package org.apache.hadoop.security;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.Shell;
import org.apache.slider.common.SliderKeys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/KerberosDiags.class */
public class KerberosDiags implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KerberosDiags.class);
    public static final String KRB5_CCNAME = "KRB5CCNAME";
    public static final String JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf";
    public static final String JAVA_SECURITY_KRB5_REALM = "java.security.krb5.realm";
    public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    public static final String SUN_SECURITY_SPNEGO_DEBUG = "sun.security.spnego.debug";
    private final Configuration conf;
    private final List<String> services;
    private final PrintWriter out;
    private final File keytab;
    private final String principal;

    /* loaded from: input_file:org/apache/hadoop/security/KerberosDiags$KerberosDiagsFailure.class */
    public static class KerberosDiagsFailure extends ExitUtil.ExitException {
        public KerberosDiagsFailure(String str) {
            super(41, str);
        }

        public KerberosDiagsFailure(String str, Object... objArr) {
            this(String.format(str, objArr));
        }

        public KerberosDiagsFailure(Throwable th, String str, Object... objArr) {
            this(str, objArr);
            initCause(th);
        }
    }

    public KerberosDiags(Configuration configuration, PrintWriter printWriter, List<String> list, File file, String str) {
        this.conf = configuration;
        this.services = list;
        this.keytab = file;
        this.principal = str;
        this.out = printWriter;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.out != null) {
            this.out.flush();
        }
    }

    private void println(String str, Object... objArr) {
        String format = String.format(str, objArr);
        if (this.out == null) {
            LOG.info(format);
        } else {
            this.out.println(format);
            this.out.flush();
        }
    }

    private void title(String str, Object... objArr) {
        println("", new Object[0]);
        println("", new Object[0]);
        println(str, objArr);
        println("", new Object[0]);
    }

    private void printSysprop(String str) {
        println("%s = \"%s\"", str, System.getProperty(str, "(unset)"));
    }

    private void printConfOpt(String str) {
        println("%s = \"%s\"", str, this.conf.get(str, "(unset)"));
    }

    private void printEnv(String str) {
        String str2 = System.getenv(str);
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 != null ? str2 : "(unset)";
        println("%s = \"%s\"", objArr);
    }

