package alluxio.cli.hdfs;

import alluxio.cli.ApplicableUfsType;
import alluxio.cli.ValidationTaskResult;
import alluxio.cli.ValidationUtils;
import alluxio.conf.AlluxioConfiguration;
import alluxio.conf.PropertyKey;
import alluxio.util.ExceptionUtils;
import alluxio.util.ShellUtils;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Arrays;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;

@ApplicableUfsType(ApplicableUfsType.Type.HDFS)
/* loaded from: input_file:alluxio/cli/hdfs/SecureHdfsValidationTask.class */
public final class SecureHdfsValidationTask extends HdfsConfValidationTask {
    private static final Pattern PRINCIPAL_PATTERN = Pattern.compile("(?<primary>[^/@]*)(/(?<instance>[^/@]*))?@(?<realm>[^/@]*)");
    private static final String PRINCIPAL_MAP_MASTER_KEY = "master";
    private static final String PRINCIPAL_MAP_WORKER_KEY = "worker";
    private static final Map<String, PropertyKey> PRINCIPAL_MAP = ImmutableMap.of(PRINCIPAL_MAP_MASTER_KEY, PropertyKey.MASTER_PRINCIPAL, PRINCIPAL_MAP_WORKER_KEY, PropertyKey.WORKER_PRINCIPAL);
    private static final Map<String, PropertyKey> KEYTAB_MAP = ImmutableMap.of(PRINCIPAL_MAP_MASTER_KEY, PropertyKey.MASTER_KEYTAB_KEY_FILE, PRINCIPAL_MAP_WORKER_KEY, PropertyKey.WORKER_KEYTAB_FILE);
    private static final String HDFS_AUTHENTICATION_KEY = "hadoop.security.authentication";
    private static final String HDFS_AUTHENTICATION_VALUE = "kerberos";
    private static final String DOC_LINK = "https://docs.alluxio.io/os/user/stable/en/ufs/HDFS.html#connect-to-secure-hdfs";
    private final String mProcess;
    private PropertyKey mPrincipalProperty;
    private PropertyKey mKeytabProperty;
    private final AlluxioConfiguration mConf;
    private final StringBuilder mMsg;
    private final StringBuilder mAdvice;
    private final String mPath;

    public SecureHdfsValidationTask(String str, String str2, AlluxioConfiguration alluxioConfiguration) {
        super(str2, alluxioConfiguration);
        this.mConf = alluxioConfiguration;
        this.mPath = str2;
        this.mProcess = str.toLowerCase();
        this.mPrincipalProperty = PRINCIPAL_MAP.get(this.mProcess);
        this.mKeytabProperty = KEYTAB_MAP.get(this.mProcess);
        this.mMsg = new StringBuilder();
        this.mAdvice = new StringBuilder();
    }

    @Override // alluxio.cli.hdfs.HdfsConfValidationTask
    public String getName() {
        return String.format("ValidateKerberosForSecureHdfs%s", StringUtils.capitalize(this.mProcess));
    }

    @Override // alluxio.cli.hdfs.HdfsConfValidationTask
    public ValidationTaskResult validateImpl(Map<String, String> map) {
        if (!ValidationUtils.isHdfsScheme(this.mPath)) {
            this.mMsg.append("Skip this check as the UFS is not HDFS.\n");
            return new ValidationTaskResult(ValidationUtils.State.SKIPPED, getName(), this.mMsg.toString(), this.mAdvice.toString());
        }
        ValidationTaskResult loadHdfsConfig = loadHdfsConfig();
        if (loadHdfsConfig.getState() != ValidationUtils.State.OK) {
            return loadHdfsConfig.setAdvice("Validating a secure HDFS connection requires specifying additional HDFS configuration files. " + loadHdfsConfig.getAdvice());
        }
        ValidationTaskResult validateSecureHdfs = validateSecureHdfs();
        return validateSecureHdfs.getState() != ValidationUtils.State.OK ? validateSecureHdfs : validatePrincipalLogin();
    }

    private ValidationTaskResult validateSecureHdfs() {
        if (this.mCoreConf.getOrDefault(HDFS_AUTHENTICATION_KEY, "").equalsIgnoreCase(HDFS_AUTHENTICATION_VALUE)) {
            return new ValidationTaskResult(ValidationUtils.State.OK, getName(), this.mMsg.toString(), this.mAdvice.toString());
        }
        this.mMsg.append("HDFS is not Kerberized. Skip this test.");
        return new ValidationTaskResult(ValidationUtils.State.SKIPPED, getName(), this.mMsg.toString(), this.mAdvice.toString());
    }

    private ValidationTaskResult validatePrincipalLogin() {
        String str = (String) this.mConf.getOrDefault(this.mPrincipalProperty, "");
        String str2 = (String) this.mConf.getOrDefault(this.mKeytabProperty, "");
        if (str.isEmpty() || str2.isEmpty()) {
            this.mMsg.append(String.format("Failed to find Kerberos principal and keytab. Found %s=%s and %s=%s.%n", this.mPrincipalProperty.toString(), str, this.mKeytabProperty, str2));
            this.mAdvice.append(String.format("Please configure Alluxio to connect with secure HDFS following %s%n", DOC_LINK));
            return new ValidationTaskResult(ValidationUtils.State.FAILED, getName(), this.mMsg.toString(), this.mAdvice.toString());
        }
        Matcher matcher = PRINCIPAL_PATTERN.matcher(str);
        if (!matcher.matches()) {
            this.mMsg.append(String.format("Principal %s is not in the right format.%n", str));
            this.mAdvice.append(String.format("Please fix principal %s=%s.%n", this.mPrincipalProperty.toString(), str));
            return new ValidationTaskResult(ValidationUtils.State.FAILED, getName(), this.mMsg.toString(), this.mAdvice.toString());
        }
        String group = matcher.group("primary");
        String group2 = matcher.group("instance");
        String group3 = matcher.group("realm");
        String[] strArr = {"kinit", "-kt", str2, str};
        try {
            this.mMsg.append(String.format("Command %s finished with output: %s%n", Arrays.toString(strArr), ShellUtils.execCommand(strArr)));
            return new ValidationTaskResult(ValidationUtils.State.OK, getName(), this.mMsg.toString(), this.mAdvice.toString());
        } catch (IOException e) {
            this.mMsg.append(String.format("Kerberos login failed for %s with keytab %s.%n", str, str2));
            this.mMsg.append(ExceptionUtils.asPlainText(e));
            this.mMsg.append(String.format("Primary is %s, instance is %s and realm is %s.%n", group, group2, group3));
            return new ValidationTaskResult(ValidationUtils.State.FAILED, getName(), this.mMsg.toString(), this.mAdvice.toString());
        }
    }
}
