package org.apache.hadoop.has.common.util;

import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.security.KDiag;
import org.apache.kerby.kerberos.kerb.client.jaas.TokenAuthLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/has/common/util/HasJaasLoginUtil.class */
public class HasJaasLoginUtil {
    public static final boolean ENABLE_DEBUG = true;
    private static final Map<String, String> TICKET_KERBEROS_OPTIONS;
    private static final AppConfigurationEntry TICKET_KERBEROS_LOGIN;
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) HasJaasLoginUtil.class);
    private static final Map<String, String> BASIC_JAAS_OPTIONS = new HashMap();

    /* loaded from: input_file:org/apache/hadoop/has/common/util/HasJaasLoginUtil$HasJaasConf.class */
    static class HasJaasConf extends Configuration {
        HasJaasConf() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return new AppConfigurationEntry[]{HasJaasLoginUtil.TICKET_KERBEROS_LOGIN};
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/has/common/util/HasJaasLoginUtil$KeytabJaasConf.class */
    public static class KeytabJaasConf extends Configuration {
        private String principal;
        private File keytabFile;

        KeytabJaasConf(String str, File file) {
            this.principal = str;
            this.keytabFile = file;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("keyTab", this.keytabFile.getAbsolutePath());
            hashMap.put(TokenAuthLoginModule.PRINCIPAL, this.principal);
            hashMap.put("useKeyTab", "true");
            hashMap.put("storeKey", "true");
            hashMap.put("doNotPrompt", "true");
            hashMap.put("renewTGT", "false");
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("isInitiator", "true");
            hashMap.putAll(HasJaasLoginUtil.BASIC_JAAS_OPTIONS);
            return new AppConfigurationEntry[]{new AppConfigurationEntry(HasJaasLoginUtil.access$200(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/has/common/util/HasJaasLoginUtil$TicketCacheJaasConf.class */
    public static class TicketCacheJaasConf extends Configuration {
        private String principal;
        private File clientCredentialFile;

        TicketCacheJaasConf(String str, File file) {
            this.principal = str;
            this.clientCredentialFile = file;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put(TokenAuthLoginModule.PRINCIPAL, this.principal);
            hashMap.put("storeKey", "false");
            hashMap.put("doNotPrompt", "false");
            hashMap.put("useTicketCache", "true");
            hashMap.put("renewTGT", "true");
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("isInitiator", "true");
            hashMap.put("ticketCache", this.clientCredentialFile.getAbsolutePath());
            hashMap.putAll(HasJaasLoginUtil.BASIC_JAAS_OPTIONS);
            return new AppConfigurationEntry[]{new AppConfigurationEntry(HasJaasLoginUtil.access$200(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    private static String getKrb5LoginModuleName() {
        return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "org.apache.hadoop.has.client.HasLoginModule";
    }

    public static synchronized Subject loginUserFromTgtTicket(String str) throws IOException {
        TICKET_KERBEROS_OPTIONS.put("hadoopSecurityHas", str);
        Subject subject = new Subject();
        try {
            LoginContext loginContext = new LoginContext("ticket-kerberos", subject, (CallbackHandler) null, new HasJaasConf());
            try {
                loginContext.login();
                LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
                return loginContext.getSubject();
            } catch (LoginException e) {
                throw new IOException("Login failure for " + e);
            }
        } catch (LoginException e2) {
            throw new IOException("Fail to create LoginContext for " + e2);
        }
    }

    public static Subject loginUsingTicketCache(String str, File file) throws IOException {
        HashSet hashSet = new HashSet();
        hashSet.add(new KerberosPrincipal(str));
        Subject subject = new Subject(false, hashSet, new HashSet(), new HashSet());
        try {
            LoginContext loginContext = new LoginContext("TicketCacheConf", subject, (CallbackHandler) null, useTicketCache(str, file));
            try {
                loginContext.login();
                LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
                return loginContext.getSubject();
            } catch (LoginException e) {
                throw new IOException("Login failure for " + e);
            }
        } catch (LoginException e2) {
            throw new IOException("Faill to create LoginContext for " + e2);
        }
    }

    public static Subject loginUsingKeytab(String str, File file) throws IOException {
        HashSet hashSet = new HashSet();
        hashSet.add(new KerberosPrincipal(str));
        Subject subject = new Subject(false, hashSet, new HashSet(), new HashSet());
        try {
            LoginContext loginContext = new LoginContext("KeytabConf", subject, (CallbackHandler) null, useKeytab(str, file));
            try {
                loginContext.login();
                LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
                return loginContext.getSubject();
            } catch (LoginException e) {
                throw new IOException("Login failure for " + e);
            }
        } catch (LoginException e2) {
            throw new IOException("Fail to create LoginContext for " + e2);
        }
    }

    public static LoginContext loginUsingKeytabReturnContext(String str, File file) throws IOException {
        HashSet hashSet = new HashSet();
        hashSet.add(new KerberosPrincipal(str));
        Subject subject = new Subject(false, hashSet, new HashSet(), new HashSet());
        try {
            LoginContext loginContext = new LoginContext("KeytabConf", subject, (CallbackHandler) null, useKeytab(str, file));
            try {
                loginContext.login();
                LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
                return loginContext;
            } catch (LoginException e) {
                throw new IOException("Login failure for " + e);
            }
        } catch (LoginException e2) {
            throw new IOException("Fail to create LoginContext for " + e2);
        }
    }

    public static Configuration useTicketCache(String str, File file) {
        return new TicketCacheJaasConf(str, file);
    }

    public static Configuration useKeytab(String str, File file) {
        return new KeytabJaasConf(str, file);
    }

    static /* synthetic */ String access$200() {
        return getKrb5LoginModuleName();
    }

    static {
        String str = System.getenv(KDiag.HADOOP_JAAS_DEBUG);
        if (str != null && "true".equalsIgnoreCase(str)) {
            BASIC_JAAS_OPTIONS.put("debug", String.valueOf(true));
        }
        TICKET_KERBEROS_OPTIONS = new HashMap();
        TICKET_KERBEROS_OPTIONS.put("doNotPrompt", "true");
        TICKET_KERBEROS_OPTIONS.put("useTgtTicket", "true");
        TICKET_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
        TICKET_KERBEROS_LOGIN = new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, TICKET_KERBEROS_OPTIONS);
    }
}
