package org.apache.hadoop.security;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import org.apache.commons.io.IOUtils;
import org.apache.commons.net.ntp.NtpV3Packet;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.shell.Head;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/hadoop-common-3.3.0.jar:org/apache/hadoop/security/KDiag.class */
public class KDiag extends Configured implements Tool, Closeable {
    public static final String KRB5_CCNAME = "KRB5CCNAME";
    public static final String KRB5_CONFIG = "KRB5_CONFIG";
    public static final String JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf";
    public static final String JAVA_SECURITY_KRB5_REALM = "java.security.krb5.realm";
    public static final String JAVA_SECURITY_KRB5_KDC_ADDRESS = "java.security.krb5.kdc";
    public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    public static final String SUN_SECURITY_SPNEGO_DEBUG = "sun.security.spnego.debug";
    public static final String SUN_SECURITY_JAAS_FILE = "java.security.auth.login.config";
    public static final String KERBEROS_KINIT_COMMAND = "hadoop.kerberos.kinit.command";
    public static final String HADOOP_AUTHENTICATION_IS_DISABLED = "Hadoop authentication is disabled";
    public static final String UNSET = "(unset)";
    public static final String NO_DEFAULT_REALM = "Cannot locate default realm";
    public static final int KDIAG_FAILURE = 41;
    public static final String DFS_DATA_TRANSFER_SASLPROPERTIES_RESOLVER_CLASS = "dfs.data.transfer.saslproperties.resolver.class";
    public static final String DFS_DATA_TRANSFER_PROTECTION = "dfs.data.transfer.protection";
    public static final String ETC_KRB5_CONF = "/etc/krb5.conf";
    public static final String ETC_NTP = "/etc/ntp.conf";
    public static final String HADOOP_JAAS_DEBUG = "HADOOP_JAAS_DEBUG";
    private PrintWriter out;
    private File keytab;
    private String principal;
    private long minKeyLength;
    private boolean securityRequired;
    private boolean nofail;
    private boolean nologin;
    private boolean jaas;
    private boolean checkShortName;
    private boolean probeHasFailed;
    public static final String CAT_CONFIG = "CONFIG";
    public static final String CAT_JAAS = "JAAS";
    public static final String CAT_JVM = "JVM";
    public static final String CAT_KERBEROS = "KERBEROS";
    public static final String CAT_LOGIN = "LOGIN";
    public static final String CAT_OS = "JAAS";
    public static final String CAT_SASL = "SASL";
    public static final String CAT_UGI = "UGI";
    public static final String CAT_TOKEN = "TOKEN";
    public static final String ARG_KEYLEN = "--keylen";
    public static final String ARG_KEYTAB = "--keytab";
    public static final String ARG_JAAS = "--jaas";
    public static final String ARG_NOFAIL = "--nofail";
    public static final String ARG_NOLOGIN = "--nologin";
    public static final String ARG_OUTPUT = "--out";
    public static final String ARG_PRINCIPAL = "--principal";
    public static final String ARG_RESOURCE = "--resource";
    public static final String ARG_SECURE = "--secure";
    public static final String ARG_VERIFYSHORTNAME = "--verifyshortname";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KDiag.class);
    private static final Pattern nonSimplePattern = Pattern.compile("[/@]");

    /* loaded from: input_file:META-INF/bundled-dependencies/hadoop-common-3.3.0.jar:org/apache/hadoop/security/KDiag$KerberosDiagsFailure.class */
    public static class KerberosDiagsFailure extends ExitUtil.ExitException {
        private final String category;

        public KerberosDiagsFailure(String str, String str2) {
            super(41, str + ": " + str2);
            this.category = str;
        }

        public KerberosDiagsFailure(String str, String str2, Object... objArr) {
            this(str, String.format(str2, objArr));
        }

        public KerberosDiagsFailure(String str, Throwable th, String str2, Object... objArr) {
            this(str, str2, objArr);
            initCause(th);
        }

