package com.huawei.bigdata.om.common.auth;

import com.huawei.bigdata.om.common.utils.StringHelper;
import java.security.Principal;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/bigdata/om/common/auth/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger log = LoggerFactory.getLogger(SecurityUtils.class);
    private static final Map<SecurityKey, Subject> SUBJECT_MAP = new ConcurrentHashMap();

    private SecurityUtils() {
    }

    public static Subject login(String str, String str2, String str3, String str4) {
        return login(new SecurityKey(str, str2, str3, str4));
    }

    public static Subject login(String str, String str2, String str3) {
        return login(new SecurityKey("oms", str, str2, str3));
    }

    public static Subject login(SecurityKey securityKey) {
        Subject createSubject = createSubject(securityKey);
        if (validateSubject(createSubject, securityKey)) {
            return createSubject;
        }
        SUBJECT_MAP.remove(securityKey);
        return createSubject(securityKey);
    }

    private static boolean validateSubject(Subject subject, SecurityKey securityKey) {
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (Objects.equals(securityKey.getName(), it.next().getName())) {
                return true;
            }
        }
        return false;
    }

    private static Subject createSubject(SecurityKey securityKey) {
        Subject subject = new Subject();
        System.setProperty("java.security.krb5.conf", securityKey.getKrbConf());
        try {
            new LoginContext(securityKey.getName(), subject, (CallbackHandler) null, new Krb5Configuration(securityKey.getKeyTabPath(), securityKey.getPrincipal())).login();
            SUBJECT_MAP.put(securityKey, subject);
            return subject;
        } catch (LoginException e) {
            log.error("SecurityUtils:createSubject: Authentication failed. name:{}, principal:{}", new Object[]{StringHelper.replaceBlank(securityKey.getName()), StringHelper.replaceBlank(securityKey.getKeyTabPath()), e});
            throw new IllegalStateException(String.format(Locale.ENGLISH, "Authentication failed, name: %s", securityKey.getName()));
        }
    }

    static {
        Executors.newSingleThreadScheduledExecutor().scheduleAtFixedRate(() -> {
            for (Map.Entry<SecurityKey, Subject> entry : SUBJECT_MAP.entrySet()) {
                System.setProperty("java.security.krb5.conf", entry.getKey().getKrbConf());
                try {
                    new LoginContext(entry.getKey().getName(), entry.getValue(), (CallbackHandler) null, new Krb5Configuration(entry.getKey().getKeyTabPath(), entry.getKey().getPrincipal())).login();
                } catch (LoginException e) {
                    log.error("SecurityUtils:reLogin: Authentication failed. name:{}, principal:{}", new Object[]{entry.getKey().getName(), entry.getKey().getKeyTabPath(), e});
                }
            }
        }, 6L, 6L, TimeUnit.HOURS);
    }
}
