package org.wso2.carbon.hdfs.mgt;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.hdfs.mgt.cache.TenantUserFSCache;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/hdfs/mgt/HDFSAdminHelper.class */
public class HDFSAdminHelper {
    private String USER_HOME_FOLDER = null;
    private String CARBON_HOME = System.getProperty("carbon.home");
    private String KRB5_CONFIG = this.CARBON_HOME + File.separator + "repository" + File.separator + "conf" + File.separator + "krb5.conf";
    private String tgtCachePrefix = "/tmp/";
    private TenantUserFSCache tenantUserFSCache = TenantUserFSCache.getInstance();
    private static Log log = LogFactory.getLog(HDFSAdminComponentManager.class);
    private static HDFSAdminHelper instance = new HDFSAdminHelper();

    private HDFSAdminHelper() {
    }

    public static HDFSAdminHelper getInstance() {
        return instance;
    }

    public FileSystem getFSforUser() throws IOException, HDFSServerManagementException {
        FileSystem fileSystem = null;
        try {
            if (isCurrentUserSuperTenant()) {
                fileSystem = getSuperTenantFS();
            } else {
                this.USER_HOME_FOLDER = getCurrentUserHomeFolder();
                fileSystem = this.tenantUserFSCache.getFSforUser(this.USER_HOME_FOLDER);
                if (fileSystem == null) {
                    UserGroupInformation.setKrb5TicketCacheFinder(KerberosTicketToTenantCache.getInstance());
                    Path path = new Path(this.USER_HOME_FOLDER);
                    FileSystem superTenantFS = getSuperTenantFS();
                    if (superTenantFS != null && !superTenantFS.exists(path)) {
                        FsPermission permissionForUser = getPermissionForUser();
                        superTenantFS.mkdirs(path, permissionForUser);
                        setOwnerOfPath(path);
                        superTenantFS.setPermission(path, permissionForUser);
                    }
                    try {
                        fileSystem = HDFSAdminComponentManager.getInstance().getDataAccessService().mountCurrentUserFileSystem();
                        TenantUserFSCache.getInstance().addFSforUser(this.USER_HOME_FOLDER, fileSystem);
                    } catch (IOException e) {
                        handleException("Error occurred while mouting the file system", e);
                    }
                }
            }
        } catch (UserStoreException e2) {
            handleException("User store exception", e2);
        }
        return fileSystem;
    }

    public boolean setOwnerOfPath(Path path) throws HDFSServerManagementException {
        try {
            getSuperTenantFS().setOwner(path, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName() + HDFSConstants.UNDERSCORE + CarbonContext.getThreadLocalCarbonContext().getTenantDomain(), getUsersRole());
            return true;
        } catch (UserStoreException e) {
            log.error("Error occurred while getting the current thread's realm config", e);
            return false;
        } catch (IOException e2) {
            handleException("could not set owner of directory", e2);
            return false;
        }
    }

    public boolean setPermissionOfPath(Path path, FsPermission fsPermission) throws HDFSServerManagementException {
        try {
            getSuperTenantFS().setPermission(path, fsPermission);
            return true;
        } catch (IOException e) {
            handleException("could not set owner of directory", e);
            return false;
        }
    }

    private FsPermission getPermissionForUser() {
        return new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.NONE);
    }

    public String getUsersRole() throws UserStoreException {
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        String str = null;
        for (String str2 : threadLocalCarbonContext.getUserRealm().getUserStoreManager().getRoleListOfUser(threadLocalCarbonContext.getUsername())) {
            if (str2.startsWith(threadLocalCarbonContext.getTenantDomain())) {
                str = str2;
            }
        }
        return str;
    }

    public FileSystem getSuperTenantFS() throws HDFSServerManagementException {
        FileSystem fileSystem = null;
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setTenantDomain("carbon.super");
        threadLocalCarbonContext.setTenantId(-1234);
        try {
            RealmConfiguration realmConfiguration = threadLocalCarbonContext.getUserRealm().getRealmConfiguration();
            String str = realmConfiguration.getAdminUserName() + HDFSConstants.HDFS_ROOT_FOLDER + "carbon.super";
            threadLocalCarbonContext.setUsername(str);
            fileSystem = this.tenantUserFSCache.getFSforUser(str);
            if (fileSystem == null) {
                if (!KerberosTicketToTenantCache.getInstance().tenantTGTCache.containsKey(str)) {
                    getKerberosTicketForUser(realmConfiguration.getAdminUserName(), realmConfiguration.getAdminPassword(), "carbon.super", true);
                }
                UserGroupInformation.setKrb5TicketCacheFinder(KerberosTicketToTenantCache.getInstance());
                fileSystem = HDFSAdminComponentManager.getInstance().getDataAccessService().mountCurrentUserFileSystem();
                TenantUserFSCache.getInstance().addFSforUser(HDFSConstants.HDFS_USER_ROOT, fileSystem);
            }
        } catch (HDFSServerManagementException e) {
            handleException("Error occurred while mouting the file system", e);
        } catch (UserStoreException e2) {
            handleException("Error occurred while  accessing user store", e2);
        } catch (IOException e3) {
            handleException("Error occurred while mouting the file system", e3);
        } catch (AuthenticationException e4) {
            handleException("Error occurred while authenticating user", e4);
        }
        PrivilegedCarbonContext.endTenantFlow();
        return fileSystem;
    }

