package com.hortonworks.spark.atlas;

import com.hortonworks.spark.atlas.utils.Logging;
import com.hortonworks.spark.atlas.utils.SparkUtils$;
import java.util.Properties;
import org.apache.atlas.utils.KafkaUtils;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.Token;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.scram.ScramLoginModule;
import org.apache.spark.SparkEnv;
import org.apache.spark.SparkEnv$;
import org.slf4j.Logger;
import scala.Function0;
import scala.Predef$;
import scala.StringContext;
import scala.collection.IterableLike;
import scala.collection.JavaConverters$;
import scala.runtime.BoxedUnit;

/* compiled from: KafkaSecurityUtils.scala */
/* loaded from: input_file:com/hortonworks/spark/atlas/KafkaSecurityUtils$.class */
public final class KafkaSecurityUtils$ implements Logging {
    public static final KafkaSecurityUtils$ MODULE$ = null;
    private final Text TOKEN_KIND;
    private final Text TOKEN_SERVICE;
    private final String SPARK_KEYTAB_CONF;
    private final String SPARK_PRINCIPAL_CONF;
    private final String JAAS_CONFIG_PREFIX_PARAM;
    private final String JAAS_DEFAULT_CLIENT_NAME;
    private final String JAAS_TICKET_BASED_CLIENT_NAME;
    private final String jaasKafkaClientPrefix;
    private final String com$hortonworks$spark$atlas$KafkaSecurityUtils$$jaasTicketBasedKafkaClientPrefix;
    private final String com$hortonworks$spark$atlas$KafkaSecurityUtils$$DEFAUILT_SASL_MECHANISM;
    private final String KAFKA_DYNAMIC_JAAS_CONF;
    private final String CONFIG_SSL_KEYSTORE_LOCATION;
    private final String CONFIG_SSL_KEYSTORE_PASSWORD;
    private final String CONFIG_SSL_TRUSTSTORE_LOCATION;
    private final String CONFIG_SSL_TRUSTSTORE_PASSWORD;
    private final Logger logger;
    private volatile boolean bitmap$0;

    static {
        new KafkaSecurityUtils$();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.logger = Logging.Cclass.logger(this);
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.logger;
        }
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public Logger logger() {
        return this.bitmap$0 ? this.logger : logger$lzycompute();
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logTrace(Function0<Object> function0) {
        Logging.Cclass.logTrace(this, function0);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logDebug(Function0<Object> function0) {
        Logging.Cclass.logDebug(this, function0);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logInfo(Function0<Object> function0) {
        Logging.Cclass.logInfo(this, function0);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logWarn(Function0<Object> function0) {
        Logging.Cclass.logWarn(this, function0);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logWarn(Function0<Object> function0, Throwable th) {
        Logging.Cclass.logWarn(this, function0, th);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logError(Function0<Object> function0, Throwable th) {
        Logging.Cclass.logError(this, function0, th);
    }

    @Override // com.hortonworks.spark.atlas.utils.Logging
    public void logError(Function0<Object> function0) {
        Logging.Cclass.logError(this, function0);
    }

    public Text TOKEN_KIND() {
        return this.TOKEN_KIND;
    }

    public Text TOKEN_SERVICE() {
        return this.TOKEN_SERVICE;
    }

    public String SPARK_KEYTAB_CONF() {
        return this.SPARK_KEYTAB_CONF;
    }

    public String SPARK_PRINCIPAL_CONF() {
        return this.SPARK_PRINCIPAL_CONF;
    }

    private String JAAS_CONFIG_PREFIX_PARAM() {
        return this.JAAS_CONFIG_PREFIX_PARAM;
    }

    private String JAAS_DEFAULT_CLIENT_NAME() {
        return this.JAAS_DEFAULT_CLIENT_NAME;
    }

    private String JAAS_TICKET_BASED_CLIENT_NAME() {
        return this.JAAS_TICKET_BASED_CLIENT_NAME;
    }

