package org.apache.flink.runtime.security;

import java.io.File;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.flink.annotation.Internal;
import org.apache.flink.shaded.zookeeper.org.apache.zookeeper.client.ZooKeeperSaslClient;
import org.apache.flink.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Internal
/* loaded from: input_file:org/apache/flink/runtime/security/KerberosUtils.class */
public class KerberosUtils {
    private static final AppConfigurationEntry userKerberosAce;
    private static final Logger LOG = LoggerFactory.getLogger(KerberosUtils.class);
    private static final String JAVA_VENDOR_NAME = System.getProperty("java.vendor");
    private static final Map<String, String> debugOptions = new HashMap();
    private static final Map<String, String> kerberosCacheOptions = new HashMap();
    private static final boolean IBM_JAVA = JAVA_VENDOR_NAME.contains("IBM");

    public static String getKrb5LoginModuleName() {
        return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "com.sun.security.auth.module.Krb5LoginModule";
    }

    public static AppConfigurationEntry ticketCacheEntry() {
        return userKerberosAce;
    }

    public static AppConfigurationEntry keytabEntry(String str, String str2) {
        Preconditions.checkNotNull(str, "keytab");
        Preconditions.checkNotNull(str2, "principal");
        HashMap hashMap = new HashMap();
        if (IBM_JAVA) {
            hashMap.put("useKeytab", prependFileUri(str));
            hashMap.put("credsType", "both");
        } else {
            hashMap.put("keyTab", str);
            hashMap.put("doNotPrompt", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("useKeyTab", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("storeKey", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        }
        hashMap.put("principal", str2);
        hashMap.put("refreshKrb5Config", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        hashMap.putAll(debugOptions);
        return new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
    }

    private static String prependFileUri(String str) {
        return new File(str).toURI().toString();
    }

    static {
        if (LOG.isDebugEnabled()) {
            debugOptions.put("debug", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        }
        if (IBM_JAVA) {
            kerberosCacheOptions.put("useDefaultCcache", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        } else {
            kerberosCacheOptions.put("doNotPrompt", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            kerberosCacheOptions.put("useTicketCache", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        }
        String str = System.getenv("KRB5CCNAME");
        if (str != null) {
            if (IBM_JAVA) {
                System.setProperty("KRB5CCNAME", str);
            } else {
                kerberosCacheOptions.put("ticketCache", str);
            }
        }
        kerberosCacheOptions.put("renewTGT", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
        kerberosCacheOptions.putAll(debugOptions);
        userKerberosAce = new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, kerberosCacheOptions);
    }
}
