package org.apache.flink.test.util;

import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.annotation.Nullable;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.GlobalConfiguration;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.runtime.security.KerberosUtils;
import org.apache.flink.runtime.security.SecurityConfiguration;
import org.apache.flink.test.util.TestingSecurityContext;
import org.apache.flink.util.Preconditions;
import org.apache.hadoop.minikdc.MiniKdc;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/test/util/SecureTestEnvironment.class */
public class SecureTestEnvironment {
    public static final String HOST_NAME = "localhost";
    private static MiniKdc kdc;
    protected static final Logger LOG = LoggerFactory.getLogger(SecureTestEnvironment.class);
    private static String testKeytab = null;
    private static String testZkServerPrincipal = null;
    private static String testZkClientPrincipal = null;
    private static String testKafkaServerPrincipal = null;
    private static String hadoopServicePrincipal = null;
    private static String testPrincipal = null;

    private static void doPrepare(File file, String... strArr) {
        Preconditions.checkArgument(strArr != null, "Valid principals must be provided");
        try {
            LOG.info("Base Directory for Secure Environment: {}", file);
            Properties createConf = MiniKdc.createConf();
            if (LOG.isDebugEnabled()) {
                createConf.setProperty("debug", "true");
            }
            createConf.setProperty("kdc.bind.address", HOST_NAME);
            kdc = new MiniKdc(createConf, file);
            kdc.start();
            LOG.info("Started Mini KDC");
            File file2 = new File(file, "test-users.keytab");
            testKeytab = file2.getAbsolutePath();
            testZkServerPrincipal = "zookeeper/localhost";
            testZkClientPrincipal = "zk-client/localhost";
            testKafkaServerPrincipal = "kafka/localhost";
            hadoopServicePrincipal = "hadoop/localhost";
            testPrincipal = "client/localhost";
            kdc.createPrincipal(file2, (String[]) ArrayUtils.addAll(new String[]{testZkServerPrincipal, testZkClientPrincipal, testKafkaServerPrincipal, hadoopServicePrincipal, testPrincipal}, strArr));
            testZkServerPrincipal += "@" + kdc.getRealm();
            testZkClientPrincipal += "@" + kdc.getRealm();
            testKafkaServerPrincipal += "@" + kdc.getRealm();
            hadoopServicePrincipal += "@" + kdc.getRealm();
            testPrincipal += "@" + kdc.getRealm();
            LOG.info("-------------------------------------------------------------------");
            LOG.info("Test Principal: {}", testPrincipal);
            LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
            LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
            LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
            LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
            LOG.info("Test Keytab: {}", testKeytab);
            LOG.info("-------------------------------------------------------------------");
            Configuration loadConfiguration = GlobalConfiguration.loadConfiguration();
            loadConfiguration.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
            loadConfiguration.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
            loadConfiguration.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
            loadConfiguration.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
            loadConfiguration.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient," + KerberosUtils.getDefaultKerberosInitAppEntryName());
            TestingSecurityContext.install(new SecurityConfiguration(loadConfiguration), getClientSecurityConfigurationMap());
            populateJavaPropertyVariables();
        } catch (Exception e) {
            throw new RuntimeException("Exception occurred while preparing secure environment.", e);
        }
    }

    public static void prepare(File file, String... strArr) {
        doPrepare(file, strArr);
    }

    public static void cleanup() {
        LOG.info("Cleaning up Secure Environment");
        if (kdc != null) {
            kdc.stop();
            LOG.info("Stopped KDC server");
        }
        resetSystemEnvVariables();
        testKeytab = null;
        testZkServerPrincipal = null;
        testZkClientPrincipal = null;
        testKafkaServerPrincipal = null;
        hadoopServicePrincipal = null;
        testPrincipal = null;
    }

    private static void populateJavaPropertyVariables() {
        if (LOG.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
        }
        System.setProperty("java.security.krb5.conf", kdc.getKrb5conf().getAbsolutePath());
        System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
        System.setProperty("zookeeper.kerberos.removeHostFromPrincipal", "true");
        System.setProperty("zookeeper.kerberos.removeRealmFromPrincipal", "true");
    }

    private static void resetSystemEnvVariables() {
        System.clearProperty("java.security.krb5.conf");
        System.clearProperty("sun.security.krb5.debug");
        System.clearProperty("zookeeper.authProvider.1");
        System.clearProperty("zookeeper.kerberos.removeHostFromPrincipal");
        System.clearProperty("zookeeper.kerberos.removeRealmFromPrincipal");
    }

    public static Configuration populateFlinkSecureConfigurations(@Nullable Configuration configuration) {
        Configuration configuration2 = configuration == null ? new Configuration() : configuration;
        configuration2.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
        configuration2.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
        return configuration2;
    }

    public static Map<String, TestingSecurityContext.ClientSecurityConfiguration> getClientSecurityConfigurationMap() {
        HashMap hashMap = new HashMap();
        if (testZkServerPrincipal != null) {
            hashMap.put("Server", new TestingSecurityContext.ClientSecurityConfiguration(testZkServerPrincipal, testKeytab));
        }
        if (testZkClientPrincipal != null) {
            hashMap.put("Client", new TestingSecurityContext.ClientSecurityConfiguration(testZkClientPrincipal, testKeytab));
        }
        if (testKafkaServerPrincipal != null) {
            hashMap.put("KafkaServer", new TestingSecurityContext.ClientSecurityConfiguration(testKafkaServerPrincipal, testKeytab));
        }
        return hashMap;
    }

    public static String getRealm() {
        Preconditions.checkNotNull(kdc, "KDC must be initialized");
        return kdc.getRealm();
    }

    public static String getTestKeytab() {
        return testKeytab;
    }

    public static String getHadoopServicePrincipal() {
        return hadoopServicePrincipal;
    }
}