    public boolean isCurrentUserSuperTenant() throws UserStoreException {
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        if (-1234 != threadLocalCarbonContext.getTenantId()) {
            return false;
        }
        UserRealm userRealm = threadLocalCarbonContext.getUserRealm();
        String username = threadLocalCarbonContext.getUsername();
        if (username != null && username.contains("/carbon.super")) {
            username = username.split("/carbon.super")[0];
        }
        String[] roleListOfUser = userRealm.getUserStoreManager().getRoleListOfUser(username);
        String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
        for (String str : roleListOfUser) {
            if (str != null && adminRoleName.equals(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean isCurrentUserTenantAdmin() {
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        try {
            return threadLocalCarbonContext.getUserRealm().getRealmConfiguration().getAdminUserName().equalsIgnoreCase(threadLocalCarbonContext.getUsername());
        } catch (UserStoreException e) {
            e.printStackTrace();
            return false;
        }
    }

    public String getCurrentUserHomeFolder() {
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        return HDFSConstants.HDFS_USER_ROOT + threadLocalCarbonContext.getTenantDomain() + HDFSConstants.UNDERSCORE + threadLocalCarbonContext.getUsername();
    }

    public String getSuperTenantAdminName() throws UserStoreException {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setTenantDomain("carbon.super");
        threadLocalCarbonContext.setTenantId(-1234);
        String adminUserName = threadLocalCarbonContext.getUserRealm().getRealmConfiguration().getAdminUserName();
        PrivilegedCarbonContext.endTenantFlow();
        return adminUserName;
    }

    public String getSuperTenantAdminPassword() throws UserStoreException {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setTenantDomain("carbon.super");
        threadLocalCarbonContext.setTenantId(-1234);
        String adminPassword = threadLocalCarbonContext.getUserRealm().getRealmConfiguration().getAdminPassword();
        PrivilegedCarbonContext.endTenantFlow();
        return adminPassword;
    }

    protected void handleException(String str, Exception exc) throws HDFSServerManagementException {
        log.error(str, exc);
        throw new HDFSServerManagementException(str, log);
    }

    public boolean getKerberosTicketForUser(String str, String str2, String str3, boolean z) throws AuthenticationException {
        String readLine;
        String str4 = z ? str + "/carbon.super" : str + HDFSConstants.UNDERSCORE + str3;
        if (KerberosTicketToTenantCache.getInstance().tenantTGTCache.get(str4) != null) {
            return true;
        }
        String str5 = this.tgtCachePrefix + str;
        ProcessBuilder processBuilder = new ProcessBuilder("/usr/bin/kinit", "-c", str5, str4);
        processBuilder.directory(new File(this.CARBON_HOME));
        Map<String, String> environment = processBuilder.environment();
        if (this.KRB5_CONFIG == null) {
            this.KRB5_CONFIG = "/etc/krb5.conf";
        }
        environment.put("KRB5_CONFIG", this.KRB5_CONFIG);
        log.info(environment.get("KRB5_CONFIG"));
        try {
            Process start = processBuilder.start();
            InputStream errorStream = start.getErrorStream();
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(start.getOutputStream()));
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
            if (errorStream.available() > 0) {
                log.error("Incorrect kinit command: " + bufferedReader.readLine());
                throw new AuthenticationException("Incorrect kinit command");
            }
            bufferedWriter.write(str2);
            bufferedWriter.newLine();
            bufferedWriter.close();
            if (start.waitFor() != 0) {
                log.warn("Kinit Failed");
                if (errorStream.available() > 0) {
                    String str6 = "";
                    while (bufferedReader.ready() && (readLine = bufferedReader.readLine()) != null) {
                        str6 = str6 + readLine;
                    }
                    if (!"".equals(str6)) {
                        throw new AuthenticationException(str6);
                    }
                }
            }
            KerberosTicketToTenantCache.getInstance().tenantTGTCache.putIfAbsent(str4, str5);
            return true;
        } catch (IOException e) {
            log.warn(e.getMessage());
            e.printStackTrace();
            throw new AuthenticationException(e.getMessage());
        } catch (InterruptedException e2) {
            log.error("Incorrect kinit command: ");
            throw new AuthenticationException(e2.getMessage());
        }
    }

    public String getTenantDomain(UserStoreManager userStoreManager, RealmService realmService) throws UserStoreException {
        return realmService.getTenantManager().getDomain(userStoreManager.getTenantId());
    }

    public boolean isCurrentUserSuperTenant(String str, UserStoreManager userStoreManager) throws org.wso2.carbon.user.core.UserStoreException {
        if (userStoreManager.getTenantId() != -1234) {
            return false;
        }
        String adminRoleName = userStoreManager.getRealmConfiguration().getAdminRoleName();
        String[] roleListOfUser = userStoreManager.getRoleListOfUser(str);
        if (roleListOfUser == null) {
            return false;
        }
        for (String str2 : roleListOfUser) {
            if (adminRoleName.equals(str2)) {
                return true;
            }
        }
        return false;
    }
}
