package org.apache.hadoop.fs.contract.router;

import java.io.File;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.server.federation.security.MockDelegationTokenSecretManager;
import org.apache.hadoop.hdfs.server.federation.store.driver.StateStoreDriver;
import org.apache.hadoop.hdfs.server.federation.store.driver.impl.StateStoreFileImpl;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;

/* loaded from: input_file:org/apache/hadoop/fs/contract/router/SecurityConfUtil.class */
public final class SecurityConfUtil {
    private static String keystoresDir;
    private static String sslConfDir;
    private static final String SPNEGO_USER_NAME = "HTTP";
    private static final String ROUTER_USER_NAME = "router";
    private static final String PREFIX = "hadoop.http.authentication.";
    private static MiniKdc kdc;
    private static File baseDir;
    private static String spnegoPrincipal;
    private static String routerPrincipal;

    private SecurityConfUtil() {
    }

    public static String getRouterUserName() {
        return ROUTER_USER_NAME;
    }

    public static Configuration initSecurity() throws Exception {
        baseDir = GenericTestUtils.getTestDir(SecurityConfUtil.class.getSimpleName());
        FileUtil.fullyDelete(baseDir);
        Assert.assertTrue(baseDir.mkdirs());
        kdc = new MiniKdc(MiniKdc.createConf(), baseDir);
        kdc.start();
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, hdfsConfiguration);
        UserGroupInformation.setConfiguration(hdfsConfiguration);
        Assert.assertTrue("Expected configuration to enable security", UserGroupInformation.isSecurityEnabled());
        File file = new File(baseDir, "test.keytab");
        String absolutePath = file.getAbsolutePath();
        String str = Path.WINDOWS ? "127.0.0.1" : "localhost";
        kdc.createPrincipal(file, new String[]{"HTTP/" + str, "router/" + str});
        routerPrincipal = "router/" + str + "@" + kdc.getRealm();
        spnegoPrincipal = "HTTP/" + str + "@" + kdc.getRealm();
        hdfsConfiguration.set("dfs.namenode.kerberos.principal", routerPrincipal);
        hdfsConfiguration.set("dfs.namenode.keytab.file", absolutePath);
        hdfsConfiguration.set("dfs.datanode.kerberos.principal", routerPrincipal);
        hdfsConfiguration.set("dfs.datanode.keytab.file", absolutePath);
        hdfsConfiguration.set("hadoop.http.authentication.type", "kerberos");
        hdfsConfiguration.set("hadoop.http.authentication.kerberos.principal", spnegoPrincipal);
        hdfsConfiguration.set("hadoop.http.authentication.kerberos.keytab", absolutePath);
        hdfsConfiguration.set("dfs.namenode.https-address", "localhost:0");
        hdfsConfiguration.set("dfs.datanode.https.address", "localhost:0");
        hdfsConfiguration.setBoolean("dfs.block.access.token.enable", true);
        hdfsConfiguration.set("dfs.data.transfer.protection", "authentication");
        hdfsConfiguration.set("dfs.http.policy", HttpConfig.Policy.HTTPS_ONLY.name());
        keystoresDir = baseDir.getAbsolutePath();
        sslConfDir = KeyStoreTestUtil.getClasspathDir(SecurityConfUtil.class);
        KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, hdfsConfiguration, false);
        hdfsConfiguration.set("dfs.client.https.keystore.resource", KeyStoreTestUtil.getClientSSLConfigFileName());
        hdfsConfiguration.set("dfs.https.server.keystore.resource", KeyStoreTestUtil.getServerSSLConfigFileName());
        hdfsConfiguration.set("dfs.federation.router.keytab.file", absolutePath);
        hdfsConfiguration.set("dfs.federation.router.kerberos.principal", routerPrincipal);
        hdfsConfiguration.set("dfs.federation.router.kerberos.internal.spnego.principal", spnegoPrincipal);
        hdfsConfiguration.setClass("dfs.federation.router.store.driver.class", StateStoreFileImpl.class, StateStoreDriver.class);
        hdfsConfiguration.set("dfs.federation.router.rpc-bind-host", "localhost");
        hdfsConfiguration.set("dfs.federation.router.secret.manager.class", MockDelegationTokenSecretManager.class.getName());
        return hdfsConfiguration;
    }

    public static void destroy() throws Exception {
        if (kdc != null) {
            kdc.stop();
            FileUtil.fullyDelete(baseDir);
            KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
        }
    }
}
