package org.apache.hadoop.minikdc;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.text.StrSubstitutor;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.schemaextractor.impl.DefaultSchemaLdifExtractor;
import org.apache.directory.api.ldap.schemaloader.LdifSchemaLoader;
import org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager;
import org.apache.directory.server.core.DefaultDirectoryService;
import org.apache.directory.server.core.api.CacheService;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InstanceLayout;
import org.apache.directory.server.core.api.schema.SchemaPartition;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
import org.apache.directory.server.core.partition.ldif.LdifPartition;
import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/minikdc/MiniKdc.class
 */
/* loaded from: input_file:hadoop-minikdc-2.7.0-mapr-1803.jar:org/apache/hadoop/minikdc/MiniKdc.class */
public class MiniKdc {
    public static final String JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf";
    public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    public static final String ORG_NAME = "org.name";
    public static final String ORG_DOMAIN = "org.domain";
    public static final String KDC_BIND_ADDRESS = "kdc.bind.address";
    public static final String KDC_PORT = "kdc.port";
    public static final String INSTANCE = "instance";
    public static final String MAX_TICKET_LIFETIME = "max.ticket.lifetime";
    public static final String MAX_RENEWABLE_LIFETIME = "max.renewable.lifetime";
    public static final String TRANSPORT = "transport";
    public static final String DEBUG = "debug";
    private Properties conf;
    private DirectoryService ds;
    private KdcServer kdc;
    private int port;
    private String realm;
    private File workDir;
    private File krb5conf;
    private static final Logger LOG = LoggerFactory.getLogger(MiniKdc.class);
    private static final Set<String> PROPERTIES = new HashSet();
    private static final Properties DEFAULT_CONFIG = new Properties();

    public static void main(String[] strArr) throws Exception {
        if (strArr.length < 4) {
            System.out.println("Arguments: <WORKDIR> <MINIKDCPROPERTIES> <KEYTABFILE> [<PRINCIPALS>]+");
            System.exit(1);
        }
        File file = new File(strArr[0]);
        if (!file.exists()) {
            throw new RuntimeException("Specified work directory does not exists: " + file.getAbsolutePath());
        }
        Properties createConf = createConf();
        File file2 = new File(strArr[1]);
        if (!file2.exists()) {
            throw new RuntimeException("Specified configuration does not exists: " + file2.getAbsolutePath());
        }
        Properties properties = new Properties();
        InputStreamReader inputStreamReader = null;
        try {
            inputStreamReader = new InputStreamReader(new FileInputStream(file2), Charsets.UTF_8);
            properties.load(inputStreamReader);
            if (inputStreamReader != null) {
                inputStreamReader.close();
            }
            for (Map.Entry entry : properties.entrySet()) {
                createConf.put(entry.getKey(), entry.getValue());
            }
            MiniKdc miniKdc = new MiniKdc(createConf, file);
            miniKdc.start();
            File file3 = new File(file, "krb5.conf");
            if (!miniKdc.getKrb5conf().renameTo(file3)) {
                throw new RuntimeException("Cannot rename KDC's krb5conf to " + file3.getAbsolutePath());
            }
            File absoluteFile = new File(strArr[2]).getAbsoluteFile();
            String[] strArr2 = new String[strArr.length - 3];
            System.arraycopy(strArr, 3, strArr2, 0, strArr.length - 3);
            miniKdc.createPrincipal(absoluteFile, strArr2);
            System.out.println();
            System.out.println("Standalone MiniKdc Running");
            System.out.println("---------------------------------------------------");
            System.out.println("  Realm           : " + miniKdc.getRealm());
            System.out.println("  Running at      : " + miniKdc.getHost() + ":" + miniKdc.getHost());
            System.out.println("  krb5conf        : " + file3);
            System.out.println();
            System.out.println("  created keytab  : " + absoluteFile);
            System.out.println("  with principals : " + Arrays.asList(strArr2));
            System.out.println();
            System.out.println(" Do <CTRL-C> or kill <PID> to stop it");
            System.out.println("---------------------------------------------------");
            System.out.println();
            Runtime.getRuntime().addShutdownHook(new Thread() { // from class: org.apache.hadoop.minikdc.MiniKdc.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    MiniKdc.this.stop();
                }
            });
        } catch (Throwable th) {
            if (inputStreamReader != null) {
                inputStreamReader.close();
            }
            throw th;
        }
    }

    public static Properties createConf() {
        return (Properties) DEFAULT_CONFIG.clone();
    }