        public String getCategory() {
            return this.category;
        }
    }

    public KDiag(Configuration configuration, PrintWriter printWriter, File file, String str, long j, boolean z) {
        super(configuration);
        this.minKeyLength = 256L;
        this.nofail = false;
        this.nologin = false;
        this.jaas = false;
        this.checkShortName = false;
        this.probeHasFailed = false;
        this.keytab = file;
        this.principal = str;
        this.out = printWriter;
        this.minKeyLength = j;
        this.securityRequired = z;
    }

    public KDiag() {
        this.minKeyLength = 256L;
        this.nofail = false;
        this.nologin = false;
        this.jaas = false;
        this.checkShortName = false;
        this.probeHasFailed = false;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        flush();
        if (this.out != null) {
            this.out.close();
        }
    }

    @Override // org.apache.hadoop.util.Tool
    public int run(String[] strArr) throws Exception {
        LinkedList linkedList = new LinkedList(Arrays.asList(strArr));
        String popOptionWithArgument = StringUtils.popOptionWithArgument(ARG_KEYTAB, linkedList);
        if (popOptionWithArgument != null) {
            this.keytab = new File(popOptionWithArgument);
        }
        this.principal = StringUtils.popOptionWithArgument(ARG_PRINCIPAL, linkedList);
        String popOptionWithArgument2 = StringUtils.popOptionWithArgument(ARG_OUTPUT, linkedList);
        if (StringUtils.popOptionWithArgument(ARG_KEYLEN, linkedList) != null) {
            this.minKeyLength = Integer.parseInt(r0);
        }
        this.securityRequired = StringUtils.popOption(ARG_SECURE, linkedList);
        this.nofail = StringUtils.popOption(ARG_NOFAIL, linkedList);
        this.jaas = StringUtils.popOption(ARG_JAAS, linkedList);
        this.nologin = StringUtils.popOption(ARG_NOLOGIN, linkedList);
        this.checkShortName = StringUtils.popOption(ARG_VERIFYSHORTNAME, linkedList);
        while (true) {
            String popOptionWithArgument3 = StringUtils.popOptionWithArgument(ARG_RESOURCE, linkedList);
            if (null == popOptionWithArgument3) {
                break;
            }
            LOG.info("Loading resource {}", popOptionWithArgument3);
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(popOptionWithArgument3);
            Throwable th = null;
            try {
                try {
                    if (verify(resourceAsStream != null, CAT_CONFIG, "No resource %s", popOptionWithArgument3)) {
                        Configuration.addDefaultResource(popOptionWithArgument3);
                    }
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (resourceAsStream != null) {
                    if (th != null) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th4;
            }
        }
        if (linkedList.isEmpty()) {
            if (popOptionWithArgument2 != null) {
                println("Printing output to %s", popOptionWithArgument2);
                this.out = new PrintWriter(new File(popOptionWithArgument2), "UTF-8");
            }
            execute();
            return this.probeHasFailed ? 41 : 0;
        }
        println("Unknown arguments in command:", new Object[0]);
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            println("  \"%s\"", (String) it.next());
        }
        println();
        println(usage(), new Object[0]);
        return -1;
    }

    private String usage() {
        return "KDiag: Diagnose Kerberos Problems\n" + arg("-D", "key=value", "Define a configuration option") + arg(ARG_JAAS, "", "Require a JAAS file to be defined in java.security.auth.login.config") + arg(ARG_KEYLEN, "<keylen>", "Require a minimum size for encryption keys supported by the JVM. Default value : " + this.minKeyLength) + arg(ARG_KEYTAB, "<keytab> --principal <principal>", "Login from a keytab as a specific principal") + arg(ARG_NOFAIL, "", "Do not fail on the first problem") + arg(ARG_NOLOGIN, "", "Do not attempt to log in") + arg(ARG_OUTPUT, Head.USAGE, "Write output to a file") + arg(ARG_RESOURCE, "<resource>", "Load an XML configuration resource") + arg(ARG_SECURE, "", "Require the hadoop configuration to be secure") + arg(ARG_VERIFYSHORTNAME, "--principal <principal>", "Verify the short name of the specific principal does not contain '@' or '/'");
    }

