package org.apache.hadoop.fs.azurebfs.extensions;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Duration;
import java.util.Properties;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.service.CompositeService;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/fs/azurebfs/extensions/KerberizedAbfsCluster.class */
public class KerberizedAbfsCluster extends CompositeService {
    private static final Logger LOG = LoggerFactory.getLogger(KerberizedAbfsCluster.class);
    public static final String ALICE = "alice";
    public static final String BOB = "bob";
    public static final String HTTP_LOCALHOST = "HTTP/localhost@$LOCALHOST";
    public static final String LOCALHOST_NAME;
    private MiniKdc kdc;
    private File keytab;
    private File workDir;
    private String krbInstance;
    private String loginUsername;
    private String loginPrincipal;
    private String sslConfDir;
    private String clientSSLConfigFileName;
    private String serverSSLConfigFileName;
    private String alicePrincipal;
    private String bobPrincipal;

    public KerberizedAbfsCluster() {
        super("KerberizedAbfsCluster");
        new JobConf();
        if (LOG.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
            System.setProperty("sun.security.spnego.debug", "true");
        }
    }

    public MiniKdc getKdc() {
        return this.kdc;
    }

    public File getKeytab() {
        return this.keytab;
    }

    public String getKeytabPath() {
        return this.keytab.getAbsolutePath();
    }

    public UserGroupInformation createBobUser() throws IOException {
        return UserGroupInformation.loginUserFromKeytabAndReturnUGI(this.bobPrincipal, this.keytab.getAbsolutePath());
    }

    public UserGroupInformation createAliceUser() throws IOException {
        return UserGroupInformation.loginUserFromKeytabAndReturnUGI(this.alicePrincipal, this.keytab.getAbsolutePath());
    }

    public File getWorkDir() {
        return this.workDir;
    }

    public String getKrbInstance() {
        return this.krbInstance;
    }

    public String getLoginUsername() {
        return this.loginUsername;
    }

    public String getLoginPrincipal() {
        return this.loginPrincipal;
    }

    public String withRealm(String str) {
        return str + "@EXAMPLE.COM";
    }

    protected void serviceInit(Configuration configuration) throws Exception {
        patchConfigAtInit(configuration);
        super.serviceInit(configuration);
        Properties createConf = MiniKdc.createConf();
        this.workDir = GenericTestUtils.getTestDir("kerberos");
        this.workDir.mkdirs();
        this.kdc = new MiniKdc(createConf, this.workDir);
        this.krbInstance = LOCALHOST_NAME;
    }

    protected void serviceStart() throws Exception {
        super.serviceStart();
        this.kdc.start();
        this.keytab = new File(this.workDir, "keytab.bin");
        this.loginUsername = UserGroupInformation.getLoginUser().getShortUserName();
        this.loginPrincipal = this.loginUsername + "/" + this.krbInstance;
        this.alicePrincipal = "alice/" + this.krbInstance;
        this.bobPrincipal = "bob/" + this.krbInstance;
        this.kdc.createPrincipal(this.keytab, new String[]{this.alicePrincipal, this.bobPrincipal, "HTTP/" + this.krbInstance, HTTP_LOCALHOST, this.loginPrincipal});
        File file = new File(this.workDir, "ssl");
        file.mkdirs();
        this.sslConfDir = KeyStoreTestUtil.getClasspathDir(getClass());
        KeyStoreTestUtil.setupSSLConfig(file.getAbsolutePath(), this.sslConfDir, getConfig(), false);
        this.clientSSLConfigFileName = KeyStoreTestUtil.getClientSSLConfigFileName();
        this.serverSSLConfigFileName = KeyStoreTestUtil.getServerSSLConfigFileName();
        KerberosName.setRules("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
    }

    protected void serviceStop() throws Exception {
        super.serviceStop();
        this.kdc.stop();
    }

    protected void patchConfigAtInit(Configuration configuration) {
        int millis = (int) Duration.ofHours(1L).toMillis();
        configuration.setInt("jvm.pause.info-threshold.ms", millis);
        configuration.setInt("jvm.pause.warn-threshold.ms", millis);
    }

    public void resetUGI() {
        UserGroupInformation.reset();
    }

    private String userOnHost(String str) {
        return str + "/" + this.krbInstance + "@" + getRealm();
    }

    public String getRealm() {
        return this.kdc.getRealm();
    }

    public void loginUser(String str) throws IOException {
        UserGroupInformation.loginUserFromKeytab(str, getKeytabPath());
    }

    public void loginPrincipal() throws IOException {
        loginUser(getLoginPrincipal());
    }

    public static void assertSecurityEnabled() {
        Assert.assertTrue("Security is needed for this test", UserGroupInformation.isSecurityEnabled());
    }

    public static void closeUserFileSystems(UserGroupInformation userGroupInformation) throws IOException {
        if (userGroupInformation != null) {
            FileSystem.closeAllForUGI(userGroupInformation);
        }
    }

    public void bindConfToCluster(Configuration configuration) {
        configuration.set("hadoop.security.authentication", UserGroupInformation.AuthenticationMethod.KERBEROS.name());
        configuration.set("hadoop.user.group.static.mapping.overrides", "alice,alice");
        configuration.set("yarn.resourcemanager.principal", BOB);
    }

    public static URI newURI(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    public File createTempTokenFile() throws IOException {
        File createTempFile = File.createTempFile("tokens", ".bin", getWorkDir());
        createTempFile.delete();
        return createTempFile;
    }

    static {
        LOCALHOST_NAME = Path.WINDOWS ? "127.0.0.1" : "localhost";
    }
}
