyFile(Security.ServerKeyType.CldbKey, str2);
            MutableInt mutableInt = new MutableInt();
            Security.TicketAndKey GetTicketAndKeyForCluster = com.mapr.security.Security.GetTicketAndKeyForCluster(Security.ServerKeyType.CldbKey, str, mutableInt);
            if (GetTicketAndKeyForCluster == null || mutableInt.GetValue() != 0) {
                throw new LoginException("MapR user ticket not available! error = " + mutableInt);
            }
            maprServerTicketAndKey = GetTicketAndKeyForCluster;
            try {
                generateClusterServerTicket(str);
            } catch (Throwable th) {
                LOG.warn("Unable to generate the server key.");
                LOG.debug(th.getMessage(), th);
            }
        }
        return maprServerTicketAndKey;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.principal = null;
        return true;
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            throw new LoginException("Commit Failed: Subject is Readonly");
        }
        this.subject.getPrincipals().add(this.principal);
        this.commitSucceeded = true;
        return true;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.useServerKey = "true".equalsIgnoreCase((String) map2.get("useServerKey"));
        if ("false".equalsIgnoreCase((String) map2.get("checkUGI"))) {
            this.checkUGI = false;
        } else {
            this.checkUGI = true;
        }
    }

    public boolean login() throws LoginException {
        Security.TicketAndKey GetTicketAndKeyForCluster;
        String currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
        if (currentClusterName == null) {
            throw new LoginException("Current cluster name is not found");
        }
        MutableInt mutableInt = new MutableInt();
        if (useMaprServerTicket) {
            GetTicketAndKeyForCluster = getMaprServerTicketAndKey(currentClusterName);
        } else {
            try {
                boolean z = false;
                if (this.useServerKey) {
                    try {
                        generateClusterServerTicket(currentClusterName);
                    } catch (IOException e) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Unable to obtain MapR credentials", e);
                        }
                        z = true;
                    }
                }
                if (!this.useServerKey || z) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Need to addplainticket: " + z);
                    }
                    MapRLoginHttpsClient mapRLoginHttpsClient = new MapRLoginHttpsClient();
                    mapRLoginHttpsClient.setCheckUGI(this.checkUGI);
                    mapRLoginHttpsClient.authenticateIfNeeded(currentClusterName);
                }
                GetTicketAndKeyForCluster = com.mapr.security.Security.GetTicketAndKeyForCluster(Security.ServerKeyType.ServerKey, currentClusterName, mutableInt);
            } catch (IOException e2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Unable to obtain MapR credentials", e2);
                }
                throw ((LoginException) new LoginException("Unable to obtain MapR credentials").initCause(e2));
            }
        }
        if (GetTicketAndKeyForCluster == null || mutableInt.GetValue() != 0) {
            throw new LoginException("MapR user ticket not available! error = " + mutableInt);
        }
        this.principal = new MapRPrincipal(GetTicketAndKeyForCluster.getUserCreds().getUserName(), currentClusterName);
        this.succeeded = true;
        return this.succeeded;
    }

    public boolean logout() throws LoginException {
        Iterator<Principal> it = this.subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof MapRPrincipal) {
                it.remove();
            }
        }
        return true;
    }

    public static boolean isUseMaprServerTicket() {
        return useMaprServerTicket;
    }

    static {
        for (String str : System.getProperties().keySet()) {
            if (str.endsWith("mapr.usemaprserverticket")) {
                useMaprServerTicket = Boolean.getBoolean(str);
            }
            if (str.endsWith("mapr.cldbkeyfile.location")) {
                cldbkeylocation = System.getProperty(str);
            }
        }
        if (cldbkeylocation != null) {
            MutableInt mutableInt = new MutableInt();
            if (com.mapr.security.Security.SetKeyFile(Security.ServerKeyType.CldbKey, cldbkeylocation) != 0) {
                LOG.error("Failed to set cldb key file " + cldbkeylocation + " err " + mutableInt);
            } else if (LOG.isInfoEnabled()) {
                LOG.info("Set the cldb key file to " + cldbkeylocation);
            }
            Security.Key GetKey = com.mapr.security.Security.GetKey(Security.ServerKeyType.CldbKey, mutableInt);
            if (GetKey == null) {
                LOG.error("Cldb key can not be obtained: " + mutableInt.GetValue());
            }
            Security.Key GetServerKey = com.mapr.security.Security.GetServerKey(GetKey, 0L);
            if (GetServerKey == null) {
                LOG.error("Server key can not be obtained");
            }
            if (com.mapr.security.Security.SetKey(Security.ServerKeyType.ServerKey, GetServerKey) != 0) {
                LOG.error("Failed to set Server key with error: " + mutableInt);
            }
        }
    }
}
