package org.apache.omid.tools.hbase;

import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.phoenix.shaded.javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/omid/tools/hbase/HBaseLogin.class */
public final class HBaseLogin {
    private static volatile UserGroupInformation ugi;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HBaseLogin.class);
    private static final Object KERBEROS_LOGIN_LOCK = new Object();

    @Nullable
    public static UserGroupInformation loginIfNeeded(SecureHBaseConfig secureHBaseConfig) throws IOException {
        return loginIfNeeded(secureHBaseConfig, null);
    }

    @Nullable
    public static UserGroupInformation loginIfNeeded(SecureHBaseConfig secureHBaseConfig, Configuration configuration) throws IOException {
        boolean z = (null == secureHBaseConfig.getPrincipal() || null == secureHBaseConfig.getKeytab()) ? false : true;
        if (UserGroupInformation.isSecurityEnabled()) {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            boolean z2 = currentUser.hasKerberosCredentials() || (currentUser.getRealUser() != null && currentUser.getRealUser().hasKerberosCredentials());
            if (z && (!z2 || !isSameName(currentUser.getUserName(), secureHBaseConfig.getPrincipal()))) {
                synchronized (KERBEROS_LOGIN_LOCK) {
                    UserGroupInformation currentUser2 = UserGroupInformation.getCurrentUser();
                    if (!z2 || !isSameName(currentUser2.getUserName(), secureHBaseConfig.getPrincipal())) {
                        Configuration configuration2 = getConfiguration(configuration, secureHBaseConfig.getPrincipal(), secureHBaseConfig.getKeytab());
                        LOG.info("Trying to connect to a secure cluster as {} with keytab {}", configuration2.get(SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY), configuration2.get(SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY));
                        UserGroupInformation.setConfiguration(configuration2);
                        User.login(configuration2, SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY, SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY, (String) null);
                        LOG.info("Successful login to secure cluster");
                    }
                }
            } else if (z2) {
                LOG.debug("Already logged in as {}", currentUser);
            } else {
                LOG.warn("Security enabled but not logged in, and did not provide credentials. NULL UGI returned");
            }
        }
        return ugi;
    }

    static boolean isSameName(String str, String str2, String str3, String str4) throws IOException {
        boolean z = str2.indexOf(64) != -1;
        if (str2.contains("_HOST")) {
            if (z) {
                str2 = SecurityUtil.getServerPrincipal(str2, str3);
            } else if (str2.endsWith("/_HOST")) {
                str2 = str2.substring(0, str2.length() - 5) + str3;
            }
        }
        return (z || str4 == null) ? str.equals(str2) : str.equals(str2 + "@" + str4);
    }

    static boolean isSameName(String str, String str2) throws IOException {
        return isSameName(str, str2, null, getDefaultKerberosRealm());
    }

    static String getDefaultKerberosRealm() {
        try {
            return KerberosUtil.getDefaultRealm();
        } catch (Exception e) {
            return null;
        }
    }

    private static Configuration getConfiguration(Configuration configuration, String str, String str2) {
        if (configuration == null) {
            configuration = HBaseConfiguration.create();
        }
        if (null != str) {
            configuration.set(SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY, str);
        }
        if (null != str2) {
            configuration.set(SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY, str2);
        }
        return configuration;
    }
}
