package com.huawei.bigdata.flinkserver.auth.token;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/bigdata/flinkserver/auth/token/KerberosUtils.class */
public class KerberosUtils {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosUtils.class);
    private static String clientPrincipal;
    private static String keytabFile;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/huawei/bigdata/flinkserver/auth/token/KerberosUtils$KerberosConfiguration.class */
    public static class KerberosConfiguration extends Configuration {
        private String principal;
        private String keyTab;

        public KerberosConfiguration(String str, String str2) {
            this.principal = str;
            this.keyTab = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("keyTab", this.keyTab);
            hashMap.put("principal", this.principal);
            hashMap.put("useKeyTab", "true");
            hashMap.put("storeKey", "false");
            hashMap.put("doNotPrompt", "true");
            hashMap.put("useTicketCache", "false");
            hashMap.put("renewTGT", "false");
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("isInitiator", "true");
            hashMap.put("debug", "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    private static <T> T doAs(final Callable<T> callable) throws Exception {
        LoginContext loginContext = null;
        try {
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(new KerberosPrincipal(clientPrincipal));
                loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, new KerberosConfiguration(clientPrincipal, keytabFile));
                loginContext.login();
                T t = (T) Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<T>() { // from class: com.huawei.bigdata.flinkserver.auth.token.KerberosUtils.1
                    @Override // java.security.PrivilegedExceptionAction
                    public T run() throws Exception {
                        return (T) callable.call();
                    }
                });
                if (loginContext != null) {
                    try {
                        loginContext.logout();
                    } catch (Exception e) {
                        LOG.warn("Failed to logout.", e);
                    }
                }
                return t;
            } catch (PrivilegedActionException e2) {
                throw e2.getException();
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (Exception e3) {
                    LOG.warn("Failed to logout.", e3);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static <T> T doAsClient(String str, String str2, Callable<T> callable) throws Exception {
        clientPrincipal = str;
        keytabFile = str2;
        return (T) doAs(callable);
    }
}
