package org.apache.hadoop.security.authentication;

import java.io.File;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.hadoop.security.authentication.util.KerberosUtil;

/* loaded from: input_file:org/apache/hadoop/security/authentication/KerberosTestUtils.class */
public class KerberosTestUtils {
    private static final String PREFIX = "hadoop-auth.test.";
    public static final String REALM = "hadoop-auth.test.kerberos.realm";
    public static final String CLIENT_PRINCIPAL = "hadoop-auth.test.kerberos.client.principal";
    public static final String SERVER_PRINCIPAL = "hadoop-auth.test.kerberos.server.principal";
    public static final String KEYTAB_FILE = "hadoop-auth.test.kerberos.keytab.file";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/security/authentication/KerberosTestUtils$KerberosConfiguration.class */
    public static class KerberosConfiguration extends Configuration {
        private String principal;

        public KerberosConfiguration(String str) {
            this.principal = str;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("keyTab", KerberosTestUtils.getKeytabFile());
            hashMap.put("principal", this.principal);
            hashMap.put("useKeyTab", "true");
            hashMap.put("storeKey", "true");
            hashMap.put("doNotPrompt", "true");
            hashMap.put("useTicketCache", "true");
            hashMap.put("renewTGT", "true");
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("isInitiator", "true");
            String str2 = System.getenv("KRB5CCNAME");
            if (str2 != null) {
                hashMap.put("ticketCache", str2);
            }
            hashMap.put("debug", "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    public static String getRealm() {
        return System.getProperty(REALM, "LOCALHOST");
    }

    public static String getClientPrincipal() {
        return System.getProperty(CLIENT_PRINCIPAL, "client") + "@" + getRealm();
    }

    public static String getServerPrincipal() {
        return System.getProperty(SERVER_PRINCIPAL, "HTTP/localhost") + "@" + getRealm();
    }

    public static String getKeytabFile() {
        return System.getProperty(KEYTAB_FILE, new File(System.getProperty("user.home"), System.getProperty("user.name") + ".keytab").toString());
    }

    public static <T> T doAs(String str, final Callable<T> callable) throws Exception {
        LoginContext loginContext = null;
        try {
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(new KerberosPrincipal(getClientPrincipal()));
                loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, new KerberosConfiguration(str));
                loginContext.login();
                T t = (T) Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<T>() { // from class: org.apache.hadoop.security.authentication.KerberosTestUtils.1
                    @Override // java.security.PrivilegedExceptionAction
                    public T run() throws Exception {
                        return (T) callable.call();
                    }
                });
                if (loginContext != null) {
                    loginContext.logout();
                }
                return t;
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                loginContext.logout();
            }
            throw th;
        }
    }

    public static <T> T doAsClient(Callable<T> callable) throws Exception {
        return (T) doAs(getClientPrincipal(), callable);
    }

    public static <T> T doAsServer(Callable<T> callable) throws Exception {
        return (T) doAs(getServerPrincipal(), callable);
    }
}
