package org.apache.sentry.kafka.binding;

import com.google.common.collect.Sets;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kafka.network.RequestChannel;
import kafka.security.auth.Acl;
import kafka.security.auth.Allow;
import kafka.security.auth.Allow$;
import kafka.security.auth.Operation;
import kafka.security.auth.Operation$;
import kafka.security.auth.Resource;
import kafka.security.auth.ResourceType$;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.sentry.api.generic.thrift.SentryGenericServiceClient;
import org.apache.sentry.api.generic.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.api.generic.thrift.TAuthorizable;
import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
import org.apache.sentry.api.generic.thrift.TSentryRole;
import org.apache.sentry.api.tools.GenericPrivilegeConverter;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.Model;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.model.kafka.KafkaActionFactory;
import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
import org.apache.sentry.kafka.ConvertUtil;
import org.apache.sentry.kafka.conf.KafkaAuthConf;
import org.apache.sentry.policy.common.PolicyEngine;
import org.apache.sentry.provider.common.AuthorizationProvider;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.db.generic.SentryGenericProviderBackend;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Option;
import scala.Predef;
import scala.collection.Iterator;
import scala.collection.JavaConversions;
import scala.collection.JavaConverters;
import scala.collection.immutable.HashSet;
import scala.collection.immutable.Set;

/* loaded from: input_file:org/apache/sentry/kafka/binding/KafkaAuthBinding.class */
public class KafkaAuthBinding {
    private static final Logger LOG;
    private static final String COMPONENT_TYPE = "kafka";
    private static final String COMPONENT_NAME = "kafka";
    private static Boolean kerberosInit;
    private final Configuration authConf;
    private ProviderBackend providerBackend;
    private String instanceName;
    private String requestorName;
    private Map<String, ?> kafkaConfigs;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final KafkaActionFactory actionFactory = KafkaActionFactory.getInstance();
    private final AuthorizationProvider authProvider = createAuthProvider();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sentry/kafka/binding/KafkaAuthBinding$Command.class */
    public interface Command<T> {
        T run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception;
    }

    public KafkaAuthBinding(String str, String str2, Configuration configuration, Map<String, ?> map) throws Exception {
        this.instanceName = str;
        this.requestorName = str2;
        this.authConf = configuration;
        this.kafkaConfigs = map;
    }

    private AuthorizationProvider createAuthProvider() throws Exception {
        String str = this.authConf.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER.getVar(), KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER.getDefault());
        String str2 = this.authConf.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getDefault());
        String str3 = this.authConf.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), KafkaAuthConf.AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getDefault());
        String str4 = this.authConf.get(KafkaAuthConf.AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), KafkaAuthConf.AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault());
        if (str2 != null && str2.startsWith("classpath:")) {
            str2 = AuthorizationProvider.class.getClassLoader().getResource(str2.substring("classpath:".length())).getPath();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Using authorization provider " + str + " with resource " + str2 + ", policy engine " + str4 + ", provider backend " + str3);
        }
        if (!"kerberos".equals(this.authConf.get("sentry.service.security.mode")) || this.kafkaConfigs == null) {
            LOG.debug("Could not initialize Kerberos as no kafka config provided. " + KafkaAuthConf.AuthzConfVars.AUTHZ_KEYTAB_FILE_NAME.getVar() + " and " + KafkaAuthConf.AuthzConfVars.AUTHZ_PRINCIPAL_NAME.getVar() + " are required configs to be able to initialize Kerberos");
        } else {
            String obj = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_KEYTAB_FILE_NAME.getVar()).toString();
            String obj2 = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PRINCIPAL_NAME.getVar()).toString();
            if (obj == null || obj2 == null) {
                LOG.debug("Could not initialize Kerberos.\n" + KafkaAuthConf.AuthzConfVars.AUTHZ_KEYTAB_FILE_NAME.getVar() + " set to " + this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_KEYTAB_FILE_NAME.getVar()).toString() + "\n" + KafkaAuthConf.AuthzConfVars.AUTHZ_PRINCIPAL_NAME.getVar() + " set to " + this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PRINCIPAL_NAME.getVar()).toString());
            } else {
                String obj3 = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_PRINCIPAL_HOSTNAME.getVar()).toString();
                if (obj3 != null) {
                    obj2 = SecurityUtil.getServerPrincipal(obj2, obj3);
                }
                initKerberos(obj, obj2);
            }
        }
        Object obj4 = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_CACHING_ENABLE_NAME.getVar());
        if (obj4 != null) {
            String obj5 = obj4.toString();
            if (Boolean.parseBoolean(obj5)) {
                this.authConf.set("sentry.provider.backend.generic.cache.enabled", obj5);
                Object obj6 = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_CACHING_TTL_MS_NAME.getVar());
                if (obj6 != null) {
                    this.authConf.set("sentry.provider.backend.generic.cache.ttl.ms", obj6.toString());
                }
                Object obj7 = this.kafkaConfigs.get(KafkaAuthConf.AuthzConfVars.AUTHZ_CACHING_UPDATE_FAILURES_COUNT_NAME.getVar());
                if (obj7 != null) {
                    this.authConf.set("sentry.provider.backend.generic.cache.update.failures.count", obj7.toString());
                }
                if (this.authConf.get("sentry.provider.backend.generic.privilege.converter") == null) {
                    this.authConf.set("sentry.provider.backend.generic.privilege.converter", GenericPrivilegeConverter.class.getName());
                }
            }
        }
        Constructor<?> declaredConstructor = Class.forName(str3).getDeclaredConstructor(Configuration.class, String.class);
        declaredConstructor.setAccessible(true);
        this.providerBackend = (ProviderBackend) declaredConstructor.newInstance(this.authConf, str2);
        if (this.providerBackend instanceof SentryGenericProviderBackend) {
            this.providerBackend.setComponentType("kafka");
            this.providerBackend.setServiceName(this.instanceName);
        }
        ProviderBackendContext providerBackendContext = new ProviderBackendContext();
        providerBackendContext.setAllowPerDatabase(false);
        providerBackendContext.setValidators(KafkaPrivilegeModel.getInstance().getPrivilegeValidators());
        this.providerBackend.initialize(providerBackendContext);
        Constructor<?> declaredConstructor2 = Class.forName(str4).getDeclaredConstructor(ProviderBackend.class);
        declaredConstructor2.setAccessible(true);
        PolicyEngine policyEngine = (PolicyEngine) declaredConstructor2.newInstance(this.providerBackend);
        Constructor<?> declaredConstructor3 = Class.forName(str).getDeclaredConstructor(Configuration.class, String.class, PolicyEngine.class, Model.class);
        declaredConstructor3.setAccessible(true);
        return (AuthorizationProvider) declaredConstructor3.newInstance(this.authConf, str2, policyEngine, KafkaPrivilegeModel.getInstance());
    }