    private String arg(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        Object[] objArr = new Object[4];
        objArr[0] = str;
        objArr[1] = !str2.isEmpty() ? " " : "";
        objArr[2] = str2;
        objArr[3] = str3;
        return sb.append(String.format("  [%s%s%s] : %s", objArr)).append(".\n").toString();
    }

    public boolean execute() throws Exception {
        title("Kerberos Diagnostics scan at %s", new Date(System.currentTimeMillis()));
        println("Hostname = %s", InetAddress.getLocalHost().getCanonicalHostName());
        println("%s = %d", ARG_KEYLEN, Long.valueOf(this.minKeyLength));
        println("%s = %s", ARG_KEYTAB, this.keytab);
        println("%s = %s", ARG_PRINCIPAL, this.principal);
        println("%s = %s", ARG_VERIFYSHORTNAME, Boolean.valueOf(this.checkShortName));
        validateKeyLength();
        println("JVM Kerberos Login Module = %s", KerberosUtil.getKrb5LoginModuleName());
        title("Core System Properties", new Object[0]);
        for (String str : new String[]{"user.name", "java.version", "java.vendor", "java.security.krb5.conf", JAVA_SECURITY_KRB5_REALM, JAVA_SECURITY_KRB5_KDC_ADDRESS, SUN_SECURITY_KRB5_DEBUG, SUN_SECURITY_SPNEGO_DEBUG, "java.security.auth.login.config"}) {
            printSysprop(str);
        }
        endln();
        title("All System Properties", new Object[0]);
        ArrayList arrayList = new ArrayList(System.getProperties().stringPropertyNames());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            printSysprop((String) it.next());
        }
        endln();
        title("Environment Variables", new Object[0]);
        for (String str2 : new String[]{HADOOP_JAAS_DEBUG, KRB5_CCNAME, KRB5_CONFIG, "HADOOP_USER_NAME", "HADOOP_PROXY_USER", UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION, "HADOOP_SECURE_LOG", "HADOOP_OPTS", "HADOOP_CLIENT_OPTS"}) {
            printEnv(str2);
        }
        endln();
        title("Configuration Options", new Object[0]);
        for (String str3 : new String[]{KERBEROS_KINIT_COMMAND, CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "hadoop.security.authorization", CommonConfigurationKeysPublic.HADOOP_KERBEROS_MIN_SECONDS_BEFORE_RELOGIN, CommonConfigurationKeysPublic.HADOOP_SECURITY_DNS_INTERFACE_KEY, CommonConfigurationKeysPublic.HADOOP_SECURITY_DNS_NAMESERVER_KEY, CommonConfigurationKeysPublic.HADOOP_RPC_PROTECTION, CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS, CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX, "hadoop.security.group.mapping", CommonConfigurationKeysPublic.HADOOP_SECURITY_IMPERSONATION_PROVIDER_CLASS, "dfs.data.transfer.protection", "dfs.data.transfer.saslproperties.resolver.class"}) {
            printConfOpt(str3);
        }
        Configuration conf = getConf();
        if (isSimpleAuthentication(conf)) {
            println(HADOOP_AUTHENTICATION_IS_DISABLED, new Object[0]);
            failif(this.securityRequired, CAT_CONFIG, HADOOP_AUTHENTICATION_IS_DISABLED, new Object[0]);
            LOG.warn("Security is not enabled for the Hadoop cluster");
        } else if (isSimpleAuthentication(new Configuration())) {
            LOG.warn("The default cluster security is insecure");
            failif(this.securityRequired, CAT_CONFIG, HADOOP_AUTHENTICATION_IS_DISABLED, new Object[0]);
        }
        boolean andSet = getAndSet(SUN_SECURITY_KRB5_DEBUG);
        boolean andSet2 = getAndSet(SUN_SECURITY_SPNEGO_DEBUG);
        try {
            UserGroupInformation.setConfiguration(conf);
            validateHadoopTokenFiles(conf);
            validateKrb5File();
            printDefaultRealm();
            validateSasl(CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS);
            if (conf.get("dfs.data.transfer.saslproperties.resolver.class") != null) {
                validateSasl("dfs.data.transfer.saslproperties.resolver.class");
            }
            validateKinitExecutable();
            validateJAAS(this.jaas);
            validateNTPConf();
            if (this.checkShortName) {
                validateShortName();
            }
            if (!this.nologin) {
                title("Logging in", new Object[0]);
                if (this.keytab != null) {
                    dumpKeytab(this.keytab);
                    loginFromKeytab();
                } else {
                    UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
                    dumpUGI("Log in user", loginUser);
                    validateUGI("Login user", loginUser);
                    println("Ticket based login: %b", Boolean.valueOf(UserGroupInformation.isLoginTicketBased()));
                    println("Keytab based login: %b", Boolean.valueOf(UserGroupInformation.isLoginKeytabBased()));
                }
            }
            return true;
        } finally {
            System.setProperty(SUN_SECURITY_KRB5_DEBUG, Boolean.toString(andSet));
            System.setProperty(SUN_SECURITY_SPNEGO_DEBUG, Boolean.toString(andSet2));
        }
    }

