package org.apache.accumulo.server.security;

import java.io.IOException;
import java.net.InetAddress;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.util.Daemon;
import org.apache.accumulo.fate.util.LoggingRunnable;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/server/security/SecurityUtil.class */
public class SecurityUtil {
    private static final Logger log = LoggerFactory.getLogger(SecurityUtil.class);
    private static final Logger renewalLog = LoggerFactory.getLogger("KerberosTicketRenewal");

    public static void serverLogin(AccumuloConfiguration accumuloConfiguration) {
        serverLogin(accumuloConfiguration, accumuloConfiguration.getPath(Property.GENERAL_KERBEROS_KEYTAB), accumuloConfiguration.get(Property.GENERAL_KERBEROS_PRINCIPAL));
    }

    public static void serverLogin(AccumuloConfiguration accumuloConfiguration, String str, String str2) {
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0) {
            return;
        }
        if (login(str2, str)) {
            try {
                startTicketRenewalThread(UserGroupInformation.getCurrentUser(), accumuloConfiguration.getTimeInMillis(Property.GENERAL_KERBEROS_RENEWAL_PERIOD));
                return;
            } catch (IOException e) {
                log.error("Failed to obtain Kerberos user after successfully logging in", e);
            }
        }
        throw new RuntimeException("Failed to perform Kerberos login for " + str2 + " using  " + str);
    }

    static boolean login(String str, String str2) {
        try {
            String serverPrincipal = getServerPrincipal(str);
            if (str2 == null || serverPrincipal == null || str2.length() == 0 || serverPrincipal.length() == 0) {
                return false;
            }
            log.info("Attempting to login with keytab as {}", serverPrincipal);
            UserGroupInformation.loginUserFromKeytab(serverPrincipal, str2);
            log.info("Succesfully logged in as user {}", serverPrincipal);
            return true;
        } catch (IOException e) {
            log.error("Error logging in user " + str + " using keytab at " + str2, e);
            return false;
        }
    }

    public static String getServerPrincipal(String str) {
        try {
            return org.apache.hadoop.security.SecurityUtil.getServerPrincipal(str, InetAddress.getLocalHost().getCanonicalHostName());
        } catch (IOException e) {
            throw new RuntimeException("Could not convert configured server principal: " + str, e);
        }
    }

    static void startTicketRenewalThread(final UserGroupInformation userGroupInformation, final long j) {
        Daemon daemon = new Daemon(new LoggingRunnable(renewalLog, new Runnable() { // from class: org.apache.accumulo.server.security.SecurityUtil.1
            @Override // java.lang.Runnable
            public void run() {
                while (true) {
                    try {
                        SecurityUtil.renewalLog.debug("Invoking renewal attempt for Kerberos ticket");
                        userGroupInformation.checkTGTAndReloginFromKeytab();
                    } catch (IOException e) {
                        SecurityUtil.renewalLog.error("Failed to renew Kerberos ticket", e);
                    }
                    try {
                        Thread.sleep(j);
                    } catch (InterruptedException e2) {
                        SecurityUtil.renewalLog.error("Renewal thread interrupted", e2);
                        Thread.currentThread().interrupt();
                        return;
                    }
                }
            }
        }));
        daemon.setName("Kerberos Ticket Renewal");
        daemon.start();
    }
}
