package org.apache.falcon.security;

import java.io.File;
import java.util.Date;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.StringUtils;
import org.apache.falcon.FalconException;
import org.apache.falcon.aspect.GenericAlert;
import org.apache.falcon.service.FalconService;
import org.apache.falcon.util.StartupProperties;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/falcon/security/AuthenticationInitializationService.class */
public class AuthenticationInitializationService implements FalconService {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationInitializationService.class);
    protected static final String CONFIG_PREFIX = "falcon.service.authentication.";
    protected static final String KERBEROS_KEYTAB = "falcon.service.authentication.kerberos.keytab";
    protected static final String KERBEROS_PRINCIPAL = "falcon.service.authentication.kerberos.principal";
    protected static final String AUTH_TOKEN_VALIDITY_SECONDS = "falcon.service.authentication.token.validity";
    private Timer timer = new Timer();
    private static final String SERVICE_NAME = "Authentication initialization service";

    /* loaded from: input_file:org/apache/falcon/security/AuthenticationInitializationService$TokenValidationThread.class */
    private static class TokenValidationThread extends TimerTask {
        private TokenValidationThread() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                AuthenticationInitializationService.LOG.info("Validating Auth Token: {}", new Date());
                AuthenticationInitializationService.initializeKerberos();
            } catch (Throwable th) {
                AuthenticationInitializationService.LOG.error("Error in Auth Token Validation task: ", th);
                GenericAlert.initializeKerberosFailed("Exception in Auth Token Validation : ", th);
            }
        }
    }

    @Override // org.apache.falcon.service.FalconService
    public String getName() {
        return SERVICE_NAME;
    }

    @Override // org.apache.falcon.service.FalconService
    public void init() throws FalconException {
        if (!SecurityUtil.isSecurityEnabled()) {
            LOG.info("Falcon Simple Authentication Enabled!");
            Configuration configuration = new Configuration();
            configuration.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(configuration);
            return;
        }
        LOG.info("Falcon Kerberos Authentication Enabled!");
        initializeKerberos();
        String property = StartupProperties.get().getProperty(AUTH_TOKEN_VALIDITY_SECONDS);
        try {
            this.timer.schedule(new TokenValidationThread(), 0L, (StringUtils.isNotEmpty(property) ? Long.valueOf(property).longValue() : 86400L) * 1000);
        } catch (NumberFormatException e) {
            throw new FalconException("Invalid value provided for startup property \"falcon.service.authentication.token.validity\", please provide a valid long number", e);
        }
    }

    protected static void initializeKerberos() throws FalconException {
        try {
            Properties properties = StartupProperties.get();
            String property = properties.getProperty(KERBEROS_PRINCIPAL);
            Validate.notEmpty(property, "Missing required configuration property: falcon.service.authentication.kerberos.principal");
            String serverPrincipal = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(property, SecurityUtil.getLocalHostName());
            String property2 = properties.getProperty(KERBEROS_KEYTAB);
            Validate.notEmpty(property2, "Missing required configuration property: falcon.service.authentication.kerberos.keytab");
            checkIsReadable(property2);
            Configuration configuration = new Configuration();
            configuration.set("hadoop.security.authentication", "kerberos");
            UserGroupInformation.setConfiguration(configuration);
            UserGroupInformation.loginUserFromKeytab(serverPrincipal, property2);
            LOG.info("Got Kerberos ticket, keytab: {}, Falcon principal: {}", property2, serverPrincipal);
        } catch (Exception e) {
            throw new FalconException("Could not initialize Authentication initialization service: " + e.getMessage(), e);
        }
    }

    private static void checkIsReadable(String str) {
        File file = new File(str);
        if (!file.exists()) {
            throw new IllegalArgumentException("The keytab file does not exist! " + str);
        }
        if (!file.isFile()) {
            throw new IllegalArgumentException("The keytab file cannot be a directory! " + str);
        }
        if (!file.canRead()) {
            throw new IllegalArgumentException("The keytab file is not readable! " + str);
        }
    }

    @Override // org.apache.falcon.service.FalconService
    public void destroy() throws FalconException {
        this.timer.cancel();
    }
}
