package org.apache.ambari.server.controller.utilities;

import com.google.inject.Inject;
import java.io.File;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/controller/utilities/KerberosChecker.class */
public class KerberosChecker {
    static final String HTTP_SPNEGO_STANDARD_ENTRY = "com.sun.security.jgss.krb5.initiate";
    private static final String KRB5_LOGIN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
    public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private static final Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);

    @Inject
    static Configuration config;

    @Inject
    static LoginContextHelper loginContextHelper;

    public static void checkJaasConfiguration() throws AmbariException {
        if (!config.isKerberosJaasConfigurationCheckEnabled()) {
            LOG.info("Skipping Ambari Server Kerberos credentials check.");
            return;
        }
        LOG.info("Checking Ambari Server Kerberos credentials.");
        String property = System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        AppConfigurationEntry[] appConfigurationEntry = javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
        if (appConfigurationEntry == null) {
            LOG.warn("Can't find com.sun.security.jgss.krb5.initiate entry in " + property);
        } else {
            boolean z = false;
            for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
                if (KRB5_LOGIN_MODULE.equals(appConfigurationEntry2.getLoginModuleName())) {
                    z = true;
                    Map options = appConfigurationEntry2.getOptions();
                    if (options != null) {
                        if (options.containsKey("keyTab")) {
                            String str = (String) options.get("keyTab");
                            File file = new File(str);
                            if (!file.exists()) {
                                LOG.warn(str + " doesn't exist.");
                            } else if (!file.canRead()) {
                                LOG.warn("Unable to read " + str + " Please check the file access permissions for user " + System.getProperty("user.name"));
                            }
                        } else {
                            LOG.warn("Can't find keyTab option in com.sun.security.auth.module.Krb5LoginModule module of com.sun.security.jgss.krb5.initiate entry in " + property);
                        }
                        if (!options.containsKey(KerberosIdentityDataFile.PRINCIPAL)) {
                            LOG.warn("Can't find principal option in com.sun.security.auth.module.Krb5LoginModule module of com.sun.security.jgss.krb5.initiate entry in " + property);
                        }
                    }
                }
            }
            if (!z) {
                LOG.warn("Can't find com.sun.security.auth.module.Krb5LoginModule module in com.sun.security.jgss.krb5.initiate entry in " + property);
            }
        }
        try {
            LoginContext createLoginContext = loginContextHelper.createLoginContext(HTTP_SPNEGO_STANDARD_ENTRY);
            createLoginContext.login();
            createLoginContext.logout();
            LOG.info("Ambari Server Kerberos credentials check passed.");
        } catch (LoginException e) {
            LOG.error(e.getMessage());
            throw new AmbariException("Ambari Server Kerberos credentials check failed. \nCheck KDC availability and JAAS configuration in " + property);
        }
    }
}
