package org.apache.flume.sink.kite;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.File;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.kitesdk.data.DatasetException;
import org.kitesdk.data.DatasetIOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flume/sink/kite/KerberosUtil.class */
public class KerberosUtil {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosUtil.class);

    /* loaded from: input_file:org/apache/flume/sink/kite/KerberosUtil$SecurityException.class */
    public static class SecurityException extends RuntimeException {
        private SecurityException(String str) {
            super(str);
        }

        private SecurityException(String str, Throwable th) {
            super(str, th);
        }

        private SecurityException(Throwable th) {
            super(th);
        }
    }

    public static UserGroupInformation proxyAs(String str, UserGroupInformation userGroupInformation) {
        Preconditions.checkArgument((str == null || str.isEmpty()) ? false : true, "Invalid username: " + String.valueOf(str));
        Preconditions.checkArgument(userGroupInformation != null, "Cannot proxy without an authenticated user");
        return UserGroupInformation.createProxyUser(str, userGroupInformation);
    }

    public static synchronized UserGroupInformation login(String str, String str2) {
        String str3 = null;
        if (str != null && !str.isEmpty()) {
            try {
                str3 = SecurityUtil.getServerPrincipal(str, "");
            } catch (IOException e) {
                throw new SecurityException("Failed to resolve Kerberos principal", e);
            }
        }
        UserGroupInformation userGroupInformation = null;
        try {
            userGroupInformation = UserGroupInformation.getLoginUser();
        } catch (IOException e2) {
            LOG.debug("Unable to get login user before Kerberos auth attempt", e2);
        }
        if (userGroupInformation != null) {
            if (str3 != null && !str3.equals(userGroupInformation.getUserName())) {
                throw new SecurityException("Cannot use multiple Kerberos principals: " + str3 + " would replace " + userGroupInformation.getUserName());
            }
            LOG.debug("Using existing login for {}: {}", str3, userGroupInformation);
            return userGroupInformation;
        }
        Preconditions.checkArgument((str == null || str.isEmpty()) ? false : true, "Invalid Kerberos principal: " + String.valueOf(str));
        Preconditions.checkNotNull(str3, "Resolved principal must not be null");
        Preconditions.checkArgument((str2 == null || str2.isEmpty()) ? false : true, "Invalid Kerberos keytab: " + String.valueOf(str2));
        File file = new File(str2);
        Preconditions.checkArgument(file.isFile() && file.canRead(), "Keytab is not a readable file: " + String.valueOf(str2));
        try {
            LOG.debug("Logging in as {} with {}", str3, str2);
            UserGroupInformation.loginUserFromKeytab(str, str2);
            return UserGroupInformation.getLoginUser();
        } catch (IOException e3) {
            throw new SecurityException("Kerberos login failed", e3);
        }
    }

    public static <T> T runPrivileged(UserGroupInformation userGroupInformation, PrivilegedExceptionAction<T> privilegedExceptionAction) {
        try {
            return userGroupInformation == null ? privilegedExceptionAction.run() : (T) userGroupInformation.doAs(privilegedExceptionAction);
        } catch (IOException e) {
            throw new DatasetIOException("Privileged action failed", e);
        } catch (InterruptedException e2) {
            Thread.interrupted();
            throw new DatasetException(e2);
        } catch (Exception e3) {
            throw Throwables.propagate(e3);
        }
    }
}