    public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) {
        return this.authProvider.hasAccess(new Subject(getName(session)), ConvertUtil.convertResourceToAuthorizable(session.clientAddress().getHostAddress(), resource), Sets.newHashSet(new KafkaActionFactory.KafkaAction[]{this.actionFactory.getActionByName(operation.name())}), ActiveRoleSet.ALL);
    }

    public void addAcls(Set<Acl> set, final Resource resource) {
        verifyAcls(set);
        LOG.info("Adding Acl: acl->" + set + " resource->" + resource);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            final Acl acl = (Acl) it.next();
            final String role = getRole(acl);
            if (!roleExists(role)) {
                throw new KafkaException("Can not add Acl for non-existent Role: " + role);
            }
            execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
                public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                    sentryGenericServiceClient.grantPrivilege(KafkaAuthBinding.this.requestorName, role, "kafka", KafkaAuthBinding.this.toTSentryPrivilege(acl, resource));
                    return null;
                }
            });
        }
    }

    public boolean removeAcls(Set<Acl> set, final Resource resource) {
        verifyAcls(set);
        LOG.info("Removing Acl: acl->" + set + " resource->" + resource);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            final Acl acl = (Acl) it.next();
            final String role = getRole(acl);
            try {
                execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
                    public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                        sentryGenericServiceClient.dropPrivilege(KafkaAuthBinding.this.requestorName, role, KafkaAuthBinding.this.toTSentryPrivilege(acl, resource));
                        return null;
                    }
                });
            } catch (KafkaException e) {
                LOG.error("Failed to remove acls.", e);
                return false;
            }
        }
        return true;
    }

    public void addRole(final String str) {
        if (roleExists(str)) {
            throw new KafkaException("Can not create an existing role, " + str + ", again.");
        }
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                sentryGenericServiceClient.createRole(KafkaAuthBinding.this.requestorName, str, "kafka");
                return null;
            }
        });
    }

    public void addRoleToGroups(final String str, final java.util.Set<String> set) {
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                sentryGenericServiceClient.grantRoleToGroups(KafkaAuthBinding.this.requestorName, str, "kafka", set);
                return null;
            }
        });
    }

    public void dropAllRoles() {
        final List<String> allRoles = getAllRoles();
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                java.util.Iterator it = allRoles.iterator();
                while (it.hasNext()) {
                    sentryGenericServiceClient.dropRole(KafkaAuthBinding.this.requestorName, (String) it.next(), "kafka");
                }
                return null;
            }
        });
    }