    /* JADX WARN: Finally extract failed */
    private void dump(File file) throws IOException {
        Throwable th = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                Iterator<String> it = IOUtils.readLines(fileInputStream).iterator();
                while (it.hasNext()) {
                    println(it.next(), new Object[0]);
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                println("", new Object[0]);
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public boolean execute() throws Exception {
        title("Kerberos Diagnostics scan at %s", new Date(System.currentTimeMillis()));
        if (SecurityUtil.getAuthenticationMethod(this.conf).equals(UserGroupInformation.AuthenticationMethod.SIMPLE)) {
            println("security disabled", new Object[0]);
            return false;
        }
        title("System Properties", new Object[0]);
        for (String str : new String[]{JAVA_SECURITY_KRB5_CONF, "java.security.krb5.realm", SUN_SECURITY_KRB5_DEBUG, SUN_SECURITY_SPNEGO_DEBUG}) {
            printSysprop(str);
        }
        title("Environment Variables", new Object[0]);
        for (String str2 : new String[]{"HADOOP_JAAS_DEBUG", KRB5_CCNAME, SliderKeys.HADOOP_USER_NAME, SliderKeys.HADOOP_PROXY_USER, "HADOOP_TOKEN_FILE_LOCATION"}) {
            printEnv(str2);
        }
        for (String str3 : new String[]{"hadoop.kerberos.kinit.command", "hadoop.security.authentication", "hadoop.security.authorization", "hadoop.security.dns.interface", "hadoop.security.dns.nameserver", "hadoop.ssl.enabled", "hadoop.rpc.protection", "hadoop.security.saslproperties.resolver.class", "hadoop.security.crypto.codec.classes", "hadoop.security.group.mapping"}) {
            printConfOpt(str3);
        }
        System.setProperty(SUN_SECURITY_KRB5_DEBUG, "true");
        System.setProperty(SUN_SECURITY_SPNEGO_DEBUG, "true");
        title("Logging in", new Object[0]);
        UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
        dumpUser("Log in user", loginUser);
        println("Ticket based login: %b", Boolean.valueOf(UserGroupInformation.isLoginTicketBased()));
        println("Keytab based login: %b", Boolean.valueOf(UserGroupInformation.isLoginKeytabBased()));
        validateUser("Login user", loginUser);
        if (!Shell.WINDOWS) {
            title("Locating Kerberos configuration file", new Object[0]);
            String str4 = "/etc/krb5.conf";
            String property = System.getProperty(JAVA_SECURITY_KRB5_CONF);
            if (property != null) {
                println("Setting kerberos path from sysprop %s: %s", JAVA_SECURITY_KRB5_CONF, property);
                str4 = property;
            }
            String str5 = System.getenv(KRB5_CCNAME);
            if (str5 != null) {
                println("Setting kerberos path from environment variable %s: %s", KRB5_CCNAME, str5);
                str4 = str5;
                if (property != null) {
                    println("Warning - both %s and %s were set - %s takes priority", JAVA_SECURITY_KRB5_CONF, KRB5_CCNAME, KRB5_CCNAME);
                }
            }
            File file = new File(str4);
            println("Kerberos configuration file = %s", file);
            failif(!file.exists(), "Kerberos configuration file %s not found", file);
            dump(file);
        }
        if (this.keytab == null) {
            println("No keytab: logging is as current user", new Object[0]);
            return true;
        }
        File canonicalFile = this.keytab.getCanonicalFile();
        println("Using keytab %s principal %s", canonicalFile, this.principal);
        String str6 = this.principal;
        failif(!canonicalFile.exists(), "Keytab not found: %s", canonicalFile);
        failif(!canonicalFile.isFile(), "Keytab is not a valid file: %s", canonicalFile);
        failif(StringUtils.isEmpty(this.principal), "No principal defined", new Object[0]);
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(this.principal, canonicalFile.getPath());
        dumpUser(str6, loginUserFromKeytabAndReturnUGI);
        validateUser(this.principal, loginUserFromKeytabAndReturnUGI);
        title("Attempting to log in from keytab again", new Object[0]);
        UserGroupInformation.setShouldRenewImmediatelyForTests(true);
        loginUserFromKeytabAndReturnUGI.reloginFromKeytab();
        return true;
    }

    private void dumpUser(String str, UserGroupInformation userGroupInformation) throws IOException {
        title(str, new Object[0]);
        println("UGI=%s", userGroupInformation);
        println("Has kerberos credentials: %b", Boolean.valueOf(userGroupInformation.hasKerberosCredentials()));
        println("Authentication method: %s", userGroupInformation.getAuthenticationMethod());
        println("Real Authentication method: %s", userGroupInformation.getRealAuthenticationMethod());
        title("Group names", new Object[0]);
        for (String str2 : userGroupInformation.getGroupNames()) {
            println(str2, new Object[0]);
        }
        title("Credentials", new Object[0]);
        Credentials credentials = userGroupInformation.getCredentials();
        List allSecretKeys = credentials.getAllSecretKeys();
        title("Secret keys", new Object[0]);
        if (allSecretKeys.isEmpty()) {
            println("(none)", new Object[0]);
        } else {
            Iterator it = allSecretKeys.iterator();
            while (it.hasNext()) {
                println("%s", (Text) it.next());
            }
        }
        title("Tokens", new Object[0]);
        Collection allTokens = credentials.getAllTokens();
        if (allTokens.isEmpty()) {
            println("(none)", new Object[0]);
            return;
        }
        Iterator it2 = allTokens.iterator();
        while (it2.hasNext()) {
            println("%s", (Token) it2.next());
        }
    }

    private void validateUser(String str, UserGroupInformation userGroupInformation) {
        failif(!userGroupInformation.hasKerberosCredentials(), "%s: No kerberos credentials for  %s", str, userGroupInformation);
        failif(userGroupInformation.getAuthenticationMethod() == null, "%s: Null AuthenticationMethod for %s", str, userGroupInformation);
    }

    private void fail(String str, Object... objArr) throws KerberosDiagsFailure {
        throw new KerberosDiagsFailure(str, objArr);
    }

    private void failif(boolean z, String str, Object... objArr) throws KerberosDiagsFailure {
        if (z) {
            fail(str, objArr);
        }
    }
}
