package com.exasol.jdbc;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:com/exasol/jdbc/GSSAuthentication.class */
public class GSSAuthentication {
    public static void authenticate(EXAConnection eXAConnection, boolean z) throws IOException, SQLException {
        try {
            Subject subject = Subject.getSubject(AccessController.getContext());
            Exception exc = (Exception) Subject.doAs(subject, new GSSPrivilegedAction(eXAConnection, getCredentials(eXAConnection, subject), z));
            if (exc instanceof IOException) {
                eXAConnection.logStackTrace(exc);
                throw ((IOException) exc);
            }
            if (exc instanceof SQLException) {
                eXAConnection.logStackTrace(exc);
                throw ((SQLException) exc);
            }
            if (exc != null) {
                throw new SQLException("Kerberos authentication failed: " + exc.getMessage(), "HY000", exc);
            }
        } catch (Exception e) {
            eXAConnection.logStackTrace(e);
            throw new SQLException(e.getMessage(), e);
        }
    }

    private static GSSCredential getCredentials(EXAConnection eXAConnection, Subject subject) throws GSSException {
        if (subject == null) {
            eXAConnection.log("No subject found in context");
            return null;
        }
        eXAConnection.log("Found subject with " + subject.getPrincipals().size() + " principals(s) in context:");
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            eXAConnection.log("  - '" + it.next().getName() + "'");
        }
        Set privateCredentials = subject.getPrivateCredentials(GSSCredential.class);
        if (privateCredentials == null || privateCredentials.size() <= 0) {
            eXAConnection.log("No private credentials found for subject");
            return null;
        }
        GSSCredential gSSCredential = (GSSCredential) privateCredentials.iterator().next();
        eXAConnection.log("Found " + privateCredentials.size() + " private credential(s), using first credentials for '" + gSSCredential.getName() + "'");
        return gSSCredential;
    }
}