    public MiniKdc(Properties properties, File file) throws Exception {
        if (!properties.keySet().containsAll(PROPERTIES)) {
            HashSet hashSet = new HashSet(PROPERTIES);
            hashSet.removeAll(properties.keySet());
            throw new IllegalArgumentException("Missing configuration properties: " + hashSet);
        }
        this.workDir = new File(file, Long.toString(System.currentTimeMillis()));
        if (!file.exists() && !file.mkdirs()) {
            throw new RuntimeException("Cannot create directory " + file);
        }
        LOG.info("Configuration:");
        LOG.info("---------------------------------------------------------------");
        for (Map.Entry entry : properties.entrySet()) {
            LOG.info("  {}: {}", entry.getKey(), entry.getValue());
        }
        LOG.info("---------------------------------------------------------------");
        this.conf = properties;
        this.port = Integer.parseInt(properties.getProperty(KDC_PORT));
        if (this.port == 0) {
            ServerSocket serverSocket = new ServerSocket(0, 1, InetAddress.getByName(properties.getProperty(KDC_BIND_ADDRESS)));
            this.port = serverSocket.getLocalPort();
            serverSocket.close();
        }
        this.realm = properties.getProperty(ORG_NAME).toUpperCase(Locale.ENGLISH) + "." + properties.getProperty(ORG_DOMAIN).toUpperCase(Locale.ENGLISH);
    }

    public int getPort() {
        return this.port;
    }

    public String getHost() {
        return this.conf.getProperty(KDC_BIND_ADDRESS);
    }

    public String getRealm() {
        return this.realm;
    }

    public File getKrb5conf() {
        return this.krb5conf;
    }

    public synchronized void start() throws Exception {
        if (this.kdc != null) {
            throw new RuntimeException("Already started");
        }
        initDirectoryService();
        initKDCServer();
    }

    private void initDirectoryService() throws Exception {
        this.ds = new DefaultDirectoryService();
        this.ds.setInstanceLayout(new InstanceLayout(this.workDir));
        this.ds.setCacheService(new CacheService());
        InstanceLayout instanceLayout = this.ds.getInstanceLayout();
        File file = new File(instanceLayout.getPartitionsDirectory(), "schema");
        new DefaultSchemaLdifExtractor(instanceLayout.getPartitionsDirectory()).extractOrCopy();
        DefaultSchemaManager defaultSchemaManager = new DefaultSchemaManager(new LdifSchemaLoader(file));
        defaultSchemaManager.loadAllEnabled();
        this.ds.setSchemaManager(defaultSchemaManager);
        LdifPartition ldifPartition = new LdifPartition(defaultSchemaManager);
        ldifPartition.setPartitionPath(file.toURI());
        SchemaPartition schemaPartition = new SchemaPartition(defaultSchemaManager);
        schemaPartition.setWrappedPartition(ldifPartition);
        this.ds.setSchemaPartition(schemaPartition);
        JdbmPartition jdbmPartition = new JdbmPartition(this.ds.getSchemaManager());
        jdbmPartition.setId("system");
        jdbmPartition.setPartitionPath(new File(this.ds.getInstanceLayout().getPartitionsDirectory(), jdbmPartition.getId()).toURI());
        jdbmPartition.setSuffixDn(new Dn(new String[]{"ou=system"}));
        jdbmPartition.setSchemaManager(this.ds.getSchemaManager());
        this.ds.setSystemPartition(jdbmPartition);
        this.ds.getChangeLog().setEnabled(false);
        this.ds.setDenormalizeOpAttrsEnabled(true);
        this.ds.addLast(new KeyDerivationInterceptor());
        String lowerCase = this.conf.getProperty(ORG_NAME).toLowerCase(Locale.ENGLISH);
        String lowerCase2 = this.conf.getProperty(ORG_DOMAIN).toLowerCase(Locale.ENGLISH);
        JdbmPartition jdbmPartition2 = new JdbmPartition(this.ds.getSchemaManager());
        jdbmPartition2.setId(lowerCase);
        jdbmPartition2.setPartitionPath(new File(this.ds.getInstanceLayout().getPartitionsDirectory(), lowerCase).toURI());
        jdbmPartition2.setSuffixDn(new Dn(new String[]{"dc=" + lowerCase + ",dc=" + lowerCase2}));
        this.ds.addPartition(jdbmPartition2);
        HashSet hashSet = new HashSet();
        hashSet.add(new JdbmIndex("objectClass", false));
        hashSet.add(new JdbmIndex("dc", false));
        hashSet.add(new JdbmIndex("ou", false));
        jdbmPartition2.setIndexedAttributes(hashSet);
        this.ds.setInstanceId(this.conf.getProperty(INSTANCE));
        this.ds.startup();
        Entry newEntry = this.ds.newEntry(new Dn(new String[]{"dc=" + lowerCase + ",dc=" + lowerCase2}));
        newEntry.add("objectClass", new String[]{"top", "domain"});
        newEntry.add("dc", new String[]{lowerCase});
        this.ds.getAdminSession().add(newEntry);
    }