    protected boolean isSimpleAuthentication(Configuration configuration) {
        return SecurityUtil.getAuthenticationMethod(configuration).equals(UserGroupInformation.AuthenticationMethod.SIMPLE);
    }

    protected void validateKeyLength() throws NoSuchAlgorithmException {
        int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength("AES");
        println("Maximum AES encryption key length %d bits", Integer.valueOf(maxAllowedKeyLength));
        verify(this.minKeyLength <= ((long) maxAllowedKeyLength), CAT_JVM, "Java Cryptography Extensions are not installed on this JVM. Maximum supported key length %s - minimum required %d", Integer.valueOf(maxAllowedKeyLength), Long.valueOf(this.minKeyLength));
    }

    protected void validateShortName() {
        failif(this.principal == null, CAT_KERBEROS, "No principal defined", new Object[0]);
        try {
            String shortName = new KerberosName(this.principal).getShortName();
            if (nonSimplePattern.matcher(shortName).find()) {
                warn(CAT_KERBEROS, this.principal + " short name: " + shortName + " still contains @ or /", new Object[0]);
            }
        } catch (IOException e) {
            throw new KerberosDiagsFailure(CAT_KERBEROS, e, "Failed to get short name for " + this.principal, e);
        } catch (IllegalArgumentException e2) {
            error(CAT_KERBEROS, "KerberosName(" + this.principal + ") failed: %s\n%s", e2, StringUtils.stringifyException(e2));
        }
    }

    protected void printDefaultRealm() {
        try {
            Object defaultRealm = KerberosUtil.getDefaultRealm();
            println("Default Realm = %s", defaultRealm);
            if (defaultRealm == null) {
                warn(CAT_KERBEROS, "Host has no default realm", new Object[0]);
            }
        } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException e) {
            throw new KerberosDiagsFailure(CAT_JVM, e, "Failed to invoke krb5.Config.getDefaultRealm: %s: " + e, e);
        } catch (InvocationTargetException e2) {
            Throwable cause = e2.getCause() != null ? e2.getCause() : e2;
            if (!cause.toString().contains(NO_DEFAULT_REALM)) {
                error(CAT_KERBEROS, "Kerberos.getDefaultRealm() failed: %s\n%s", cause, StringUtils.stringifyException(cause));
            } else {
                warn(CAT_KERBEROS, "Host has no default realm", new Object[0]);
                LOG.debug(cause.toString(), cause);
            }
        }
    }