    private List<String> getRolesforGroup(final String str) {
        final ArrayList arrayList = new ArrayList();
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                java.util.Iterator it = sentryGenericServiceClient.listRolesByGroupName(KafkaAuthBinding.this.requestorName, str, "kafka").iterator();
                while (it.hasNext()) {
                    arrayList.add(((TSentryRole) it.next()).getRoleName());
                }
                return null;
            }
        });
        return arrayList;
    }

    private SentryGenericServiceClient getClient() throws Exception {
        return SentryGenericServiceClientFactory.create(this.authConf);
    }

    public boolean removeAcls(final Resource resource) {
        LOG.info("Removing Acls for Resource: resource->" + resource);
        final List<TSentryPrivilege> allPrivileges = getAllPrivileges(getAllRoles());
        try {
            execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
                public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                    for (TSentryPrivilege tSentryPrivilege : allPrivileges) {
                        if (KafkaAuthBinding.this.isPrivilegeForResource(tSentryPrivilege, resource)) {
                            sentryGenericServiceClient.dropPrivilege(KafkaAuthBinding.this.requestorName, "kafka", tSentryPrivilege);
                        }
                    }
                    return null;
                }
            });
            return true;
        } catch (KafkaException e) {
            LOG.error("Failed to remove acls.", e);
            return false;
        }
    }

    public Set<Acl> getAcls(Resource resource) {
        Option option = getAcls().get(resource);
        return option.nonEmpty() ? (Set) option.get() : new HashSet();
    }

    public scala.collection.immutable.Map<Resource, Set<Acl>> getAcls(KafkaPrincipal kafkaPrincipal) {
        if (kafkaPrincipal.getPrincipalType().toLowerCase().equals("group")) {
            return getAclsForRoles(getRolesforGroup(kafkaPrincipal.getName()));
        }
        LOG.info("Did not recognize Principal type: " + kafkaPrincipal.getPrincipalType() + ". Returning Acls for all principals.");
        return getAcls();
    }

    public scala.collection.immutable.Map<Resource, Set<Acl>> getAcls() {
        return getAclsForRoles(getAllRoles());
    }

    private <T> T execute(Command<T> command) throws KafkaException {
        try {
            SentryGenericServiceClient client = getClient();
            Throwable th = null;
            try {
                try {
                    T run = command.run(client);
                    if (client != null) {
                        if (0 != 0) {
                            try {
                                client.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            client.close();
                        }
                    }
                    return run;
                } finally {
                }
            } catch (Throwable th3) {
                if (client != null) {
                    if (th != null) {
                        try {
                            client.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        client.close();
                    }
                }
                throw th3;
            }
        } catch (Exception e) {
            String str = "Unable to obtain client:" + e.getMessage();
            LOG.error(str, e);
            throw new KafkaException(str, e);
        } catch (SentryUserException e2) {
            String str2 = "Unable to excute command on sentry server: " + e2.getMessage();
            LOG.error(str2, e2);
            throw new KafkaException(str2, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TSentryPrivilege toTSentryPrivilege(Acl acl, Resource resource) {
        List<Authorizable> convertResourceToAuthorizable = ConvertUtil.convertResourceToAuthorizable(acl.host(), resource);
        ArrayList arrayList = new ArrayList();
        for (Authorizable authorizable : convertResourceToAuthorizable) {
            arrayList.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
        }
        return new TSentryPrivilege("kafka", this.instanceName, arrayList, acl.operation().name());
    }

    private String getRole(Acl acl) {
        return acl.principal().getName();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPrivilegeForResource(TSentryPrivilege tSentryPrivilege, Resource resource) {
        java.util.Iterator authorizablesIterator = tSentryPrivilege.getAuthorizablesIterator();
        while (authorizablesIterator.hasNext()) {
            if (((TAuthorizable) authorizablesIterator.next()).getType().equals(resource.resourceType().name())) {
                return true;
            }
        }
        return false;
    }

    private List<TSentryPrivilege> getAllPrivileges(final List<String> list) {
        final ArrayList arrayList = new ArrayList();
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                java.util.Iterator it = list.iterator();
                while (it.hasNext()) {
                    arrayList.addAll(sentryGenericServiceClient.listAllPrivilegesByRoleName(KafkaAuthBinding.this.requestorName, (String) it.next(), "kafka", KafkaAuthBinding.this.instanceName));
                }
                return null;
            }
        });
        return arrayList;
    }

    private List<String> getAllRoles() {
        final ArrayList arrayList = new ArrayList();
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                java.util.Iterator it = sentryGenericServiceClient.listAllRoles(KafkaAuthBinding.this.requestorName, "kafka").iterator();
                while (it.hasNext()) {
                    arrayList.add(((TSentryRole) it.next()).getRoleName());
                }
                return null;
            }
        });
        return arrayList;
    }