    /* JADX WARN: Finally extract failed */
    private void initKDCServer() throws Exception {
        String property = this.conf.getProperty(ORG_NAME);
        String property2 = this.conf.getProperty(ORG_DOMAIN);
        String property3 = this.conf.getProperty(KDC_BIND_ADDRESS);
        HashMap hashMap = new HashMap();
        hashMap.put("0", property.toLowerCase(Locale.ENGLISH));
        hashMap.put("1", property2.toLowerCase(Locale.ENGLISH));
        hashMap.put("2", property.toUpperCase(Locale.ENGLISH));
        hashMap.put("3", property2.toUpperCase(Locale.ENGLISH));
        hashMap.put("4", property3);
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        InputStream resourceAsStream = contextClassLoader.getResourceAsStream("minikdc.ldiff");
        SchemaManager schemaManager = this.ds.getSchemaManager();
        LdifReader ldifReader = null;
        try {
            ldifReader = new LdifReader(new StringReader(StrSubstitutor.replace(IOUtils.toString(resourceAsStream), hashMap)));
            Iterator it = ldifReader.iterator();
            while (it.hasNext()) {
                this.ds.getAdminSession().add(new DefaultEntry(schemaManager, ((LdifEntry) it.next()).getEntry()));
            }
            IOUtils.closeQuietly(ldifReader);
            IOUtils.closeQuietly(resourceAsStream);
            KerberosConfig kerberosConfig = new KerberosConfig();
            kerberosConfig.setMaximumRenewableLifetime(Long.parseLong(this.conf.getProperty(MAX_RENEWABLE_LIFETIME)));
            kerberosConfig.setMaximumTicketLifetime(Long.parseLong(this.conf.getProperty(MAX_TICKET_LIFETIME)));
            kerberosConfig.setSearchBaseDn(String.format("dc=%s,dc=%s", property, property2));
            kerberosConfig.setPaEncTimestampRequired(false);
            this.kdc = new KdcServer(kerberosConfig);
            this.kdc.setDirectoryService(this.ds);
            String property4 = this.conf.getProperty(TRANSPORT);
            if (property4.trim().equals("TCP")) {
                this.kdc.addTransports(new Transport[]{new TcpTransport(property3, this.port, 3, 50)});
            } else {
                if (!property4.trim().equals("UDP")) {
                    throw new IllegalArgumentException("Invalid transport: " + property4);
                }
                this.kdc.addTransports(new Transport[]{new UdpTransport(this.port)});
            }
            this.kdc.setServiceName(this.conf.getProperty(INSTANCE));
            this.kdc.start();
            StringBuilder sb = new StringBuilder();
            InputStream resourceAsStream2 = contextClassLoader.getResourceAsStream("minikdc-krb5.conf");
            BufferedReader bufferedReader = null;
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream2, Charsets.UTF_8));
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    sb.append(readLine).append("{3}");
                }
                IOUtils.closeQuietly(bufferedReader);
                IOUtils.closeQuietly(resourceAsStream2);
                this.krb5conf = new File(this.workDir, "krb5.conf").getAbsoluteFile();
                FileUtils.writeStringToFile(this.krb5conf, MessageFormat.format(sb.toString(), getRealm(), getHost(), Integer.toString(getPort()), System.getProperty("line.separator")));
                System.setProperty(JAVA_SECURITY_KRB5_CONF, this.krb5conf.getAbsolutePath());
                System.setProperty(SUN_SECURITY_KRB5_DEBUG, this.conf.getProperty(DEBUG, "false"));
                Class<?> cls = System.getProperty("java.vendor").contains("IBM") ? Class.forName("com.ibm.security.krb5.internal.Config") : Class.forName("sun.security.krb5.Config");
                cls.getMethod("refresh", new Class[0]).invoke(cls, new Object[0]);
                LOG.info("MiniKdc listening at port: {}", Integer.valueOf(getPort()));
                LOG.info("MiniKdc setting JVM krb5.conf to: {}", this.krb5conf.getAbsolutePath());
            } catch (Throwable th) {
                IOUtils.closeQuietly(bufferedReader);
                IOUtils.closeQuietly(resourceAsStream2);
                throw th;
            }
        } catch (Throwable th2) {
            IOUtils.closeQuietly(ldifReader);
            IOUtils.closeQuietly(resourceAsStream);
            throw th2;
        }
    }