    public String jaasKafkaClientPrefix() {
        return this.jaasKafkaClientPrefix;
    }

    public String com$hortonworks$spark$atlas$KafkaSecurityUtils$$jaasTicketBasedKafkaClientPrefix() {
        return this.com$hortonworks$spark$atlas$KafkaSecurityUtils$$jaasTicketBasedKafkaClientPrefix;
    }

    public String com$hortonworks$spark$atlas$KafkaSecurityUtils$$DEFAUILT_SASL_MECHANISM() {
        return this.com$hortonworks$spark$atlas$KafkaSecurityUtils$$DEFAUILT_SASL_MECHANISM;
    }

    public String KAFKA_DYNAMIC_JAAS_CONF() {
        return this.KAFKA_DYNAMIC_JAAS_CONF;
    }

    public boolean needsAuth(Properties properties) {
        Object obj = properties.get("bootstrap.servers");
        Object obj2 = properties.get("security.protocol");
        logDebug(new KafkaSecurityUtils$$anonfun$needsAuth$1(obj, obj2));
        if (obj != null) {
            String str = SecurityProtocol.SASL_SSL.name;
            if (obj2 != null ? !obj2.equals(str) : str != null) {
                String str2 = SecurityProtocol.SSL.name;
                if (obj2 != null ? !obj2.equals(str2) : str2 != null) {
                    String str3 = SecurityProtocol.SASL_PLAINTEXT.name;
                    if (obj2 != null ? !obj2.equals(str3) : str3 != null) {
                    }
                }
            }
            return true;
        }
        return false;
    }

    public String CONFIG_SSL_KEYSTORE_LOCATION() {
        return this.CONFIG_SSL_KEYSTORE_LOCATION;
    }

    public String CONFIG_SSL_KEYSTORE_PASSWORD() {
        return this.CONFIG_SSL_KEYSTORE_PASSWORD;
    }

    public String CONFIG_SSL_TRUSTSTORE_LOCATION() {
        return this.CONFIG_SSL_TRUSTSTORE_LOCATION;
    }

    public String CONFIG_SSL_TRUSTSTORE_PASSWORD() {
        return this.CONFIG_SSL_TRUSTSTORE_PASSWORD;
    }

    public Properties kafkaConf(AtlasClientConf atlasClientConf) {
        Properties subset = atlasClientConf.subset("atlas.kafka");
        removeInvalidStoreConfigsInKafkaConf(subset, CONFIG_SSL_KEYSTORE_LOCATION(), CONFIG_SSL_KEYSTORE_PASSWORD());
        removeInvalidStoreConfigsInKafkaConf(subset, CONFIG_SSL_TRUSTSTORE_LOCATION(), CONFIG_SSL_TRUSTSTORE_PASSWORD());
        return subset;
    }

    private void removeInvalidStoreConfigsInKafkaConf(Properties properties, String str, String str2) {
        String property = properties.getProperty(str);
        if (property == null || !property.isEmpty()) {
            return;
        }
        logInfo(new KafkaSecurityUtils$$anonfun$removeInvalidStoreConfigsInKafkaConf$1(str, str2));
        properties.remove(str);
        properties.remove(str2);
    }