    private scala.collection.immutable.Map<Resource, Set<Acl>> getAclsForRoles(List<String> list) {
        return ((scala.collection.mutable.Map) JavaConverters.mapAsScalaMapConverter(rolePrivilegesToResourceAcls(getRoleToPrivileges(list))).asScala()).toMap(Predef.conforms());
    }

    private Map<Resource, Set<Acl>> rolePrivilegesToResourceAcls(Map<String, Set<TSentryPrivilege>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<TSentryPrivilege>> entry : map.entrySet()) {
            Iterator it = entry.getValue().iterator();
            while (it.hasNext()) {
                TSentryPrivilege tSentryPrivilege = (TSentryPrivilege) it.next();
                List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
                String str = null;
                String action = tSentryPrivilege.getAction();
                for (TAuthorizable tAuthorizable : authorizables) {
                    if (tAuthorizable.getType().equals(KafkaAuthorizable.AuthorizableType.HOST.name())) {
                        str = tAuthorizable.getName();
                    } else {
                        Resource resource = new Resource(ResourceType$.MODULE$.fromString(tAuthorizable.getType()), tAuthorizable.getName());
                        if (action.equals("*")) {
                            action = "All";
                        }
                        Acl acl = new Acl(new KafkaPrincipal("role", entry.getKey()), Allow$.MODULE$, str, Operation$.MODULE$.fromString(action));
                        java.util.HashSet hashSet = new java.util.HashSet();
                        hashSet.add(acl);
                        addExistingAclsForResource(hashMap, resource, hashSet);
                        hashMap.put(resource, JavaConversions.asScalaSet(hashSet).toSet());
                    }
                }
            }
        }
        return hashMap;
    }

    private Map<String, Set<TSentryPrivilege>> getRoleToPrivileges(final List<String> list) {
        final HashMap hashMap = new HashMap();
        execute(new Command<Void>() { // from class: org.apache.sentry.kafka.binding.KafkaAuthBinding.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.sentry.kafka.binding.KafkaAuthBinding.Command
            public Void run(SentryGenericServiceClient sentryGenericServiceClient) throws Exception {
                for (String str : list) {
                    hashMap.put(str, ((scala.collection.mutable.Set) JavaConverters.asScalaSetConverter(sentryGenericServiceClient.listAllPrivilegesByRoleName(KafkaAuthBinding.this.requestorName, str, "kafka", KafkaAuthBinding.this.instanceName)).asScala()).toSet());
                }
                return null;
            }
        });
        return hashMap;
    }

    private void addExistingAclsForResource(Map<Resource, Set<Acl>> map, Resource resource, java.util.Set<Acl> set) {
        Set<Acl> set2 = map.get(resource);
        if (set2 != null) {
            Iterator it = set2.iterator();
            while (it.hasNext()) {
                set.add((Acl) it.next());
            }
        }
    }

    private boolean roleExists(String str) {
        return getAllRoles().contains(str);
    }

    private void verifyAcls(Set<Acl> set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Acl acl = (Acl) it.next();
            if (!$assertionsDisabled && !acl.principal().getPrincipalType().toLowerCase().equals("role")) {
                throw new AssertionError("Only Acls with KafkaPrincipal of type \"role;\" is supported.");
            }
            if (!$assertionsDisabled && !acl.permissionType().name().equals(Allow.name())) {
                throw new AssertionError("Only Acls with Permission of type \"Allow\" is supported.");
            }
        }
    }

    private String getName(RequestChannel.Session session) {
        String name = session.principal().getName();
        int indexOf = name.indexOf("CN=");
        if (indexOf < 0) {
            return name;
        }
        String substring = name.substring(indexOf + 3);
        int indexOf2 = substring.indexOf(",");
        return indexOf2 > 0 ? substring.substring(0, indexOf2) : substring;
    }

    private void initKerberos(String str, String str2) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("keytabFile required because kerberos is enabled");
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("principal required because kerberos is enabled");
        }
        synchronized (KafkaAuthBinding.class) {
            if (kerberosInit == null) {
                kerberosInit = Boolean.TRUE;
                Configuration configuration = new Configuration();
                configuration.set("hadoop.security.authentication", "kerberos");
                UserGroupInformation.setConfiguration(configuration);
                LOG.info("Attempting to acquire kerberos ticket with keytab: {}, principal: {} ", str, str2);
                try {
                    UserGroupInformation.loginUserFromKeytab(str2, str);
                    LOG.info("Got Kerberos ticket");
                } catch (IOException e) {
                    throw new RuntimeException("Failed to login user with Principal: " + str2 + " and Keytab file: " + str, e);
                }
            }
        }
    }

    static {
        $assertionsDisabled = !KafkaAuthBinding.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(KafkaAuthBinding.class);
    }
}