    public synchronized void stop() {
        if (this.kdc != null) {
            System.getProperties().remove(JAVA_SECURITY_KRB5_CONF);
            System.getProperties().remove(SUN_SECURITY_KRB5_DEBUG);
            this.kdc.stop();
            try {
                this.ds.shutdown();
            } catch (Exception e) {
                LOG.error("Could not shutdown ApacheDS properly: {}", e.toString(), e);
            }
        }
        delete(this.workDir);
    }

    private void delete(File file) {
        if (file.isFile()) {
            if (file.delete()) {
                return;
            }
            LOG.warn("WARNING: cannot delete file " + file.getAbsolutePath());
            return;
        }
        for (File file2 : file.listFiles()) {
            delete(file2);
        }
        if (file.delete()) {
            return;
        }
        LOG.warn("WARNING: cannot delete directory " + file.getAbsolutePath());
    }

    public synchronized void createPrincipal(String str, String str2) throws Exception {
        Iterator it = new LdifReader(new StringReader("dn: uid=" + str + "," + ("ou=users,dc=" + this.conf.getProperty(ORG_NAME).toLowerCase(Locale.ENGLISH) + ",dc=" + this.conf.getProperty(ORG_DOMAIN).toLowerCase(Locale.ENGLISH)) + "\nobjectClass: top\nobjectClass: person\nobjectClass: inetOrgPerson\nobjectClass: krb5principal\nobjectClass: krb5kdcentry\ncn: " + str + "\nsn: " + str + "\nuid: " + str + "\nuserPassword: " + str2 + "\nkrb5PrincipalName: " + str + "@" + getRealm() + "\nkrb5KeyVersionNumber: 0")).iterator();
        while (it.hasNext()) {
            this.ds.getAdminSession().add(new DefaultEntry(this.ds.getSchemaManager(), ((LdifEntry) it.next()).getEntry()));
        }
    }

    public void createPrincipal(File file, String... strArr) throws Exception {
        String uuid = UUID.randomUUID().toString();
        Keytab keytab = new Keytab();
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            createPrincipal(str, uuid);
            String str2 = str + "@" + getRealm();
            KerberosTime kerberosTime = new KerberosTime();
            Iterator it = KerberosKeyFactory.getKerberosKeys(str2, uuid).entrySet().iterator();
            while (it.hasNext()) {
                EncryptionKey encryptionKey = (EncryptionKey) ((Map.Entry) it.next()).getValue();
                arrayList.add(new KeytabEntry(str2, 1L, kerberosTime, (byte) encryptionKey.getKeyVersion(), encryptionKey));
            }
        }
        keytab.setEntries(arrayList);
        keytab.write(file);
    }

    static {
        PROPERTIES.add(ORG_NAME);
        PROPERTIES.add(ORG_DOMAIN);
        PROPERTIES.add(KDC_BIND_ADDRESS);
        PROPERTIES.add(KDC_BIND_ADDRESS);
        PROPERTIES.add(KDC_PORT);
        PROPERTIES.add(INSTANCE);
        PROPERTIES.add(TRANSPORT);
        PROPERTIES.add(MAX_TICKET_LIFETIME);
        PROPERTIES.add(MAX_RENEWABLE_LIFETIME);
        DEFAULT_CONFIG.setProperty(KDC_BIND_ADDRESS, "localhost");
        DEFAULT_CONFIG.setProperty(KDC_PORT, "0");
        DEFAULT_CONFIG.setProperty(INSTANCE, "DefaultKrbServer");
        DEFAULT_CONFIG.setProperty(ORG_NAME, "EXAMPLE");
        DEFAULT_CONFIG.setProperty(ORG_DOMAIN, "COM");
        DEFAULT_CONFIG.setProperty(TRANSPORT, "TCP");
        DEFAULT_CONFIG.setProperty(MAX_TICKET_LIFETIME, "86400000");
        DEFAULT_CONFIG.setProperty(MAX_RENEWABLE_LIFETIME, "604800000");
        DEFAULT_CONFIG.setProperty(DEBUG, "false");
    }
}
