package org.apache.accumulo.harness;

import com.google.common.base.Preconditions;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.accumulo.cluster.ClusterUser;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.KerberosToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
import org.apache.accumulo.server.security.handler.KerberosAuthenticator;
import org.apache.accumulo.server.security.handler.KerberosAuthorizor;
import org.apache.accumulo.server.security.handler.KerberosPermissionHandler;
import org.apache.accumulo.test.functional.NativeMapIT;
import org.apache.accumulo.test.util.CertUtils;
import org.apache.hadoop.conf.Configuration;
import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/harness/MiniClusterHarness.class */
public class MiniClusterHarness {
    private static final String PROP_PREFIX = "org.apache.accumulo.test.functional.";
    public static final String USE_SSL_FOR_IT_OPTION = "org.apache.accumulo.test.functional.useSslForIT";
    public static final String USE_CRED_PROVIDER_FOR_IT_OPTION = "org.apache.accumulo.test.functional.useCredProviderForIT";
    public static final String USE_KERBEROS_FOR_IT_OPTION = "org.apache.accumulo.test.functional.useKrbForIT";
    public static final String JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf";
    public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    private static final Logger log = LoggerFactory.getLogger(MiniClusterHarness.class);
    private static final AtomicLong COUNTER = new AtomicLong(0);
    public static final String TRUE = Boolean.toString(true);

    public MiniAccumuloClusterImpl create(AuthenticationToken authenticationToken) throws Exception {
        return create(MiniClusterHarness.class.getName(), Long.toString(COUNTER.incrementAndGet()), authenticationToken);
    }

    public MiniAccumuloClusterImpl create(AuthenticationToken authenticationToken, TestingKdc testingKdc) throws Exception {
        return create(MiniClusterHarness.class.getName(), Long.toString(COUNTER.incrementAndGet()), authenticationToken, testingKdc);
    }

    public MiniAccumuloClusterImpl create(AccumuloITBase accumuloITBase, AuthenticationToken authenticationToken) throws Exception {
        return create(accumuloITBase.getClass().getName(), accumuloITBase.testName.getMethodName(), authenticationToken);
    }

    public MiniAccumuloClusterImpl create(AccumuloITBase accumuloITBase, AuthenticationToken authenticationToken, TestingKdc testingKdc) throws Exception {
        return create(accumuloITBase, authenticationToken, testingKdc, MiniClusterConfigurationCallback.NO_CALLBACK);
    }

    public MiniAccumuloClusterImpl create(AccumuloITBase accumuloITBase, AuthenticationToken authenticationToken, TestingKdc testingKdc, MiniClusterConfigurationCallback miniClusterConfigurationCallback) throws Exception {
        return create(accumuloITBase.getClass().getName(), accumuloITBase.testName.getMethodName(), authenticationToken, miniClusterConfigurationCallback, testingKdc);
    }

    public MiniAccumuloClusterImpl create(AccumuloClusterHarness accumuloClusterHarness, AuthenticationToken authenticationToken, TestingKdc testingKdc) throws Exception {
        return create(accumuloClusterHarness.getClass().getName(), accumuloClusterHarness.testName.getMethodName(), authenticationToken, accumuloClusterHarness, testingKdc);
    }

    public MiniAccumuloClusterImpl create(AccumuloClusterHarness accumuloClusterHarness, AuthenticationToken authenticationToken, MiniClusterConfigurationCallback miniClusterConfigurationCallback) throws Exception {
        return create(accumuloClusterHarness.getClass().getName(), accumuloClusterHarness.testName.getMethodName(), authenticationToken, miniClusterConfigurationCallback);
    }

    public MiniAccumuloClusterImpl create(String str, String str2, AuthenticationToken authenticationToken) throws Exception {
        return create(str, str2, authenticationToken, MiniClusterConfigurationCallback.NO_CALLBACK);
    }

    public MiniAccumuloClusterImpl create(String str, String str2, AuthenticationToken authenticationToken, TestingKdc testingKdc) throws Exception {
        return create(str, str2, authenticationToken, MiniClusterConfigurationCallback.NO_CALLBACK, testingKdc);
    }

    public MiniAccumuloClusterImpl create(String str, String str2, AuthenticationToken authenticationToken, MiniClusterConfigurationCallback miniClusterConfigurationCallback) throws Exception {
        return create(str, str2, authenticationToken, miniClusterConfigurationCallback, null);
    }

    public MiniAccumuloClusterImpl create(String str, String str2, AuthenticationToken authenticationToken, MiniClusterConfigurationCallback miniClusterConfigurationCallback, TestingKdc testingKdc) throws Exception {
        Objects.requireNonNull(authenticationToken);
        Preconditions.checkArgument((authenticationToken instanceof PasswordToken) || (authenticationToken instanceof KerberosToken), "A PasswordToken or KerberosToken is required");
        String str3 = authenticationToken instanceof PasswordToken ? new String(((PasswordToken) authenticationToken).getPassword(), StandardCharsets.UTF_8) : UUID.randomUUID().toString();
        File createTestDir = AccumuloClusterHarness.createTestDir(str + "_" + str2);
        MiniAccumuloConfigImpl miniAccumuloConfigImpl = new MiniAccumuloConfigImpl(createTestDir, str3);
        miniAccumuloConfigImpl.setNativeLibPaths(new String[]{NativeMapIT.nativeMapLocation().getAbsolutePath()});
        miniAccumuloConfigImpl.setProperty(Property.TSERV_NATIVEMAP_ENABLED, Boolean.TRUE.toString());
        Configuration configuration = new Configuration(false);
        configureForEnvironment(miniAccumuloConfigImpl, getClass(), AccumuloClusterHarness.getSslDir(createTestDir), configuration, testingKdc);
        miniClusterConfigurationCallback.configureMiniCluster(miniAccumuloConfigImpl, configuration);
        MiniAccumuloClusterImpl miniAccumuloClusterImpl = new MiniAccumuloClusterImpl(miniAccumuloConfigImpl);
        if (configuration.size() > 0) {
            File file = new File(miniAccumuloClusterImpl.getConfig().getConfDir(), "core-site.xml");
            if (file.exists()) {
                throw new RuntimeException(file + " already exist");
            }
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(new File(miniAccumuloClusterImpl.getConfig().getConfDir(), "core-site.xml")));
            configuration.writeXml(bufferedOutputStream);
            bufferedOutputStream.close();
        }
        return miniAccumuloClusterImpl;
    }