    private void validateHadoopTokenFiles(Configuration configuration) throws ClassNotFoundException, KerberosDiagsFailure, NoSuchMethodException, SecurityException {
        title("Locating Hadoop token files", new Object[0]);
        String property = System.getProperty(CommonConfigurationKeysPublic.HADOOP_TOKEN_FILES);
        if (property != null) {
            println("Found hadoop.token.files in system properties : " + property, new Object[0]);
        }
        if (configuration.get(CommonConfigurationKeysPublic.HADOOP_TOKEN_FILES) != null) {
            println("Found hadoop.token.files in hadoop configuration : " + configuration.get(CommonConfigurationKeysPublic.HADOOP_TOKEN_FILES), new Object[0]);
            if (System.getProperty(CommonConfigurationKeysPublic.HADOOP_TOKEN_FILES) != null) {
                println("hadoop.token.files in the system properties overrides the one specified in hadoop configuration", new Object[0]);
            } else {
                property = configuration.get(CommonConfigurationKeysPublic.HADOOP_TOKEN_FILES);
            }
        }
        if (property != null) {
            for (String str : StringUtils.getTrimmedStrings(property)) {
                if (str.length() > 0) {
                    File file = new File(str);
                    verifyFileIsValid(file, CAT_TOKEN, "token");
                    verify(file, configuration, CAT_TOKEN, "token");
                }
            }
        }
    }

    private void validateKrb5File() throws IOException {
        if (Shell.WINDOWS) {
            return;
        }
        title("Locating Kerberos configuration file", new Object[0]);
        String str = ETC_KRB5_CONF;
        String property = System.getProperty("java.security.krb5.conf");
        if (property != null && !property.isEmpty()) {
            println("Setting kerberos path from sysprop %s: \"%s\"", "java.security.krb5.conf", property);
            str = property;
        }
        String str2 = System.getenv(KRB5_CONFIG);
        if (str2 != null) {
            println("Setting kerberos path from environment variable %s: \"%s\"", KRB5_CONFIG, str2);
            str = str2;
            if (property != null) {
                println("Warning - both %s and %s were set - %s takes priority", "java.security.krb5.conf", KRB5_CONFIG, KRB5_CONFIG);
            }
        }
        File file = new File(str);
        println("Kerberos configuration file = %s", file);
        dump(file);
        endln();
    }

    private void dumpKeytab(File file) throws IOException {
        title("Examining keytab %s", file);
        File canonicalFile = file.getCanonicalFile();
        verifyFileIsValid(canonicalFile, CAT_KERBEROS, "keytab");
        Keytab loadKeytab = Keytab.loadKeytab(canonicalFile);
        List<PrincipalName> principals = loadKeytab.getPrincipals();
        println("keytab principal count: %d", Integer.valueOf(principals.size()));
        int i = 0;
        Iterator<PrincipalName> it = principals.iterator();
        while (it.hasNext()) {
            List<KeytabEntry> keytabEntries = loadKeytab.getKeytabEntries(it.next());
            i += keytabEntries.size();
            for (KeytabEntry keytabEntry : keytabEntries) {
                println(" %s: version=%d expires=%s encryption=%s", keytabEntry.getPrincipal(), Integer.valueOf(keytabEntry.getKvno()), keytabEntry.getTimestamp(), keytabEntry.getKey().getKeyType());
            }
        }
        println("keytab entry count: %d", Integer.valueOf(i));
        endln();
    }

    private void loginFromKeytab() throws IOException {
        if (this.keytab == null) {
            println("No keytab: attempting to log in is as current user", new Object[0]);
            return;
        }
        File canonicalFile = this.keytab.getCanonicalFile();
        println("Using keytab %s principal %s", canonicalFile, this.principal);
        String str = this.principal;
        failif(this.principal == null, CAT_KERBEROS, "No principal defined", new Object[0]);
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(this.principal, canonicalFile.getPath());
        dumpUGI(str, loginUserFromKeytabAndReturnUGI);
        validateUGI(this.principal, loginUserFromKeytabAndReturnUGI);
        title("Attempting to relogin", new Object[0]);
        try {
            UserGroupInformation.setShouldRenewImmediatelyForTests(true);
            loginUserFromKeytabAndReturnUGI.reloginFromKeytab();
        } catch (IllegalAccessError e) {
            warn(CAT_UGI, "Failed to reset UGI -and so could not try to relogin", new Object[0]);
            LOG.debug("Failed to reset UGI: {}", e, e);
        }
    }