    public void configureAuth(AtlasClientConf atlasClientConf) {
        SparkEnv sparkEnv = SparkEnv$.MODULE$.get();
        if (sparkEnv == null || !needsAuth(kafkaConf(atlasClientConf))) {
            return;
        }
        clearTicketBasedKafkaJaasConfig(atlasClientConf);
        atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.useKeyTab"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), "false");
        atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.useTicketCache"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), "false");
        Token token = SparkUtils$.MODULE$.ugi().getCredentials().getToken(TOKEN_SERVICE());
        String str = (String) sparkEnv.conf().getOption(SPARK_KEYTAB_CONF()).orNull(Predef$.MODULE$.$conforms());
        if (token != null) {
            logDebug(new KafkaSecurityUtils$$anonfun$configureAuth$1());
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".loginModuleName"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), ScramLoginModule.class.getName());
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.username"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), new String(token.getIdentifier()));
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.password"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), new String(token.getPassword()));
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.tokenauth"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), "true");
            String s = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"atlas.kafka.", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{"sasl.mechanism"}));
            if (atlasClientConf.getOption(s).isEmpty()) {
                logDebug(new KafkaSecurityUtils$$anonfun$configureAuth$2(s));
                atlasClientConf.set(s, com$hortonworks$spark$atlas$KafkaSecurityUtils$$DEFAUILT_SASL_MECHANISM());
            } else {
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            }
        } else if (str == null) {
            logDebug(new KafkaSecurityUtils$$anonfun$configureAuth$4());
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".loginModuleName"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), getKrb5LoginModuleName());
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.useTicketCache"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), "true");
        } else {
            logDebug(new KafkaSecurityUtils$$anonfun$configureAuth$3(str));
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".loginModuleName"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), getKrb5LoginModuleName());
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.useKeyTab"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), "true");
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.principal"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), sparkEnv.conf().get(SPARK_PRINCIPAL_CONF()));
            atlasClientConf.set(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".option.keyTab"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{jaasKafkaClientPrefix()})), str);
        }
        atlasClientConf.refresh();
    }

    private void clearTicketBasedKafkaJaasConfig(AtlasClientConf atlasClientConf) {
        logDebug(new KafkaSecurityUtils$$anonfun$clearTicketBasedKafkaJaasConfig$1());
        ((IterableLike) JavaConverters$.MODULE$.asScalaSetConverter(atlasClientConf.subset(com$hortonworks$spark$atlas$KafkaSecurityUtils$$jaasTicketBasedKafkaClientPrefix()).stringPropertyNames()).asScala()).foreach(new KafkaSecurityUtils$$anonfun$clearTicketBasedKafkaJaasConfig$2(atlasClientConf));
    }

    private String getKrb5LoginModuleName() {
        return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "com.sun.security.auth.module.Krb5LoginModule";
    }

    private KafkaSecurityUtils$() {
        MODULE$ = this;
        Logging.Cclass.$init$(this);
        this.TOKEN_KIND = new Text("ATLAS_DELEGATION_TOKEN");
        this.TOKEN_SERVICE = new Text("atlas.kafka.delegation.token");
        this.SPARK_KEYTAB_CONF = "spark.yarn.keytab";
        this.SPARK_PRINCIPAL_CONF = "spark.yarn.principal";
        this.JAAS_CONFIG_PREFIX_PARAM = "atlas.jaas";
        this.JAAS_DEFAULT_CLIENT_NAME = "KafkaClient";
        this.JAAS_TICKET_BASED_CLIENT_NAME = "ticketBased-KafkaClient";
        this.jaasKafkaClientPrefix = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{JAAS_CONFIG_PREFIX_PARAM(), JAAS_DEFAULT_CLIENT_NAME()}));
        this.com$hortonworks$spark$atlas$KafkaSecurityUtils$$jaasTicketBasedKafkaClientPrefix = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ".", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{JAAS_CONFIG_PREFIX_PARAM(), JAAS_TICKET_BASED_CLIENT_NAME()}));
        this.com$hortonworks$spark$atlas$KafkaSecurityUtils$$DEFAUILT_SASL_MECHANISM = "SCRAM-SHA-512";
        this.KAFKA_DYNAMIC_JAAS_CONF = KafkaUtils.KAFKA_SASL_JAAS_CONFIG_PROPERTY;
        this.CONFIG_SSL_KEYSTORE_LOCATION = "ssl.keystore.location";
        this.CONFIG_SSL_KEYSTORE_PASSWORD = "ssl.keystore.password";
        this.CONFIG_SSL_TRUSTSTORE_LOCATION = "ssl.truststore.location";
        this.CONFIG_SSL_TRUSTSTORE_PASSWORD = "ssl.truststore.password";
    }
}
