package com.questdb.net.ha.krb;

import com.questdb.net.ha.auth.AuthorizationHandler;
import com.questdb.std.ObjList;
import com.questdb.store.JournalKey;

/* loaded from: input_file:com/questdb/net/ha/krb/KrbAuthenticator.class */
public class KrbAuthenticator implements AuthorizationHandler {
    private final String krb5Conf;
    private final String principal;
    private final String keyTab;
    private final String serviceName;
    private final KrbAuthorizer authorizer;

    public KrbAuthenticator(String str, String str2, String str3, String str4, KrbAuthorizer krbAuthorizer) {
        this.krb5Conf = str;
        this.principal = str2;
        this.keyTab = str3;
        this.serviceName = str4;
        this.authorizer = krbAuthorizer;
    }

    @Override // com.questdb.net.ha.auth.AuthorizationHandler
    public boolean isAuthorized(byte[] bArr, ObjList<JournalKey> objList) throws Exception {
        ActiveDirectoryConnection activeDirectoryConnection = new ActiveDirectoryConnection(this.krb5Conf, this.principal, this.keyTab);
        Throwable th = null;
        try {
            String decodeServiceToken = activeDirectoryConnection.decodeServiceToken(this.serviceName, bArr);
            return this.authorizer != null ? this.authorizer.isAuthorized(decodeServiceToken, objList) : decodeServiceToken != null;
        } finally {
            if (activeDirectoryConnection != null) {
                if (0 != 0) {
                    try {
                        activeDirectoryConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    activeDirectoryConnection.close();
                }
            }
        }
    }
}
