package org.apache.flink.runtime.security.modules;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.Iterator;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.flink.annotation.Internal;
import org.apache.flink.configuration.ConfigurationUtils;
import org.apache.flink.configuration.CoreOptions;
import org.apache.flink.runtime.security.DynamicConfiguration;
import org.apache.flink.runtime.security.KerberosUtils;
import org.apache.flink.runtime.security.SecurityConfiguration;
import org.apache.flink.runtime.security.modules.SecurityModule;
import org.apache.flink.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Internal
/* loaded from: input_file:org/apache/flink/runtime/security/modules/JaasModule.class */
public class JaasModule implements SecurityModule {
    private static final Logger LOG = LoggerFactory.getLogger(JaasModule.class);
    static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    static final String JAAS_CONF_RESOURCE_NAME = "flink-jaas.conf";
    private final SecurityConfiguration securityConfig;
    private String priorConfigFile;
    private Configuration priorConfig;
    private DynamicConfiguration currentConfig;
    private final String workingDir;

    public JaasModule(SecurityConfiguration securityConfiguration) {
        this.securityConfig = (SecurityConfiguration) Preconditions.checkNotNull(securityConfiguration);
        String[] splitPaths = ConfigurationUtils.splitPaths(securityConfiguration.getFlinkConfig().getString(CoreOptions.TMP_DIRS));
        Preconditions.checkState(splitPaths.length > 0);
        this.workingDir = splitPaths[0];
    }

    @Override // org.apache.flink.runtime.security.modules.SecurityModule
    public void install() {
        this.priorConfigFile = System.getProperty("java.security.auth.login.config", null);
        if (this.priorConfigFile == null) {
            File generateDefaultConfigFile = generateDefaultConfigFile(this.workingDir);
            System.setProperty("java.security.auth.login.config", generateDefaultConfigFile.getAbsolutePath());
            LOG.info("Jaas file will be created as {}.", generateDefaultConfigFile);
        }
        this.priorConfig = Configuration.getConfiguration();
        this.currentConfig = new DynamicConfiguration(this.priorConfig);
        AppConfigurationEntry[] appConfigurationEntries = getAppConfigurationEntries(this.securityConfig);
        if (appConfigurationEntries != null) {
            Iterator<String> it = this.securityConfig.getLoginContextNames().iterator();
            while (it.hasNext()) {
                this.currentConfig.addAppConfigurationEntry(it.next(), appConfigurationEntries);
            }
        }
        Configuration.setConfiguration(this.currentConfig);
    }

    @Override // org.apache.flink.runtime.security.modules.SecurityModule
    public void uninstall() throws SecurityModule.SecurityInstallException {
        if (this.priorConfigFile != null) {
            System.setProperty("java.security.auth.login.config", this.priorConfigFile);
        } else {
            System.clearProperty("java.security.auth.login.config");
        }
        Configuration.setConfiguration(this.priorConfig);
    }

    public DynamicConfiguration getCurrentConfiguration() {
        return this.currentConfig;
    }

    public static AppConfigurationEntry[] getAppConfigurationEntries(SecurityConfiguration securityConfiguration) {
        AppConfigurationEntry[] appConfigurationEntryArr;
        AppConfigurationEntry appConfigurationEntry = null;
        if (securityConfiguration.useTicketCache()) {
            appConfigurationEntry = KerberosUtils.ticketCacheEntry();
        }
        AppConfigurationEntry appConfigurationEntry2 = null;
        if (securityConfiguration.getKeytab() != null) {
            appConfigurationEntry2 = KerberosUtils.keytabEntry(securityConfiguration.getKeytab(), securityConfiguration.getPrincipal());
        }
        if (appConfigurationEntry != null && appConfigurationEntry2 != null) {
            appConfigurationEntryArr = new AppConfigurationEntry[]{appConfigurationEntry2, appConfigurationEntry};
        } else if (appConfigurationEntry2 != null) {
            appConfigurationEntryArr = new AppConfigurationEntry[]{appConfigurationEntry2};
        } else {
            if (appConfigurationEntry == null) {
                return null;
            }
            appConfigurationEntryArr = new AppConfigurationEntry[]{appConfigurationEntry};
        }
        return appConfigurationEntryArr;
    }

    private static File generateDefaultConfigFile(String str) {
        Preconditions.checkArgument(str != null, "working directory should not be null.");
        try {
            Path path = Paths.get(str, new String[0]);
            if (Files.notExists(path, new LinkOption[0])) {
                path = Files.createDirectories(Paths.get(path.getParent().toRealPath(new LinkOption[0]).toString(), path.getFileName().toString()), new FileAttribute[0]);
            }
            Path createTempFile = Files.createTempFile(path, "jaas-", ".conf", new FileAttribute[0]);
            InputStream resourceAsStream = JaasModule.class.getClassLoader().getResourceAsStream(JAAS_CONF_RESOURCE_NAME);
            Throwable th = null;
            try {
                try {
                    Files.copy(resourceAsStream, createTempFile, StandardCopyOption.REPLACE_EXISTING);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    File file = new File(str, createTempFile.getFileName().toString());
                    file.deleteOnExit();
                    return file;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("unable to generate a JAAS configuration file", e);
        }
    }
}