    private void dumpUGI(String str, UserGroupInformation userGroupInformation) throws IOException {
        title(str, new Object[0]);
        println("UGI instance = %s", userGroupInformation);
        println("Has kerberos credentials: %b", Boolean.valueOf(userGroupInformation.hasKerberosCredentials()));
        println("Authentication method: %s", userGroupInformation.getAuthenticationMethod());
        println("Real Authentication method: %s", userGroupInformation.getRealAuthenticationMethod());
        title("Group names", new Object[0]);
        for (String str2 : userGroupInformation.getGroupNames()) {
            println(str2, new Object[0]);
        }
        title("Credentials", new Object[0]);
        List<Text> allSecretKeys = userGroupInformation.getCredentials().getAllSecretKeys();
        title("Secret keys", new Object[0]);
        if (allSecretKeys.isEmpty()) {
            println("(none)", new Object[0]);
        } else {
            Iterator<Text> it = allSecretKeys.iterator();
            while (it.hasNext()) {
                println("%s", it.next());
            }
        }
        dumpTokens(userGroupInformation);
    }

    private void validateUGI(String str, UserGroupInformation userGroupInformation) {
        if (verify(userGroupInformation.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS, CAT_LOGIN, "User %s is not authenticated by Kerberos", userGroupInformation)) {
            verify(userGroupInformation.hasKerberosCredentials(), CAT_LOGIN, "%s: No kerberos credentials for %s", str, userGroupInformation);
            verify(userGroupInformation.getAuthenticationMethod() != null, CAT_LOGIN, "%s: Null AuthenticationMethod for %s", str, userGroupInformation);
        }
    }

    private void validateKinitExecutable() {
        String trimmed = getConf().getTrimmed(KERBEROS_KINIT_COMMAND, "");
        if (trimmed.isEmpty()) {
            return;
        }
        File file = new File(trimmed);
        println("%s = %s", KERBEROS_KINIT_COMMAND, file);
        if (file.isAbsolute()) {
            verifyFileIsValid(file, CAT_KERBEROS, KERBEROS_KINIT_COMMAND);
        } else {
            println("Executable %s is relative -must be on the PATH", trimmed);
            printEnv("PATH");
        }
    }

    private void validateSasl(String str) {
        title("Resolving SASL property %s", str);
        String trimmed = getConf().getTrimmed(str);
        try {
            println("Resolver is %s", getConf().getClass(str, SaslPropertiesResolver.class, SaslPropertiesResolver.class));
        } catch (RuntimeException e) {
            throw new KerberosDiagsFailure(CAT_SASL, e, "Failed to load %s class %s", str, trimmed);
        }
    }

    private void validateJAAS(boolean z) throws IOException {
        String property = System.getProperty("java.security.auth.login.config");
        if (z) {
            verify(property != null, "JAAS", "No JAAS file specified in java.security.auth.login.config", new Object[0]);
        }
        if (property != null) {
            title("JAAS", new Object[0]);
            File file = new File(property);
            println("JAAS file is defined in %s: %s", "java.security.auth.login.config", file);
            verifyFileIsValid(file, "JAAS", "JAAS file defined in java.security.auth.login.config");
            dump(file);
            endln();
        }
    }

    private void validateNTPConf() throws IOException {
        if (Shell.WINDOWS) {
            return;
        }
        File file = new File(ETC_NTP);
        if (file.exists() && verifyFileIsValid(file, "JAAS", "NTP file: " + file)) {
            title(NtpV3Packet.TYPE_NTP, new Object[0]);
            dump(file);
            endln();
        }
    }

    private boolean verifyFileIsValid(File file, String str, String str2) {
        if (verify(file.exists(), str, "%s file does not exist: %s", str2, file) && verify(file.isFile(), str, "%s path does not refer to a file: %s", str2, file)) {
            if (verify(file.length() != 0, str, "%s file is empty: %s", str2, file) && verify(file.canRead(), str, "%s file is not readable: %s", str2, file)) {
                return true;
            }
        }
        return false;
    }

