package eu.radoop.connections.service.test.integration;

import com.rapidminer.tools.Tools;
import eu.radoop.connections.RadoopConnectionEntry;
import eu.radoop.connections.proxy.channel.RadoopProxyChannelConfig;
import eu.radoop.connections.service.test.RadoopTest;
import eu.radoop.connections.service.test.RadoopTestContext;
import eu.radoop.connections.service.test.RadoopTestType;
import eu.radoop.exception.ConnectionException;
import eu.radoop.security.UgiWrapper;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketAddress;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:eu/radoop/connections/service/test/integration/TestKDC.class */
public class TestKDC extends TestNetworking {
    private static final String LIBDEFAULTS = "libdefaults";
    private static final String REALMS = "realms";
    private static final String UDP_PREFERENCE_LIMIT = "udp_preference_limit";
    private static final String FORCE_TCP_VALUE = "1";

    private TestKDC(RadoopTestContext radoopTestContext) throws ConnectionException {
        super(RadoopTestType.KDC, radoopTestContext);
    }

    public static RadoopTest create(RadoopTestContext radoopTestContext) throws ConnectionException {
        return new TestKDC(radoopTestContext);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public RadoopTest.RadoopTestStatus call() throws Exception {
        RadoopConnectionEntry connection = getTestContext().getConnection();
        if (!connection.isKerberosSecurityEnabled()) {
            log(2, "Kerberos security is disabled. No need to run this test.");
            return RadoopTest.RadoopTestStatus.DISABLED;
        }
        if (isKerberosAuthSuccess(connection)) {
            return RadoopTest.RadoopTestStatus.SUCCESS;
        }
        if (!isKerberosConfiguredToUseTCP(connection) && connection.shouldUseRadoopProxyCheckServer()) {
            log(5, "We recommend that only TCP communication should be used with kerberos. Add the following entry to your Kerberos configuration file:" + Tools.getLineSeparator() + "[realms]" + Tools.getLineSeparator() + connection.getRealm() + " = {" + Tools.getLineSeparator() + "  udp_preference_limit = 1" + Tools.getLineSeparator() + "}");
        }
        if (!isAnyKDCServerReachable(connection)) {
            log(5, "TCP access should be provided to KDC addresses from " + (connection.shouldUseRadoopProxyCheckServer() ? "Radoop Proxy" : "Rapidminer") + " host");
        }
        return RadoopTest.RadoopTestStatus.ERROR;
    }

    private boolean isKerberosConfiguredToUseTCP(RadoopConnectionEntry radoopConnectionEntry) throws KrbException {
        String str = Config.getInstance().get(new String[]{REALMS, radoopConnectionEntry.getRealm(), UDP_PREFERENCE_LIMIT});
        if (str == null) {
            str = Config.getInstance().get(new String[]{LIBDEFAULTS, UDP_PREFERENCE_LIMIT});
        }
        return "1".equals(str);
    }

    private boolean isKerberosAuthSuccess(RadoopConnectionEntry radoopConnectionEntry) {
        UgiWrapper ugiWrapper = null;
        try {
            try {
                ugiWrapper = UgiWrapper.doSecureLogin(radoopConnectionEntry.getClientPrincipal(), radoopConnectionEntry.getKeytabFile(), getTestContext().getHadoopContext().getImpersonatedUser());
                if (ugiWrapper == null) {
                    return true;
                }
                try {
                    ugiWrapper.logoutUserFromKeytab();
                    return true;
                } catch (IOException e) {
                    log(2, "Logout failed using keytab. " + e.getMessage());
                    return true;
                }
            } catch (RuntimeException e2) {
                log(8, "Authenticating to KDC failed with: " + e2.getMessage());
                if (ugiWrapper != null) {
                    try {
                        ugiWrapper.logoutUserFromKeytab();
                    } catch (IOException e3) {
                        log(2, "Logout failed using keytab. " + e3.getMessage());
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (ugiWrapper != null) {
                try {
                    ugiWrapper.logoutUserFromKeytab();
                } catch (IOException e4) {
                    log(2, "Logout failed using keytab. " + e4.getMessage());
                }
            }
            throw th;
        }
    }

    private boolean isAnyKDCServerReachable(RadoopConnectionEntry radoopConnectionEntry) {
        for (SocketAddress socketAddress : RadoopProxyChannelConfig.collectKDCAddresses(radoopConnectionEntry)) {
            try {
                Socket socket = new Socket();
                try {
                    socket.connect(socketAddress, 20000);
                    socket.close();
                    return true;
                } finally {
                }
            } catch (IOException e) {
                log(2, "Connecting to KDC server at " + socketAddress.toString() + "failed with: " + e.getMessage());
            }
        }
        return false;
    }
}
