package org.apache.kerby.has.common.util;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kerby/has/common/util/HasJaasLoginUtil.class */
public class HasJaasLoginUtil {
    public static final boolean ENABLE_DEBUG = true;
    private static final Map<String, String> TICKET_KERBEROS_OPTIONS;
    private static final AppConfigurationEntry TICKET_KERBEROS_LOGIN;
    public static final Logger LOG = LoggerFactory.getLogger(HasJaasLoginUtil.class);
    private static final Map<String, String> BASIC_JAAS_OPTIONS = new HashMap();

    /* loaded from: input_file:org/apache/kerby/has/common/util/HasJaasLoginUtil$HasJaasConf.class */
    static class HasJaasConf extends Configuration {
        HasJaasConf() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return new AppConfigurationEntry[]{HasJaasLoginUtil.TICKET_KERBEROS_LOGIN};
        }
    }

    private static String getKrb5LoginModuleName() {
        return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "org.apache.kerby.has.client.HasLoginModule";
    }

    public static synchronized Subject loginUserFromTgtTicket(String str) throws IOException {
        TICKET_KERBEROS_OPTIONS.put("hadoopSecurityHas", str);
        Subject subject = new Subject();
        try {
            LoginContext loginContext = new LoginContext("ticket-kerberos", subject, (CallbackHandler) null, new HasJaasConf());
            try {
                loginContext.login();
                LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
                return loginContext.getSubject();
            } catch (LoginException e) {
                throw new IOException("Login failure for " + e);
            }
        } catch (LoginException e2) {
            throw new IOException("Fail to create LoginContext for " + e2);
        }
    }

    static {
        String str = System.getenv("HADOOP_JAAS_DEBUG");
        if (str != null && "true".equalsIgnoreCase(str)) {
            BASIC_JAAS_OPTIONS.put("debug", String.valueOf(true));
        }
        TICKET_KERBEROS_OPTIONS = new HashMap();
        TICKET_KERBEROS_OPTIONS.put("doNotPrompt", "true");
        TICKET_KERBEROS_OPTIONS.put("useTgtTicket", "true");
        TICKET_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
        TICKET_KERBEROS_LOGIN = new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, TICKET_KERBEROS_OPTIONS);
    }
}