    public void dumpTokens(UserGroupInformation userGroupInformation) {
        Collection<Token<? extends TokenIdentifier>> allTokens = userGroupInformation.getCredentials().getAllTokens();
        title("Token Count: %d", Integer.valueOf(allTokens.size()));
        Iterator<Token<? extends TokenIdentifier>> it = allTokens.iterator();
        while (it.hasNext()) {
            println("Token %s", it.next().getKind());
        }
        endln();
    }

    private boolean getAndSet(String str) {
        boolean z = Boolean.getBoolean(str);
        System.setProperty(str, "true");
        return z;
    }

    private void flush() {
        if (this.out != null) {
            this.out.flush();
        } else {
            System.out.flush();
        }
        System.err.flush();
    }

    private void println(String str, Object... objArr) {
        flush();
        String format = String.format(str, objArr);
        if (this.out != null) {
            this.out.println(format);
        } else {
            System.out.println(format);
        }
        flush();
    }

    private void println() {
        println("", new Object[0]);
    }

    private void endln() {
        println();
        println("-----", new Object[0]);
    }

    private void title(String str, Object... objArr) {
        println();
        println();
        println("== " + String.format(str, objArr) + " ==", new Object[0]);
        println();
    }

    private void printSysprop(String str) {
        println("%s = \"%s\"", str, System.getProperty(str, UNSET));
    }

    private void printConfOpt(String str) {
        println("%s = \"%s\"", str, getConf().get(str, UNSET));
    }

    private void printEnv(String str) {
        String str2 = System.getenv(str);
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 != null ? str2 : UNSET;
        println("%s = \"%s\"", objArr);
    }

    private void dump(File file) throws IOException {
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                Iterator<String> it = IOUtils.readLines(newInputStream).iterator();
                while (it.hasNext()) {
                    println("%s", it.next());
                }
                if (newInputStream != null) {
                    if (0 == 0) {
                        newInputStream.close();
                        return;
                    }
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    private void fail(String str, String str2, Object... objArr) throws KerberosDiagsFailure {
        error(str, str2, objArr);
        throw new KerberosDiagsFailure(str, str2, objArr);
    }

    private boolean verify(boolean z, String str, String str2, Object... objArr) throws KerberosDiagsFailure {
        if (z) {
            return true;
        }
        this.probeHasFailed = true;
        if (this.nofail) {
            error(str, str2, objArr);
            return false;
        }
        fail(str, str2, objArr);
        return false;
    }

    private boolean verify(File file, Configuration configuration, String str, String str2) throws KerberosDiagsFailure {
        try {
            Credentials.readTokenStorageFile(file, configuration);
            return true;
        } catch (Exception e) {
            if (this.nofail) {
                error(str, str2, new Object[0]);
                return false;
            }
            fail(str, str2, new Object[0]);
            return false;
        }
    }

    private void error(String str, String str2, Object... objArr) {
        println("ERROR: %s: %s", str, String.format(str2, objArr));
    }

    private void warn(String str, String str2, Object... objArr) {
        println("WARNING: %s: %s", str, String.format(str2, objArr));
    }

    private void failif(boolean z, String str, String str2, Object... objArr) throws KerberosDiagsFailure {
        if (z) {
            fail(str, str2, objArr);
        }
    }

    public static int exec(Configuration configuration, String... strArr) throws Exception {
        KDiag kDiag = new KDiag();
        Throwable th = null;
        try {
            try {
                int run = ToolRunner.run(configuration, kDiag, strArr);
                if (kDiag != null) {
                    if (0 != 0) {
                        try {
                            kDiag.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        kDiag.close();
                    }
                }
                return run;
            } finally {
            }
        } catch (Throwable th3) {
            if (kDiag != null) {
                if (th != null) {
                    try {
                        kDiag.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    kDiag.close();
                }
            }
            throw th3;
        }
    }

    public static void main(String[] strArr) {
        try {
            ExitUtil.terminate(exec(new Configuration(), strArr));
        } catch (ExitUtil.ExitException e) {
            LOG.error(e.toString());
            System.exit(e.status);
        } catch (Exception e2) {
            LOG.error(e2.toString(), (Throwable) e2);
            ExitUtil.halt(-1, e2);
        }
    }
}
