package org.apache.flink.runtime.security;

import java.io.File;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.flink.api.java.io.CsvInputFormat;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.runtime.security.modules.HadoopModuleFactory;
import org.apache.flink.runtime.security.modules.JaasModuleFactory;
import org.apache.flink.runtime.security.modules.SecurityModuleFactory;
import org.apache.flink.runtime.security.modules.ZookeeperModuleFactory;
import org.apache.flink.util.Preconditions;

/* loaded from: input_file:org/apache/flink/runtime/security/SecurityConfiguration.class */
public class SecurityConfiguration {
    private static final List<SecurityModuleFactory> DEFAULT_MODULES = Collections.unmodifiableList(Arrays.asList(new HadoopModuleFactory(), new JaasModuleFactory(), new ZookeeperModuleFactory()));
    private final List<SecurityModuleFactory> securityModuleFactories;
    private final Configuration flinkConfig;
    private final boolean isZkSaslDisable;
    private final boolean useTicketCache;
    private final String keytab;
    private final String principal;
    private final List<String> loginContextNames;
    private final String zkServiceName;
    private final String zkLoginContextName;

    public SecurityConfiguration(Configuration configuration) {
        this(configuration, DEFAULT_MODULES);
    }

    public SecurityConfiguration(Configuration configuration, List<SecurityModuleFactory> list) {
        this.isZkSaslDisable = configuration.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE);
        this.keytab = configuration.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB);
        this.principal = configuration.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL);
        this.useTicketCache = configuration.getBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE);
        this.loginContextNames = parseList(configuration.getString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS));
        this.zkServiceName = configuration.getString(SecurityOptions.ZOOKEEPER_SASL_SERVICE_NAME);
        this.zkLoginContextName = configuration.getString(SecurityOptions.ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME);
        this.securityModuleFactories = Collections.unmodifiableList(list);
        this.flinkConfig = (Configuration) Preconditions.checkNotNull(configuration);
        validate();
    }

    public boolean isZkSaslDisable() {
        return this.isZkSaslDisable;
    }

    public String getKeytab() {
        return this.keytab;
    }

    public String getPrincipal() {
        return this.principal;
    }

    public boolean useTicketCache() {
        return this.useTicketCache;
    }

    public Configuration getFlinkConfig() {
        return this.flinkConfig;
    }

    public List<SecurityModuleFactory> getSecurityModuleFactories() {
        return this.securityModuleFactories;
    }

    public List<String> getLoginContextNames() {
        return this.loginContextNames;
    }

    public String getZooKeeperServiceName() {
        return this.zkServiceName;
    }

    public String getZooKeeperLoginContextName() {
        return this.zkLoginContextName;
    }

    private void validate() {
        if (StringUtils.isBlank(this.keytab)) {
            return;
        }
        if (StringUtils.isBlank(this.principal)) {
            throw new IllegalConfigurationException("Kerberos login configuration is invalid; keytab requires a principal.");
        }
        File file = new File(this.keytab);
        if (!file.exists() || !file.isFile() || !file.canRead()) {
            throw new IllegalConfigurationException("Kerberos login configuration is invalid; keytab is unreadable");
        }
    }

    private static List<String> parseList(String str) {
        return (str == null || str.isEmpty()) ? Collections.emptyList() : Arrays.asList(str.trim().replaceAll("(\\s*,+\\s*)+", CsvInputFormat.DEFAULT_FIELD_DELIMITER).split(CsvInputFormat.DEFAULT_FIELD_DELIMITER));
    }
}