    protected void configureForEnvironment(MiniAccumuloConfigImpl miniAccumuloConfigImpl, Class<?> cls, File file, Configuration configuration, TestingKdc testingKdc) {
        if (TRUE.equals(System.getProperty(USE_SSL_FOR_IT_OPTION))) {
            configureForSsl(miniAccumuloConfigImpl, file);
        }
        if (TRUE.equals(System.getProperty(USE_CRED_PROVIDER_FOR_IT_OPTION))) {
            miniAccumuloConfigImpl.setUseCredentialProvider(true);
        }
        if (TRUE.equals(System.getProperty(USE_KERBEROS_FOR_IT_OPTION))) {
            if (TRUE.equals(System.getProperty(USE_SSL_FOR_IT_OPTION))) {
                throw new RuntimeException("Cannot use both SSL and Kerberos");
            }
            try {
                configureForKerberos(miniAccumuloConfigImpl, file, configuration, testingKdc);
            } catch (Exception e) {
                throw new RuntimeException("Failed to initialize KDC", e);
            }
        }
    }

    protected void configureForSsl(MiniAccumuloConfigImpl miniAccumuloConfigImpl, File file) {
        Map siteConfig = miniAccumuloConfigImpl.getSiteConfig();
        if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) {
            return;
        }
        File file2 = new File(file, "ssl");
        Assert.assertTrue(file2.mkdirs() || file2.isDirectory());
        File file3 = new File(file2, "root-" + miniAccumuloConfigImpl.getInstanceName() + ".jks");
        File file4 = new File(file2, "local-" + miniAccumuloConfigImpl.getInstanceName() + ".jks");
        File file5 = new File(file2, "public-" + miniAccumuloConfigImpl.getInstanceName() + ".jks");
        try {
            new CertUtils(Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster", "RSA", 2048, "sha1WithRSAEncryption").createAll(file3, file4, file5, miniAccumuloConfigImpl.getInstanceName(), "root_keystore_password", miniAccumuloConfigImpl.getRootPassword(), "truststore_password");
            siteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true");
            siteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), file4.getAbsolutePath());
            siteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), miniAccumuloConfigImpl.getRootPassword());
            siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), file5.getAbsolutePath());
            siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), "truststore_password");
            miniAccumuloConfigImpl.setSiteConfig(siteConfig);
        } catch (Exception e) {
            throw new RuntimeException("error creating MAC keystore", e);
        }
    }

    protected void configureForKerberos(MiniAccumuloConfigImpl miniAccumuloConfigImpl, File file, Configuration configuration, TestingKdc testingKdc) throws Exception {
        Map siteConfig = miniAccumuloConfigImpl.getSiteConfig();
        if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) {
            throw new RuntimeException("Cannot use both SSL and SASL/Kerberos");
        }
        if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SASL_ENABLED.getKey()))) {
            return;
        }
        if (null == testingKdc) {
            throw new IllegalStateException("MiniClusterKdc was null");
        }
        log.info("Enabling Kerberos/SASL for minicluster");
        miniAccumuloConfigImpl.setProperty(Property.INSTANCE_RPC_SASL_ENABLED, "true");
        ClusterUser accumuloServerUser = testingKdc.getAccumuloServerUser();
        miniAccumuloConfigImpl.setProperty(Property.GENERAL_KERBEROS_KEYTAB, accumuloServerUser.getKeytab().getAbsolutePath());
        miniAccumuloConfigImpl.setProperty(Property.GENERAL_KERBEROS_PRINCIPAL, accumuloServerUser.getPrincipal());
        miniAccumuloConfigImpl.setProperty(Property.INSTANCE_SECURITY_AUTHENTICATOR, KerberosAuthenticator.class.getName());
        miniAccumuloConfigImpl.setProperty(Property.INSTANCE_SECURITY_AUTHORIZOR, KerberosAuthorizor.class.getName());
        miniAccumuloConfigImpl.setProperty(Property.INSTANCE_SECURITY_PERMISSION_HANDLER, KerberosPermissionHandler.class.getName());
        miniAccumuloConfigImpl.setProperty(Property.TRACE_USER, accumuloServerUser.getPrincipal());
        miniAccumuloConfigImpl.setProperty(Property.TRACE_TOKEN_TYPE, KerberosToken.CLASS_NAME);
        Map systemProperties = miniAccumuloConfigImpl.getSystemProperties();
        systemProperties.put(JAVA_SECURITY_KRB5_CONF, System.getProperty(JAVA_SECURITY_KRB5_CONF, ""));
        systemProperties.put(SUN_SECURITY_KRB5_DEBUG, System.getProperty(SUN_SECURITY_KRB5_DEBUG, "false"));
        miniAccumuloConfigImpl.setSystemProperties(systemProperties);
        configuration.set("hadoop.security.authentication", "kerberos");
        miniAccumuloConfigImpl.setRootUserName(testingKdc.getRootUser().getPrincipal());
    }
}
