package com.bigstep.datalake;

import java.io.File;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.PlatformName;

/* loaded from: input_file:com/bigstep/datalake/KerberosIdentity.class */
public class KerberosIdentity {
    public static final Log LOG = LogFactory.getLog(KerberosIdentity.class);
    private static HashMap<String, Subject> subjectCache = new HashMap<>();
    private final long DEFAULT_RELOGIN_TIME = 18000000;
    private long reloginTime;
    private Subject subject;
    private String kerberosPrincipal;
    private String kerberosKeytab;
    private String kerberosRealm;
    private Date lastLogin;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bigstep/datalake/KerberosIdentity$KerberosConfiguration.class */
    public static class KerberosConfiguration extends Configuration {
        private String keytab;
        private String principal;
        private String realm;

        public KerberosConfiguration(String str, String str2, String str3) {
            this.keytab = str;
            this.principal = str2;
            this.realm = str3;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            if (PlatformName.IBM_JAVA) {
                hashMap.put("useKeytab", this.keytab.startsWith("file://") ? this.keytab : "file://" + this.keytab);
                hashMap.put("principal", this.principal);
                hashMap.put("credsType", "acceptor");
            } else {
                hashMap.put("keyTab", this.keytab);
                hashMap.put("realm", this.realm);
                hashMap.put("principal", this.principal);
                hashMap.put("useKeyTab", "true");
                hashMap.put("storeKey", "true");
                hashMap.put("doNotPrompt", "true");
                hashMap.put("useTicketCache", "false");
                hashMap.put("renewTGT", "false");
                hashMap.put("isInitiator", "true");
                if (KerberosIdentity.LOG.isDebugEnabled()) {
                    hashMap.put("debug", "true");
                }
            }
            hashMap.put("refreshKrb5Config", "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    public KerberosIdentity(long j) {
        this.DEFAULT_RELOGIN_TIME = 18000000L;
        this.reloginTime = j;
    }

    public KerberosIdentity() {
        this.DEFAULT_RELOGIN_TIME = 18000000L;
        this.reloginTime = 18000000L;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public String getRealm() {
        return this.kerberosRealm;
    }

    public void login(String str, String str2, String str3) throws IOException {
        this.kerberosPrincipal = str;
        this.kerberosKeytab = str2;
        this.kerberosRealm = str3;
        if (subjectCache.containsKey(str)) {
            LOG.debug("Retrived principal " + str + "from cache");
            this.subject = subjectCache.get(str);
            this.lastLogin = new Date();
            return;
        }
        File file = new File(str2);
        if (!file.exists()) {
            throw new IOException("Kerberos keytab file " + str2 + " not found");
        }
        if (!file.canRead()) {
            throw new IOException("Kerberos keytab file " + str2 + " cannot be accessed");
        }
        try {
            LoginContext loginContext = new LoginContext("", (Subject) null, (CallbackHandler) null, new KerberosConfiguration(str2, str, str3));
            LOG.debug("Attempting login as " + str + " using " + str2);
            loginContext.login();
            this.subject = loginContext.getSubject();
            this.lastLogin = new Date();
        } catch (LoginException e) {
            throw new IOException(e);
        }
    }

    public Date getLastLogin() {
        return this.lastLogin;
    }

    public boolean isLoginNecessary() {
        return new Date().getTime() - getLastLogin().getTime() > this.reloginTime;
    }

    public void relogin() throws IOException {
        subjectCache.remove(this.kerberosPrincipal);
        login(this.kerberosPrincipal, this.kerberosKeytab, this.kerberosRealm);
    }

    public void reloginIfNecessary() throws IOException {
        if (isLoginNecessary()) {
            relogin();
        }
    }

    public <T> T doAsPrivileged(PrivilegedAction<T> privilegedAction) {
        logPrivilegedAction(this.subject, privilegedAction);
        return (T) Subject.doAsPrivileged(this.subject, privilegedAction, (AccessControlContext) null);
    }

    public <T> T doAsPriviledged(PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        logPrivilegedAction(this.subject, privilegedExceptionAction);
        return (T) Subject.doAsPrivileged(this.subject, privilegedExceptionAction, (AccessControlContext) null);
    }

    public <T> T doAs(PrivilegedAction<T> privilegedAction) {
        logPrivilegedAction(this.subject, privilegedAction);
        return (T) Subject.doAs(this.subject, privilegedAction);
    }

    public <T> T doAs(PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        logPrivilegedAction(this.subject, privilegedExceptionAction);
        return (T) Subject.doAs(this.subject, privilegedExceptionAction);
    }

    private void logPrivilegedAction(Subject subject, Object obj) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PrivilegedAction as:" + this + " from:" + new Throwable().getStackTrace()[2].toString());
        }
    }

    public Principal getPrincipal() {
        Set<Principal> principals = this.subject.getPrincipals();
        if (principals == null) {
            return null;
        }
        Iterator<Principal> it = principals.iterator();
        if (it.hasNext()) {
            return it.next();
        }
        return null;
    }

    public String getPrincipalShortName() {
        Matcher matcher = Pattern.compile("(.*)(\\/(.*))?\\@(.*)").matcher(getPrincipal().getName());
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    public String getPrincipalName() {
        return getPrincipal().getName();
    }

    private synchronized Credentials getCredentialsInternal() {
        Credentials credentials;
        Set privateCredentials = this.subject.getPrivateCredentials(Credentials.class);
        if (privateCredentials.isEmpty()) {
            credentials = new Credentials();
            this.subject.getPrivateCredentials().add(credentials);
        } else {
            credentials = (Credentials) privateCredentials.iterator().next();
        }
        return credentials;
    }

    public Collection<Token<? extends TokenIdentifier>> getTokens() {
        Collection<Token<? extends TokenIdentifier>> unmodifiableCollection;
        synchronized (this.subject) {
            unmodifiableCollection = Collections.unmodifiableCollection(new ArrayList(getCredentialsInternal().getAllTokens()));
        }
        return unmodifiableCollection;
    }

    public String toString() {
        return "KerberosIdentity (" + getPrincipalName() + "[" + getPrincipalShortName() + "])";
    }
}
